My squid/guard config not working the way that I want, help?
-
Hi all-
I am quite new to the proxy thing, trying to get some protection on our home network, to at least keep my kids from accidentally going to the wrong places, and at the wrong times.
I want to accomplish two things-
-
Keep them from going to sites that I blacklist, at ANY time
-
Keep them off EVERYTHING at certain times of the day
I can get one or the other working, but not both.
I don't want just one filter (like, putting the deny's in the hours filter), so I can have different error messages.
Any tips as to what I am doing wrong?
I installed squidguard on top of squid, and downloaded a blacklist. I created a time filter, and set up an acl. The respective part of the config is here (with some redundant stuff removed):
Normal School Days
time daytimeHours {
weekly all 07:00-20:00
}This filter is evaluated first, and blocks the nasty stuff.
src normalFilter {
ip 192.168.1.0/24
log block.log
}src daytimeHours {
ip 192.168.1.0/24
log block.log
}jamies blocked stuff
dest created_by_jamie {
domainlist created_by_jamie/domains
expressionlist created_by_jamie/expressions
}rew safesearch {
s@(google../search?.q=.)@\1&safe=active@i
s@(google../images.q=.)@\1&safe=active@i
s@(google../groups.q=.)@\1&safe=active@i
s@(google../news.q=.)@\1&safe=active@i
log block.log
}acl {
This filter is evaluated first, and blocks the nasty stuff.
normalFilter {
pass !created_by_jamie all
redirect http://192.168.1.1:80/sgerror.php?url=403%20%3Ch1%3ESorry%2C%20your%20father%20has%20blocked%20this%20site.%20%20%3C%2Fh1%3E%3Cbr%3E%3Cbr%3EIf%20you%20think%20that%20this%20is%20an%20error%2C%20ask%20him%20NICELY%20to%20help.%3Cbr%3E%3Cbr%3EPS-%20don%27t%20bug%20your%20sister.%3Cbr%3E&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
rewrite safesearch
log block.log
}daytimeHours within daytimeHours {
pass all
redirect http://192.168.1.1:80/sgerror.php?url=403%20%3Ch1%3EShouldn%27t%20you%20be%20in%20bed%3F%3C%2Fh1%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ch3%3EDon%27t%20forget%20to%20brush%20your%20teeth%3C%2Fh3%3E%3Cbr%3E&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
rewrite safesearch
log block.log
} else {
pass none
redirect http://192.168.1.1:80/sgerror.php?url=403%20%3Ch1%3EShouldn%27t%20you%20be%20in%20bed%3F%3C%2Fh1%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ch3%3EDon%27t%20forget%20to%20brush%20your%20teeth%3C%2Fh3%3E%3Cbr%3E&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
rewrite safesearch
log block.log
}default {
pass all
redirect http://192.168.1.1:80/sgerror.php?url=403%20Blocked%20by%20default&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
rewrite safesearch
log block.log
}
} -
-
Not define one name for Time, Src and Dest. Set different names.
-
I tried changing the names to be unique, but still not working. If I have the time one first, the time part of it works fine, but then it doesn't move on to the next filter (that blocks everything).
If I have the 'normal filter' first, it never gets to the time.Normal School Days
time daytimeHoursTime {
weekly all 07:00-18:30
}src daytimeHoursACL {
ip 192.168.1.0/24
log block.log
}This filter is evaluated first, and blocks the nasty stuff.
src normalFilter {
ip 192.168.1.0/24
log block.log
}jamies blocked stuff
dest created_by_jamie {
domainlist created_by_jamie/domains
expressionlist created_by_jamie/expressions
}rew safesearch {
s@(google..*/search?.q=.)@\1&safe=active@i
log block.log
}acl {
daytimeHoursACL within daytimeHoursTime {
pass all
redirect http://192.168.1.1:80/sgerror.php?url=403…
rewrite safesearch
log block.log
} else {
pass none
redirect http://192.168.1.1:80/sgerror.php?url=403...
rewrite safesearch
log block.log
}This filter is evaluated first, and blocks the nasty stuff.
normalFilter {
pass !created_by_jamie all
redirect http://192.168.1.1:80/sgerror.php?url=403...
rewrite safesearch
log block.log
}default {
pass all
redirect http://192.168.1.1:80/sgerror.php?url=403%20Blocked%20by%20default&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
rewrite safesearch
log block.log
}
} -
Any chance you could post the full squidGuard.conf here. I see possible problems with the way you have this written. If, for whatever reason you don't want to post it then drop me a mail. ;D
-