Search:  
Gentoo Wiki

HOWTO_squid/squidGuard

Contents

What is it

squid is a caching Proxy server.

squidGuard is an addon for filtering.

squid

Installation

simply

emerge squid

configuration

edit the file /etc/squid/squid.conf

nano /etc/squid/squid.conf

I show you my config:

http_port 3128					#squids listening port 3128 is default
cache_mem 50 MB					#How much memory squid will use for caching 
visible_hostname my-server			#Name of our server
cache_dir ufs /var/cache/squid 500 16 256	#Directory where squid stores the cache, 
						#500 means we use 500MB diskspace for caching
						#16 and 256 sets how many directorys squid will use, this is default
offline_mode off				#offline mode is really cool, if activated squid will always use the cache
						#if the website is not in the cache, squid will fetch it.
						#if you press reload in your browser, squid will fetch it again.
maximum_object_size 102400 KB			#if a file is bigger then 102400 KB squid will not cache it.
reload_into_ims off				#if activated squid will ignore reload requests from browsers, and use
						#the cache if available
pipeline_prefetch on				#squid will fetch data parallel

acl my_network src 192.168.0.0/255.255.255.0	#Our network
acl all src 0.0.0.0/0.0.0.0			#all networks

http_access allow my_network			#allow access for our network
http_access deny all				#and deny from all others


You will find more info in /etc/squid/squid.conf.default.

Start squid

/etc/init.d/squid start

Add to Runlevel

rc-update add squid default

Try

edit your browsers proxy settings, and try it out.

squidGuard

Installation

use

emerge squidguard

to install it.

configuration

first we have to add "redirect_program /usr/bin/squidGuard" to /etc/squid/squid.conf

echo "redirect_program /usr/bin/squidGuard" >> /etc/squid/squid.conf

now we edit the file: /etc/squidGuard/squidGuard.conf this is an example:

logdir /var/log/squidGuard					#position of squidGuards log
dbhome /etc/squidGuard/db					#base for relative paths of listfiles

src srcpeter {							#a source declaration, srcpeter is now an alias for 192.168.0.250
 ip 192.168.0.250
}

dest destpeter {						#a destination declaration, destpeter is now an alias for all
								#domains in the file /etc/squidGuard/db/dstpeterfile
 domainlist dstpeterfile
}
dest dstads {							#another destination declaration, with an expressionlist
 expressionlist dstadsfile
 log dstadsfile_log                                             #redirections will be logged into that file  
}
dest dstgood {							#another destination declaration, with an good urls list
 expressionlist dstgoodfile
 log verbose dstgoodfile_log_all                                #with keyword "verbose" also PASS will be logged  
}

acl								#now we set the rules
{
       srcpeter {						#querys from srcpeter (192.168.0.250)
               pass dstpeter none				#access allowed to dstpeter (domains in
								#/etc/squidGuard/db/dstpeterfile) and none (nothing else)
               redirect http://webserver/squid/peter.html	#all other querys will be redirected to
						                #http://webserver/squid/peter.html (this is optional)
       }
       default {						#querys from unknown sources
               pass dstgood !dstads all				#access denied for dstads (regular expressions in
								#/etc/squiGuarad/db/dstadsfile) all other querrys are allowed
               redirect http://webserver/squid/ad.gif		#denied querrys will be redirected to this gif file.
       }
}

Make from your text files some db files and give the right permissions:

squidGuard -C all
chown -R squid:squid /etc/squidGuard/db
chmod -R o-rwx,g-rwx,u+rwx /etc/squidGuard/db

Start

restart squid

/etc/init.d/squid restart

Test

Make a simple test (replace "dstfile_url" with one url from your exclution-list)

echo "dstadsfile_url - - GET" | squidGuard -c /etc/squidGuard/squidGuard.cfg -d

You will see at the and of screen something like that:

2007-12-10 13:38:18 [8620] squidGuard 1.2.1 started (1197290298.384)
2007-12-10 13:38:18 [8620] squidGuard ready for requests (1197290298.419)
2007-12-10 13:38:18 [8620] Request(default/ads/-) dstadsfile_url -/- - GET REDIRECT http://webserver/squid/ad.gif -/- - GET

If something went wrong with your config, squidGuard will run in emergency mode (pass all). Take also a look into squidGuards logfile.

Troubleshooting 

chown squid:squid -R /var/log/squidGuard

Questions

If have additional questions, take a look at http://www.squidguard.org

You can reach me with jabber my jid is sms-king@jabber.org.

Retrieved from "http://www.gentoo-wiki.info/HOWTO_squid/squidGuard"
Last modified: Sat, 06 Sep 2008 03:41:00 +0000 Hits: 22,430