Greetings squid-users!
I'm Trying to get a basic squid / squidguard config running on debian
linux (sarge). Squid version is 2.5.STABLE9, squidguard is 1.2.0
with Berkeley DB 4.1.25. I've spent a few days trying to find a
basic how-to for squid with squidGuard but no luck.
I've tried several adjustments to the /etc/squid.conf and
/etc/squidGuard.conf files, but all I get is either everything denied
or everything allowed. All I want to do is have squid block sites
listed in squidGuard. This is running on a dual-interface firewall
using IPTables to route all outbound port 80 connections to squid on 3128.
My /etc/squid/squid.conf file (blank lines and comments omitted):
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl local src 192.168.1.0/24
http_access allow local
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
http_port 192.168.1.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_effective_user squid
cache_effective_group squid
My /etc/squid/squidGuard.conf:
dbhome /var/lib/squidguard/db
logdir /var/log/squid
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
dest good {
}
dest local {
}
dest ads {
log ads
domainlist ads/domains
urllist ads/urls
}
dest aggressive {
log aggressive
domainlist aggressive/domains
urllist aggressive/urls
}
dest audio-video {
log audio-video
domainlist audio-video/domains
urllist audio-video/urls
}
dest drugs {
log drugs
domainlist drugs/domains
urllist drugs/urls
}
dest gambling {
log gambling
domainlist gambling/domains
urllist gambling/urls
}
dest hacking {
log hacking
domainlist hacking/domains
urllist hacking/urls
}
dest mail {
log mail
domainlist mail/domains
}
dest porn {
log porn
domainlist porn/domains
urllist porn/urls
}
dest proxy {
log proxy
domainlist proxy/domains
urllist proxy/urls
}
dest violence {
log violence
domainlist violence/domains
urllist violence/urls
}
dest warez {
log warez
domainlist warez/domains
urllist warez/urls
}
acl {
default {
pass !ads !aggressive !audio-video !drugs
!gambling !hacking !mail !porn !proxy !violence !warez local
}
}
I feel like I'm close to a solution. All insight or references to
other sources appreciated.
Cheers,
--Scott!
