Rudimentary squidGuard Filtering

We recently had a complaint in our in our school about not-existing internet filters. So I setup squidGuard. It took me about 2 hours from learning that squidGuard exists, to having it working in a very basic way.

"Note: The listings within this wiki have been worked out using a Srage Tjener."

Installation

become root, then:

apt-get install squidguard

download a basic blacklist from:

http://squidguard.mesd.k12.or.us/blacklists.tgz

next copy that blacklist to the squid directory with:

cp blacklist.tgz /var/lib/squidguard/db/

Setup

stay root, then:

change directory to the squidGuard database directory

cd /var/lib/squidguard/db

untar the blacklists with:

tar xvzf blacklists.tgz

Now you may write your config file at:

/etc/squid/squidGuard.conf

a sample squid.conf for the blacklist above can be found in /Debian/Edu/HowTo/SquidGuard/SquidGuardConf

Next you need to initialize the database, do:

sudo -u proxy squidGuard -C all

If you look into the directories holding the files domains and urls you see that additional files have been created: domains.db and urls.db.

Now you need to give the squidGuard database the appropriate ownership:

chown proxy:proxy -R /var/lib/squidguard/db/*

and permissions:

FIXME : SET ALL DIRECTOROIES 744 and all files 644

chmod 644 -R /var/lib/squidguard/db/*

Now you will need to tell squid to use squidGuard, so add the following line

redirect_program /usr/bin/squidGuard

to the squid config file at

/etc/squid/squid.conf

preferably where it says

#  TAG: redirect_program

at approx. line 1023, and the restart squid with:

squid -k reconfigure

now lastly make the message that is returned for blocked URLs

/var/www/block.html

I used DebianEdu/HowTo/SquidGuard/BlockHtml, which is a nice red&black page with a link to skolelinux.de.

verifying the installation

Well the easiest way is to visit some nasty site and check to see if it is blocked, also check some good sites to see if they are let through. The squidGuard website also has a nice way of checking if it works at : [http://www.squidguard.org/Doc/verify.html, verifying squidGuard]

For debian-edu you can use the following command:

echo "http://www.rotten.com / - - GET" | squidGuard -d 

I hope that with the above instructions, you will be able to setup squidGuard and even use a blacklist of your own.

TODO

Comments about this page

Please add you comments here with wiki Name, thanks.