Squid & Squidguard



  • Hi

    I want to prevent users of my network to go to specific web sites. I instaled Squid & Squidguard and configured them to block for example www.iskon.hr but it want block. 
    In squidgard  log i see this: 09.06.2012 07:26:54 10.10.6.1/- http://www.iskon.hr/extension/ez_iskon/design/iskon4/images/btn/odgovori.png Request(default/zabrana/-) - GET REDIRECT

    This is my proxy filter configuration:

    ============================================================

    SquidGuard configuration file

    This file generated automaticly with SquidGuard configurator

    (C)2006 Serg Dvoriancev

    email: dv_serg@mail.ru

    ============================================================

    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard

    dest zabrana {
    domainlist zabrana/domains
    expressionlist zabrana/expressions
    redirect www.bug.hr&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }

    rew safesearch {
    s@(google../search?.q=.)@&safe=active@i
    s@(google..
    /images.q=.)@&safe=active@i
    s@(google../groups.q=.)@&safe=active@i
    s@(google..
    /news.q=.)@&safe=active@i
    s@(yandex../yandsearch?.text=.)@&fyandex=1@i
    s@(search.yahoo..
    /search.p=.)@&vm=r&v=1@i
    s@(search.live../.q=.)@&adlt=strict@i
    s@(search.msn..
    /.q=.)@&adlt=strict@i
    s@(.bing..*/.q=.)@&adlt=strict@i
    log block.log
    }

    acl  {

    default  {
    pass !in-addr !zabrana all
    redirect www.inp.hr
    rewrite safesearch
    log block.log
    }
    }

    this is my proxy server config

    Do not edit manually !

    http_port 10.10.10.10:3128
    http_port 127.0.0.1:3128 transparent
    icp_port 0

    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/local/etc/squid/errors/English
    icon_directory /usr/local/etc/squid/icons
    visible_hostname localhost
    cache_mgr admin@localhost
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    logfile_rotate 0
    shutdown_lifetime 3 seconds
    uri_whitespace strip

    cache_mem 8 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 100 16 256
    minimum_object_size 0 KB
    maximum_object_size 10 KB
    offline_mode off

    No redirector configured

    Setup some default acls

    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
    acl sslports port 443 563 
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin ?
    cache deny dynamic
    http_access allow manager localhost

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    request_body_max_size 0 KB
    reply_body_max_size 0 deny all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow all

    Custom options

    redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
    redirector_bypass on
    redirect_children 3

    Setup allowed acls

    Default block all to be sure

    http_access deny all

    Please help!!!!!



  • Hello krkec

    Did you solve your problem?

    Pierre



  • Could you post screenshots of your
    Common ACL (targets open)
    Group ACL (targets open)
    The target you created

    squid can only block http websites when in transparent mode.
    for https you need squid in non-transparent mode.


Locked