Re: [squid-users] Blocking Searches with squidguard

From: Brian Gregory <[email protected]>
Date: Thu, 27 Jul 2006 12:55:42 +0100

Rikunj wrote:
> Yes, it is.
> *
> url_regex*: URL regular expression pattern matching
> http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.4
>
> Rikunj
>

I don't think I'm going to get this just by looking at the
documentation. I only understand technical things when I begin to see
what was going on in the mind of the person who designed it. Here all
the documentation seems to assume you already understand most of the
concepts.

I'm using squid 2.5.STABLE10 and squidguard 1.2.0 on SuSE 10.0.

At present out squidguard.conf looks like this:

--------------BEGIN squidguard.conf---------------------
logdir /var/log/squidGuard
dbhome /var/lib/squidGuard/db/blacklists

dest prospect-goodstuff {
        domainlist prospect-goodstuff/domains
        urllist prospect-goodstuff/urls
        expressionlist prospect-goodstuff/expressions
}

dest prospect-badstuff {
        domainlist prospect-badstuff/domains
        urllist prospect-badstuff/urls
        expressionlist prospect-badstuff/expressions
}

dest adult {
        domainlist adult/domains
        urllist adult/urls
        expressionlist adult/expressions
        expressionlist adult/very_restrictive_expression
}
dest agressif {
        domainlist agressif/domains
        urllist agressif/urls
        expressionlist agressif/expressions
}
dest audio-video {
        domainlist audio-video/domains
        urllist audio-video/urls
        expressionlist audio-video/expressions
}
dest dangerous_material {
        domainlist dangerous_material/domains
        urllist dangerous_material/urls
        expressionlist dangerous_material/expressions
}
...
dest warez {
        domainlist warez/domains
        urllist warez/urls
        expressionlist warez/expressions
}
acl {
        default {
                pass prospect-goodstuff !prospect-badstuff !adult !agressif
!audio-video !dangerous_material ... !warez all
                redirect
http://localhost/cgi-bin/squidGuard?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u
        }
}

---------------END squidguard.conf----------------------

All the lists except the first two (names beginning prospect) are
re-downloaded regularly by a cron job running as root which then does
the following:

--------------------BEGIN----------------

cd ~

chown -R squid:nogroup /var/lib/squidGuard/db

echo Compiling...

/usr/sbin/squidGuard -C all

chown -R squid:nogroup /var/lib/squidGuard/db

echo Reconfiguring...

/usr/sbin/squid -k reconfigure

chown -R squid:nogroup /var/lib/squidGuard/db

echo Done.

---------------------END-----------------

I have two problems at the moment.

1. Expressions I've added in .../prospect-badstuff/expressions appear to
  be totally ignored.

------------- BEGIN .../prospect-badstuff/expressions --------
(^|[-\.\?+=/_&])(rude1|rude2|rude3|rude4|rude5|...)([-\.\?+=/_&]|$)
(^|[-\.\?+=/_&])(hot|hardcore|big|cyber|hard|huge|mega|small|soft|super|tiny)?(bad1|bad2|bad3|bad4|bad5|...|xxx+)s?([-\.\?+=/_&]|$)
-------------- END .../prospect-badstuff/expressions ---------

For example URLs with rude1 in them are not blocked.

2. I'm unsure what is supposed to go in the domains files such as
.../prospect-goodstuff/domains. By trial and error I've found adding
both domain.com and www.domain.com works well enough but I really want
to match domain.com and anything.domain.com. I found some documentation
that suggested I put .domain.com in the domains file but that doesn't
appear to match anything at all.

3. Blocked squid attempts to redirect https: URLs to "http:443". Can I
make an error message show instead?

Please help.
TIA

-- 
Brian Gregory.
brian.gregory05@btconnect.com
Computer Room Volunteer.
Therapy Centre.
Prospect Park Hospital.
Received on Thu Jul 27 2006 - 05:55:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:02 MDT