Differences between revisions 14 and 15
Revision 14 as of 2007-06-13 11:42:54
Size: 3475
Editor: ?ValentinHaenel
Comment:
Revision 15 as of 2009-03-16 03:36:04
Size: 3481
Editor: anonymous
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 117: Line 117:
Well the easiest way is to visit some nasty site and check to see if it is blocked, also check some good sites to see if they are let through. The squidGuard website also has a nice way of checking if it works at : [http://www.squidguard.org/Doc/verify.html, verifying squidGuard] Well the easiest way is to visit some nasty site and check to see if it is blocked, also check some good sites to see if they are let through. The squidGuard website also has a nice way of checking if it works at : [[http://www.squidguard.org/Doc/verify.html,|verifying squidGuard]]
Line 141: Line 141:
 * [http://www.squidguard.org/ squidGuard]
 * [http://www.squidguard.org/Doc/ squidGuard Docs]
 * [[http://www.squidguard.org/|squidGuard]]
 * [[http://www.squidguard.org/Doc/|squidGuard Docs]]

Rudimentary squidGuard Filtering

We recently had a complaint in our in our school about not-existing internet filters. So I setup squidGuard. It took me about 2 hours from learning that squidGuard exists, to having it working in a very basic way. For more advanced things see the bottom of the page.

"Note: The listings within this wiki have been worked out using a Sarge Tjener."

Installation

become root, then:

apt-get install squidguard

Setup

download a basic blacklist from:

http://squidguard.mesd.k12.or.us/blacklists.tgz

next copy that blacklist to the squid directory with:

cp blacklist.tgz /var/lib/squidguard/db/

stay root, then:

change directory to the squidGuard database directory

cd /var/lib/squidguard/db

untar the blacklists with:

tar xvzf blacklists.tgz

Now you may write your config file at:

/etc/squid/squidGuard.conf

a sample squid.conf for the blacklist above can be found in /SquidGuardConf

Now you need to give the squidGuard database the appropriate ownership:

chown proxy:proxy -R /var/lib/squidguard/db/*

and permissions (all files 644, all directories 755):

find /var/lib/squidguard/db -type f | xargs chmod 644
find /var/lib/squidguard/db -type d | xargs chmod 755

Next you need to initialize the database, do:

sudo -u proxy squidGuard -C all

If you look into the directories holding the files domains and urls you see that additional files have been created: domains.db and urls.db.

Now you will need to tell squid to use squidGuard (arm squid), so add the following line

redirect_program /usr/bin/squidGuard

to the squid config file at

/etc/squid/squid.conf

preferably where it says

#  TAG: redirect_program

at approx. line 1023

Make the message that is returned for blocked URLs

/var/www/block.html

I used /BlockHtml, which is a nice red&black page with a link to skolelinux.de.

Then restart squid with:

squid -k reconfigure

verifying the installation

Well the easiest way is to visit some nasty site and check to see if it is blocked, also check some good sites to see if they are let through. The squidGuard website also has a nice way of checking if it works at : verifying squidGuard

For debian-edu you can use the following command:

echo "http://www.rotten.com / - - GET" | squidGuard -d 

if you change the blacklists

You will need to update the Squid Guard database with:

sudo -u proxy squidGuard -C all

And then reconfigure squid with:

squid -k reconfigure

TODO

  • More about blacklists in different languages.
  • Logging blacklist violations, and messaging someone email jabber (??).
  • LDAP Based control (??)
  • Automatic Updates.
  • translate into German, and add to my German wiki
  • Webmin Module - I tried to install this and make it work at DebianEdu/HowTo/SquidGuard/webmin, however the module din't really work too well, and so this idea has been abandoned as webmin and sarge are bothe deprecated

Comments about this page

Please add you comments here with wiki Name, thanks.