HOWTO_squid/squidGuard
Contents |
What is it
squid is a caching Proxy server.
squidGuard is an addon for filtering.
squid
Installation
simply
emerge squid
configuration
edit the file /etc/squid/squid.conf
nano /etc/squid/squid.conf
I show you my config:
http_port 3128 #squids listening port 3128 is default cache_mem 50 MB #How much memory squid will use for caching visible_hostname my-server #Name of our server cache_dir ufs /var/cache/squid 500 16 256 #Directory where squid stores the cache, #500 means we use 500MB diskspace for caching #16 and 256 sets how many directorys squid will use, this is default offline_mode off #offline mode is really cool, if activated squid will always use the cache #if the website is not in the cache, squid will fetch it. #if you press reload in your browser, squid will fetch it again. maximum_object_size 102400 KB #if a file is bigger then 102400 KB squid will not cache it. reload_into_ims off #if activated squid will ignore reload requests from browsers, and use #the cache if available pipeline_prefetch on #squid will fetch data parallel acl my_network src 192.168.0.0/255.255.255.0 #Our network acl all src 0.0.0.0/0.0.0.0 #all networks http_access allow my_network #allow access for our network http_access deny all #and deny from all others
You will find more info in /etc/squid/squid.conf.default.
Start squid
/etc/init.d/squid start
Add to Runlevel
rc-update add squid default
Try
edit your browsers proxy settings, and try it out.
squidGuard
Installation
use
emerge squidguard
to install it.
configuration
first we have to add "redirect_program /usr/bin/squidGuard" to /etc/squid/squid.conf
echo "redirect_program /usr/bin/squidGuard" >> /etc/squid/squid.conf
now we edit the file: /etc/squidGuard/squidGuard.conf this is an example:
logdir /var/log/squidGuard #position of squidGuards log dbhome /etc/squidGuard/db #base for relative paths of listfiles src srcpeter { #a source declaration, srcpeter is now an alias for 192.168.0.250 ip 192.168.0.250 } dest destpeter { #a destination declaration, destpeter is now an alias for all #domains in the file /etc/squidGuard/db/dstpeterfile domainlist dstpeterfile } dest dstads { #another destination declaration, with an expressionlist expressionlist dstadsfile log dstadsfile_log #redirections will be logged into that file } dest dstgood { #another destination declaration, with an good urls list expressionlist dstgoodfile log verbose dstgoodfile_log_all #with keyword "verbose" also PASS will be logged } acl #now we set the rules { srcpeter { #querys from srcpeter (192.168.0.250) pass dstpeter none #access allowed to dstpeter (domains in #/etc/squidGuard/db/dstpeterfile) and none (nothing else) redirect http://webserver/squid/peter.html #all other querys will be redirected to #http://webserver/squid/peter.html (this is optional) } default { #querys from unknown sources pass dstgood !dstads all #access denied for dstads (regular expressions in #/etc/squiGuarad/db/dstadsfile) all other querrys are allowed redirect http://webserver/squid/ad.gif #denied querrys will be redirected to this gif file. } }
Make from your text files some db files and give the right permissions:
squidGuard -C all chown -R squid:squid /etc/squidGuard/db chmod -R o-rwx,g-rwx,u+rwx /etc/squidGuard/db
Start
restart squid
/etc/init.d/squid restart
Test
Make a simple test (replace "dstfile_url" with one url from your exclution-list)
echo "dstadsfile_url - - GET" | squidGuard -c /etc/squidGuard/squidGuard.cfg -d
You will see at the and of screen something like that:
2007-12-10 13:38:18 [8620] squidGuard 1.2.1 started (1197290298.384) 2007-12-10 13:38:18 [8620] squidGuard ready for requests (1197290298.419) 2007-12-10 13:38:18 [8620] Request(default/ads/-) dstadsfile_url -/- - GET REDIRECT http://webserver/squid/ad.gif -/- - GET
If something went wrong with your config, squidGuard will run in emergency mode (pass all). Take also a look into squidGuards logfile.
Troubleshooting
- Logging not possible (Permissions not set properly)
chown squid:squid -R /var/log/squidGuard
Questions
If have additional questions, take a look at http://www.squidguard.org
You can reach me with jabber my jid is sms-king@jabber.org.