[squid-users] squidGuard is not blocking

From: Sam Carleton <scarleton@dont-contact.us>
Date: Fri, 10 Aug 2001 12:45:06 -0400

Folks,

I have had a number of people put in their two cents worth on what my
problem is, but the problem still remains. I thought I would summerize
it again in hopes that someone else might have some input on a
solution. I know one is out there!

* The Problem:

squidGuard is running, but it is not blocking any sites.

* The Enviornment:

I am running NetBSD v1.5.0. The machine is a firewall, NAT, gateway,
squid proxy and now is running squidGuard, also. I am using IPFilter as
the firwall/NAT. To make squid transparent and force all traffic
through it, all traffic coming in on the internal NIC for port 80 is
redirected to squid with this ipnat rule: rdr ex0 0/0 port 80 ->
127.0.0.1 port 3128 tcp.

When using the cachemgr tool of squid, squidGuard IS running. The test
of squidGuard (from the installation instruction on the web page) all
work correctly, pass sites are passed and blocked sites are blocked.
When the web browser is told about the proxy or when it is not told
about the proxy, it is never blocked from a blocked site.

-----------squid.conf-----------
http_port 3128 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid/cache 1500 16 256
redirect_program /usr/local/bin/squidGuard -c
/usr/local/squidGuard/squidGuard.conf
redirect_rewrites_host_header on
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl internal_network src 192.168.0.0/255.255.255.0
http_access allow manager internal_network
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow internal_network
http_access allow localhost
http_access deny all
icp_access allow internal_network
icp_access deny all
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
-----------squid.conf-----------

-----------squidGuard.conf-----------
logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db

dest blockedsites {
        domainlist blacklists/porn/domains
        urllist blacklists/porn/urls
}

acl {
        default {
                pass !blockedsites all
                redirect
http://localhost/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u

        }
}
-----------squidGuard.conf-----------
Received on Fri Aug 10 2001 - 10:45:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:33 MST