Debian – Squid squidGuard on Debian 6

debiansquid

I have an ADSL connection with a modem sagem (NAT) and connect one machine to cable >(fedora17 = 192.168.1.2) into this machine I installed oracle virtualbox and in this I >have two machine connected as network bridged to the modem Sagem (Debian "192.168.1.6" as >server + Ubuntu "192.168.1.7" as the client) I installed squid and squidGuard the couple >on (Debian).

in this server (Debian)Here is my configuration:

##cat /proc/sys/net/ipv4/ip_forward
1
##ls -l /etc/ 
..
..
lrwxrwxrwx ......squid -> squid3/
..
..

##cd /etc/squid/
ls -l 
-rw-r--r-- 1 root root   1547  6 janv.  2012 errorpage.css
-rw-r--r-- 1 root root    421  6 janv.  2012 msntauth.conf
lrwxrwxrwx 1 root root      6  4 févr. 21:49 squid -> squid/
-rw-r--r-- 1 root root 198835  5 févr. 00:02 squid.conf
-rw-r--r-- 1 root root 198764  2 févr. 00:18 squid.conf.old
-rw-r--r-- 1 root root   1350  4 févr. 23:47 squidGuard.conf
-rw-r--r-- 1 root root   1431  3 févr. 20:25 squidGuard.conf.old

/etc/squid3/squid.conf

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.1.0/24    

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localnet
http_access allow localhost

http_access deny all


http_port 3128 transparent

hierarchy_stoplist cgi-bin ?

access_log /var/log/squid3/access.log squid

coredump_dir /var/spool/squid3

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

visible_hostname mysrvhostname

/etc/squid3/squidGuard.conf

time workhours {
weekly mtwhf 08:00 - 16:30
        date *-*-01  08:00 - 16:30
}

dest noface
{
        domainlist noface/domains
        expressionlist noface/expressions
        urllist noface/urls
}
acl {
default {
                pass     !noface all
                redirect http://www.google.tn/

        }
}

/var/lib/squidGuard/db/noface/domains

facebook.com
free.com
speedtest.com

/var/lib/squidGuard/db/noface/urls

http://www.facebook.com/
https://www.facebook.com/

/var/lib/squidGuard/db/noface/domains.diff

+facebook.com
-debian.org

iptables rules

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

I built the databases and started squid3 like this:

# squidGuard -C all
# squidGuard -u
# /etc/init.d/squid3 restart

Now in my client Ubuntu I set the IP address of my server Debian 192.168.1.6 in the mandatory proxy and the port 3128 and when I hit one of the sites I want to block facebook as customer accede without difficulty

Where is the problem?

Best Answer

The problem is that you are not referencing SquidGuard nowhere to be seen. You'll need a redirect_program clause, pointing to your SG binary and configuration.

redirect_program /usr/bin/SquidGuard -c /etc/squid/SquidGuard.conf

Just check the path to SG binary, I'm not sure of it.

Related Topic