Re: [squid-users] Re: SquidGuard not filtering

The quick and easy solution is to use ufdbGuard.
ufdbGuard works like squidGuard but does not have issues like bad performance
nor has it lack of support and maintenance.
So if you want a free alternative for squidGuard, look at ufdbGuard.
ufdbGuard can be downloaded from www.sourceforge.net or www.urlfilterdb.com

Marcus

On 12/04/2013 06:25 AM, Eliezer Croitoru wrote:
> OK Vignesh,(am I right about the name?)
>
> Couple things:
> * squid 3.1.10 is pretty old compared to squid main development branch.
> * We are not squidGuard but we can help try to help you.
>
> If you can try to use the newer RPMs like for version 3.3.
> You can find the latest RPM for CentOS at my repo and all the details are at the bottom of this post in the mailing list:
> http://www.squid-cache.org/mail-archive/squid-users/201311/0160.html
>
> I do intend to release the 3.3.11 RPM in the next couple days and you can wait a bit for that if you want.
>
> There is a Debug Section inside squid that can be used to find the source of the problem.
> I am not sure what the issue with your squidGuard setup but since it's version 1.4 I think it's a self compiled one..
> In this case I would try to make sure that the permissions for all squidGuard files are OK to allow all the needed users the right permissions.
> If you would like to "simulate" squidGuard runtime the basic thing to do is to get a command line using "su" command as the squid user.
> Then you can navigate into the right location and then to run the command using the same arguments you used at squid.conf.
> You could then see if there is an issue that you can understand and see that can cause your problems.
> It can be permissions to the DB or another file\directory then the executable one.
>
> I would recommend you to use a 302 response instead of the "http://www.google.com".
> It can be used for example as "302:http://domain.internal/blocked.php?you_got_blocked_by_squid" and this will not lead the client\browser to cache the page in a way it was not suppose to.
> (I do not remember if the 302 syntax is like that)
>
> Note that squid 3.3 has lots of resolved issues since 3.1.10 and also couple advancements.
>
> As you know squidGuard is a very nice product that can perform lots of things which Squid cannot do bare naked.
> But(a big one) squidGuard interface can cause a bottle neck for the whole server traffic if not configured properly and wisely.
> If you do have a small whitelist add them into squid to lower the need for "consulting" squidGuard filters.
> SquidGuard uses the url_rewrite interface which is slower then ICAP which couple products do utilize.
> Try to look at:
> http://www.squid-cache.org/Misc/icap.html
>
> I know that there are couple very advanced commercial products that do offer an ICAP interface.
> ICAP offers a far more advanced interface which by default enables concurrency and also can take much more load then the other helpers.
>
> Eliezer
>
> On 04/12/13 09:02, vikkymoorthy wrote:
>> Hey,
>>
>> Thanks for your revert. You are right, the issue is related to SquidGuard.
>>
>> Is there are way, we can use squid like content filtering? Please let me
>> know.
>>
>> #squid -v
>> Squid Cache: Version 3.1.10
>> configure options: '--build=x86_64-redhat-linux-gnu'
>> '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'
>> '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>> '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
>> '--includedir=/usr/include' '--libdir=/usr/lib64'
>> '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
>> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>> '--enable-internal-dns' '--disable-strict-error-checking'
>> '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
>> '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
>> '--with-logdir=$(localstatedir)/log/squid'
>> '--with-pidfile=$(localstatedir)/run/squid.pid'
>> '--disable-dependency-tracking' '--enable-arp-acl'
>> '--enable-follow-x-forwarded-for'
>> '--enable-auth=basic,digest,ntlm,negotiate'
>> '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
>> '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
>> '--enable-digest-auth-helpers=password,ldap,eDirectory'
>> '--enable-negotiate-auth-helpers=squid_kerb_auth'
>> '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
>> '--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
>> '--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
>> '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log'
>> '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl'
>> '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' '--enable-wccpv2'
>> '--enable-esi' '--with-aio' '--with-default-user=squid'
>> '--with-filedescriptors=16384' '--with-dl' '--with-openssl'
>> '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu'
>> 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu'
>> 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
>> -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie'
>> 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
>> -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
>> -fpie' --with-squid=/builddir/build/BUILD/squid-3.1.10
>>
>>
>>
>> Here is my squid.conf file
> <SNIP>
>>
>> url_rewrite_program /usr/local/bin/squidGuard -c
>> /usr/local/squidGuard/squidGuard.conf
>> url_rewrite_children 5
>> url_rewrite_access allow all
>>
>>
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>
>
Received on Wed Dec 04 2013 - 16:40:55 MST