SquidGuard Destinations Clarification.
-
I have squid and squidGuard working great. Really liking that. Just wanted to clarify some things.
I want to add some custom websites, such as facebook, that I don't want used on the work network. Do do this I use Destinations under squidGuard correct?
I have tried this and can't seem to get it to work. I just want to clarify the meanings of boxes.
Name: Self explanatory, just a unique name to identify the new destination.
Domains List: I think this is where I would put in facebook.com. That is the site I want to block
Expressions: keywords in URL's. Gambeling would match www.google.com/search?gambeling.
URL's list: I have no idea what this box is for. I thought I defined what I wanted blocked up above in Domains list. What goes in here?
The others are self explanatory.So, I have made my block_facebook rule. I go into ACL and set it to [block_facebook] = deny. This should block it. And I can add time perameters if I desire.
So, facebook still works. Can someone clarify what goes in these boxes?
Thanks for your help.
-
All fields (Domains, Expressions, URLs) in the Destination filter you browser queries by 'OR' operation.
If client 's browser query URL contain:- domain from 'Domains' field
OR - template words from 'Expressions' field
OR - part of url from 'URLs' field,
then this client's URL coincides with this Destination and will filtered by you settings in ACL (blocked/redirected/allowed)
Note about expressions - this is 'Regular expression' . For powerfull use need read "regular expression' manual's. In simple you can use words-part from url.
The expression spylog|title|top will filter 'spylog.com' 'spylog.su' 'top.pbp.com'
Symbol '|' mean 'or' (spylog or title or top)
If look '(ban{1,2}ers{0,1}) - this coincides baner or banner or baners or banners - {} mean 'how mach min/max need contain previous symbol': SMB{min,max} => o{0,3} => '', 'o', 'oo', 'ooo'.Examples:
![Без имени.jpg](/public/imported_attachments/1/Без имени.jpg)
![Без имени.jpg_thumb](/public/imported_attachments/1/Без имени.jpg_thumb) - domain from 'Domains' field
-
All fields (Domains, Expressions, URLs) in the Destination filter you browser queries by 'OR' operation.
dvserg, this helped a bunch. I thought I would have to have each box filled out. With this clarification I got this working with some ACL tweaks.
-
All fields (Domains, Expressions, URLs) in the Destination filter you browser queries by 'OR' operation.
dvserg, this helped a bunch. I thought I would have to have each box filled out. With this clarification I got this working with some ACL tweaks.
You can fill only one from Domains/Expressions/URLs. That's possible.
-
So follow up question. I have set two custom destinations. The first I want blocked all the time and I have added to my default rule selection in squidGuard. The second I want based upon a certain time.
So I have created my time, and I have created my Destination. I then go into the ACL and add a new rule that will deny all in my destination. I then apply the time and hit apply etc. So something odd happens. Now nothing is blocked. At all. Nothing in my defaults or the other. So, is there a known bug that won't allow me to have multiple ACL rules or is there something that I am missing?
-
So follow up question. I have set two custom destinations. The first I want blocked all the time and I have added to my default rule selection in squidGuard. The second I want based upon a certain time.
So I have created my time, and I have created my Destination. I then go into the ACL and add a new rule that will deny all in my destination. I then apply the time and hit apply etc. So something odd happens. Now nothing is blocked. At all. Nothing in my defaults or the other. So, is there a known bug that won't allow me to have multiple ACL rules or is there something that I am missing?
Not right.
Each ACL (and Default too) have self ruleset.
SG check clients with Acl's source and take first suitable ACL from list (OR 'Default acl', if nothing in acl list for this client).
Only founded ACL apply his ruleset to client. You can't use some ACL's for one client - only one first-suitable Acl or Default acl (if nothing found in ACL list).
(Sorry my english). -
So, to interperate this, To have my ACL work I would have to put in everything I want in the default on the "non-timed" side, and everything that I want in the timed side there. I can't just have default AND an ACL? If I do it will ignore the default and just do the ACL which in this case only has one rule?
-
So, to interperate this, To have my ACL work I would have to put in everything I want in the default on the "non-timed" side, and everything that I want in the timed side there. I can't just have default AND an ACL? If I do it will ignore the default and just do the ACL which in this case only has one rule?
Pls look this http://diskatel.narod.ru/sgquick.htm.
-
DVSERG, thanks for your help. I am having a hard time wrapping my head around the ACL listings. Let me ask you about the source IP's listing.
I have my default set up. I then have in my source IP listing this: 10.0.0.0/24 10.0.2.0/24 10.0.3.0/24
When I apply this rule my defaults are ignored and only the ACL rule is enabled. I glean that this is because this is the only entry with these source IP's and so it becomes the first rule?Also when I go in to edit my rule it has taken out two of the subnets, leaving only 10.0.0.0/24 as the affected ip range.
So two questions. For the source IP how can I have one rule apply to many subnets? (i.e. 10.0.0.0/24 AND 10.0.3.0/24)
Is there anyway to have the ACL list apply to any source?Thanks,
Will– -
I have my default set up. I then have in my source IP listing this: 10.0.0.0/24 10.0.2.0/24 10.0.3.0/24
When I apply this rule my defaults are ignored and only the ACL rule is enabled. I glean that this is because this is the only entry with these source IP's and so it becomes the first rule?If client found self ACL (by 'Src'), this client managed only with this ACL. Else, if client not found self ACL, then this client manages only with 'Default'.
If you define ACL for 10.0.0.0/24, then this subnet will 'listen' the rules !only! from this ACL.Also when I go in to edit my rule it has taken out two of the subnets, leaving only 10.0.0.0/24 as the affected ip range.
Sorry, cant meant this. (my english 'not ideal')
For the source IP how can I have one rule apply to many subnets? (i.e. 10.0.0.0/24 AND 10.0.3.0/24)
= one Dest rule for for several ACL's =
- Create self Dest rule (page Destinations) - for example with name 'bad_dest'
- Create ACL 'my_10_0_subnet' for 10.0.0.0/24 and set white|allow|deny for 'bed_dest' rule
- Create ACL 'my_10_3_subnet' for 10.0.3.0/24 and set white|allow|deny for 'bed_dest' rule
Is there anyway to have the ACL list apply to any source
No way. Each ACL - unique world for his 'src' settings.
But 'Default' - common for any, who not found self in ACL's