On 15/03/18 02:13, Nicolas Kovacs wrote: > Le 14/03/2018 à 14:06, Amos Jeffries a écrit : >> Then the first thing you and your readers need to be clear on is that >> SquidGuard was end-of-life'd many years ago. It is long overdue for >> removal or replacement. This has impact such as the one you saw on HTTPS >> traffic support which was only added to Squid-3 after SG stopped being >> maintained. >> >> The best thing to be doing these days is upgrading simple configs like >> the one you presented earlier to using modern Squid features directly in >> squid.conf - as I recommended earlier. >> >> For very complex configurations (or emergency upgrades) the ufdbguard >> tool can be used as a drop-in replacement for squidGuard while the >> config migration is evaluated. It handles the HTTPS situation better >> than SG does, but for simple configs any helper is still very much >> overkill and a performance drag. > > This is the configuration which is currently in use at our local school. > The server is running Squid + SquidGuard on Slackware 14.1. We're > planning to move to CentOS 7 in June 2018, so I'd like to use this > working configuration without having to jump through burning loops or > having to reinvent the wheel. This one is much more complex than your earlier configs. It seems reasonable to use ufdbguard as a drop-in replacement for squidguard here. A few things like the direction and couvrefeu ACLs can be moved easily for better efficiency in squid.conf like so: acl direction src 192.168.10.2-192.168.10.49 acl direction src 192.168.10.246-192.168.10.249 # these are okay. Don't bother asking the helper url_rewrite_access deny direction acl couvrefeu time mtwhf 00:00-07:00 acl couvrefeu time smtwh 22:30-24:00 acl scholae src 192.168.10.50-192.168.10.210 deny_info 302:http://squidguard.serveur-hp.ecole-scholae.lan/avertissement.html couvrefeu http_access deny scholae couvrefeu Note the helper will never even be asked when these are redirected by http_access, so you do not need url_rewrite_access rule for it - scholae things will only ever be passed to the helper during non-couvrefeu times. Also if you want to present a fixed web page instead of redirecting. You can configure/load a custom HTML error page in deny_info instead of using the 302:url pattern. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
