[squid-users] squid squidguard basic config

From: Scott Phillips <[email protected]>
Date: Fri, 8 Sep 2006 14:28:24 -0400

Greetings squid-users!

I'm Trying to get a basic squid / squidguard config running on debian
linux (sarge). Squid version is 2.5.STABLE9, squidguard is 1.2.0
with Berkeley DB 4.1.25. I've spent a few days trying to find a
basic how-to for squid with squidGuard but no luck.

I've tried several adjustments to the /etc/squid.conf and
/etc/squidGuard.conf files, but all I get is either everything denied
or everything allowed. All I want to do is have squid block sites
listed in squidGuard. This is running on a dual-interface firewall
using IPTables to route all outbound port 80 connections to squid on 3128.

My /etc/squid/squid.conf file (blank lines and comments omitted):
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl local src 192.168.1.0/24
http_access allow local
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
http_port 192.168.1.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_effective_user squid
cache_effective_group squid

My /etc/squid/squidGuard.conf:
dbhome /var/lib/squidguard/db
logdir /var/log/squid
time workhours {
         weekly mtwhf 08:00 - 16:30
         date *-*-01 08:00 - 16:30
}
dest good {
}
dest local {
}
dest ads {
         log ads
         domainlist ads/domains
         urllist ads/urls
}
dest aggressive {
         log aggressive
         domainlist aggressive/domains
         urllist aggressive/urls
}
dest audio-video {
         log audio-video
         domainlist audio-video/domains
         urllist audio-video/urls
}
dest drugs {
         log drugs
         domainlist drugs/domains
         urllist drugs/urls
}
dest gambling {
         log gambling
         domainlist gambling/domains
         urllist gambling/urls
}
dest hacking {
         log hacking
         domainlist hacking/domains
         urllist hacking/urls
}
dest mail {
         log mail
         domainlist mail/domains
}
dest porn {
         log porn
         domainlist porn/domains
         urllist porn/urls
}
dest proxy {
         log proxy
         domainlist proxy/domains
         urllist proxy/urls
}
dest violence {
         log violence
         domainlist violence/domains
         urllist violence/urls
}
dest warez {
         log warez
         domainlist warez/domains
         urllist warez/urls
}
acl {
         default {
                 pass !ads !aggressive !audio-video !drugs
!gambling !hacking !mail !porn !proxy !violence !warez local
         }
}

I feel like I'm close to a solution. All insight or references to
other sources appreciated.

Cheers,
--Scott!
Received on Fri Sep 08 2006 - 12:25:49 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT