Rudimentary squidGuard Filtering
We recently had a complaint in our in our school about not-existing internet Filters. So i setup squidGuard. It took me about 2 hours from learning that squidGuard exists, to having it working in a very basic way.
Installation
become root, then:
apt-get install squidGuard
Download a basic blacklist from:
http://squidguard.mesd.k12.or.us/blacklists.tgz
next copy that blacklist to the squid directory with:
cp blacklist.tgz /var/lib/squidGuard/db/
Setup
stay root, then:
change directory to the squidGuard database directory
cd /var/lib/squidGuard/db
untar the blacklists with:
tar xvzf blacklists.tgz
move the black lists into the database directory:
mv blacklist/* .
TODO: show what the directory schould look like.
Now you may write your config file at:
/etc/squid/squidGuard.conf
a smaple squid.conf for the blacklist above can be found in /Debian/Edu/HowTo/SquidGuard/SquidGuardConf
Now you need to give the squidGuard database the appropriate ownership:
chown proxy:proxy -R /var/lib/squidguard/db/*
and permissions:
chmod 644 -R /var/lib/squidguard/db/*
Next you need to initialse the database, do:
sudo -u proxy squidGuard -C all
TODO: explain what this does to the directory
Now you will need to tell squid to use squidGuard, so add the following line
redirect_program /usr/bin/squidGuard
to the squid config file at
/etc/squid/squid.conf
Preferably where it says
# TAG: redirect_program
at apprx line 1023, and the restart squid with:
squid -k reconfigure
now lastly make the message that is returned for blocked URLs
/var/www/block.html
i used DebianEdu/HowTo/SquidGuard/BlockHtml, which is a nice red&black page with a link to skolelinux.de.
verifying the installation
well the easiest way is to visit some nasty site and check to see if it is blocked, also check some good sites to see if they are let through. The squidGuard website also has a nice way of checking if it works at : [http://www.squidguard.org/Doc/verify.html, verifying squidGuard]
For debian-edu you can use the following command:
echo "http://www.rotten.com / - - GET" | squidGuard -d
I hope that with the above instructions, you will be able to setup squidGuard and even use a blacklist of your own.
Links
[http://www.squidguard.org/ squidGuard]
TODO
- More about blacklists in different languages.
- Logging blacklist violations, and messaging someone email jabber (??).
- LDAP Based control (??)
- Automatic Updates.
- translate into german, and add to my german wiki
Comments about this page
Please add you comments here with wiki Name, thanks.