Hi,
On Mon, 15 Feb 2010, Amos Jeffries wrote:
On Sun, 14 Feb 2010 18:21:25 -0600 (CST), Al - Image Hosting Services
<azick@xxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
I know that this is a little bit off topic for this list, but I asked on
the squidguard list and they said that I need to run 2 instances of
squid.
I know that squid can listen on 2 ports very easily, and I have setup
squid to listen on 2 different ports. Port 8080 uses squidguard to
filter,
but port 8081 doesn't. What I would really like to be able to do is to
have less restrictive filtering on port 8081. For example, I would like
to
block youtube on port 8080, but not on port 8081. Still I would like to
be
able to block porn on port 8081. Could someone give me some assistance
on
how to do this or point me to a how to?
Best Regards,
Al
Use of the "myport" ACL type and url_rewrite_access to prevent things
being sent to the squidguard re-writer.
http://www.squid-cache.org/Doc/config/url_rewrite_access/
I should have explained that differently, so I will give it another try.
This is what I have in my squid.conf now:
acl custom-auth proxy_auth REQUIRED
acl mysite dstdomain .zickswebventures.com
acl portA myport 8080
acl portB myport 8081
url_rewrite_access allow portA
url_rewrite_program /bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 3
http_access allow mysite
http_access allow custom-auth all
http_access deny all
It works perfectly, requests sent to portA are filtered and requests that
are sent to portB are not, but I need to add sort of an intermediate level
of filtering.
Solution 1: It looks like squidguard can filter based on IP. If I created
a portC in squid.conf, should I be able to add this to my squidguard.conf:
src portC {
ip 0.0.0.0:8082
}
src portA {
ip 0.0.0.0:8080
}
My question is, does squid pass the port along with the IP address to
squidguard? If it does, then is my config wrong or does squidguard just
not know what to do with the port information?
Solution 2: Call 2 instances of squidguard with a different config.
Although, I don't know if this is possible without knowing more about how
squid passes information to squidguard.
Solution 3: Create a blocklist within squid of maybe 5 to 30 sites, so my
squid.conf would like:
acl custom-auth proxy_auth REQUIRED
acl mysite dstdomain .zickswebventures.com
acl block dstdomain .facebook.com .twitter.com
acl portA myport 8080
acl portB myport 8081
acl portB myport 8082
url_rewrite_access allow portA portB
url_rewrite_program /bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 3
http_access allow mysite
http_access allow custom-auth all
http_access deny all
Of course, the blank line is where I would need to tell squid to redirect
to the the zickswebvenutres.com/blocked.html if it sees a one of the urls
being blocked, but only on portA. Could this be done?
Best Regards,
Al