Squidguard, nao to conseguinda fazer ele rodar
Pessoal,, instalei o squid guard aqui na rede, baixei as listas mas nao tem como ele funcionar, parece que o squid nao repassa para ele os pacotes para ele analizar.Uma duvida, eu tenho que ter servidor dns para ele funcionar?
Abaixo segue meu squiduard.conf e depois meu squid.conf
Squidguard.conf
dir /var/log/squidGuard
dbhome /var/lib/squidGuard/db/blacklist/blacklists
#src grownups {
#ip 10.0.0.0/24 # range 10.0.0.0 - 10.0.0.255
# AND
#user foo bar # ident foo or bar
#}
src kids {
ip 192.168.2.0/24 # range 10.0.0.0 - 10.0.3.255
#ip 192.168.1.0/24
}
dest blacklist {
domainlist /webmail/domains
urllist /webmail/urls
}
acl {
#grownups {
#pass all
#}
kids {
pass !blacklist all
}
default {
pass none
redirect http://info.foo.bar/cgi/blocked?clie...roup=%t&url=%u
}
}
Squid.conf
http_port 3128
acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY
################################################################################################
#Definindo memória,cash e afins...
################################################################################################
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size_in_memory 100 KB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 10000 16 256
cache_access_log /var/log/squid/access.log
client_netmask 255.255.255.255
refresh_pattern ^ftp: 60 20% 60
refresh_pattern ^gopher: 60 0% 60
refresh_pattern . 60 20% 60
################################################################################################
#Criando as acls
################################################################################################
redirect_program /usr/sbin/squidGuard -C /etc/squidguard.conf
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
Depois segue como os demais, tem as linhas que o fazem ficar transparente...
agradeço toda ajuda possivel..
Re: Squidguard, nao to conseguinda fazer ele rodar
O problema é que a sintaxe de suas regras estao bem esquisitas, vou passar um exemplo bem simples para voce entender melhor, essas regras rodam perfeitamente, no meu caso estou usando o slackware:
squidGuard.conf
logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db
src telefonista {
ip 192.168.3.1
}
src atendimento {
ip 192.168.3.2 192.168.3.3 192.168.3.4
}
dest ads {
domainlist blacklists/ads/domains
urllist blacklists/ads/urls
}
dest aggressive {
domainlist blacklists/aggressive/domains
urllist blacklists/aggressive/urls
}
dest audio-video {
domainlist blacklists/audio-video/domains
urllist blacklists/audio-video/urls
}
dest drugs {
domainlist blacklists/drugs/domains
urllist blacklists/drugs/urls
}
dest gambling {
domainlist blacklists/gambling/domains
urllist blacklists/gambling/urls
}
dest hacking {
domainlist blacklists/hacking/domains
urllist blacklists/hacking/urls
}
dest mail {
domainlist blacklists/mail/domains
}
dest porn {
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
expressionlist blacklists/porn/expressions
}
dest proxy {
domainlist blacklists/proxy/domains
urllist blacklists/proxy/urls
}
dest violence {
domainlist blacklists/violence/domains
urllist blacklists/violence/urls
}
dest warez {
domainlist blacklists/warez/domains
urllist blacklists/warez/urls
}
acl {
telefonista {
pass none
}
atendimento {
pass all
}
default {
pass !ads !aggressive !audio-video !drugs !gambling !hacking !porn !proxy !violence !warez all
redirect http://192.168.3.200/block/index.html
}
}
-----------------------------------------------------------------------------------------------------------------------------------
squid.conf
# TAG: redirect_program
# Specify the location of the executable for the URL redirector.
# Since they can perform almost any function there isn't one included.
# See the FAQ (section 15) for information on how to write one.
# By default, a redirector is not used.
#
#Default:
# none
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl telefonista src 192.168.3.1/255.255.255.255
acl atendimento src 192.168.3.2 192.168.3.3 192.168.3.4/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
http_access allow telefonista
http_access allow atendimento
-----//------
Apos ter configurado as regras no squid e squidGuard baixe a blacklist do site oficial squid-cache.org e descompacte no diretorio correspondente na regra do squidGuard.conf.
Dessa forma o squid Funciona sem problemas......eu tenho um proxy funcionando a 5 anos e nunca deu problema, eh uma maravilha.
Espero ter ajudado !
Abraços !