Squid & Squidguard

krkec

Hi

I want to prevent users of my network to go to specific web sites. I instaled Squid & Squidguard and configured them to block for example www.iskon.hr but it want block. 
In squidgard  log i see this: 09.06.2012 07:26:54 10.10.6.1/- http://www.iskon.hr/extension/ez_iskon/design/iskon4/images/btn/odgovori.png Request(default/zabrana/-) - GET REDIRECT

This is my proxy filter configuration:

============================================================

SquidGuard configuration file

This file generated automaticly with SquidGuard configurator

(C)2006 Serg Dvoriancev

email: dv_serg@mail.ru

============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

dest zabrana {
domainlist zabrana/domains
expressionlist zabrana/expressions
redirect www.bug.hr&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}

rew safesearch {
s@(google../search?.q=.)@
&safe=active@i
s@(google../images.q=.)@
&safe=active@i
s@(google../groups.q=.)@
&safe=active@i
s@(google../news.q=.)@
&safe=active@i
s@(yandex../yandsearch?.text=.)@
&fyandex=1@i
s@(search.yahoo../search.p=.)@
&vm=r&v=1@i
s@(search.live../.q=.)@
&adlt=strict@i
s@(search.msn../.q=.)@
&adlt=strict@i
s@(.bing..*/.q=.)@
&adlt=strict@i
log block.log
}

acl  {

default  {
pass !in-addr !zabrana all
redirect www.inp.hr
rewrite safesearch
log block.log
}
}

this is my proxy server config

Do not edit manually !

http_port 10.10.10.10:3128
http_port 127.0.0.1:3128 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 0
shutdown_lifetime 3 seconds
uri_whitespace strip

cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 100 16 256
minimum_object_size 0 KB
maximum_object_size 10 KB
offline_mode off

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
acl sslports port 443 563 
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

Custom options

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

Setup allowed acls

Default block all to be sure

http_access deny all

Please help!!!!!

pierref

Hello krkec

Did you solve your problem?

Pierre

Nachtfalke

Could you post screenshots of your
Common ACL (targets open)
Group ACL (targets open)
The target you created

squid can only block http websites when in transparent mode.
for https you need squid in non-transparent mode.