Hello Karsten,
On Friday 07 July 2006 00:20, Karsten Rothemund wrote:
> hello list,
>
> I don't know, if this is the correct forum for my question. Sorry, if
> not.
This is definitely the correct forum. :-)
> I want to equip my old laptop with a web-filtering software, so that
> the children of my sister can use it as a surfbox. The laptop runs
> FreeBSD 6.1 and I installed squid from the ports (version 2.5.14),
> which works fine at the moment (no complex tasks here ;-) ).
>
> Then I added squidguard, also from the ports (version 1.2.0). I
> used a simple config, which principly works: it blocked some of the
> sites mentioned in the blacklists - and google(??).=3D20
>
> OK, maybe. So I wanted to put me (and later all adults) in a group
> with more freedom. But this did not work. It seems to me, that
> squidguard ignores infos about the user.
>
> I found this web page (http://www.onlamp.com/lpt/a/6473) which
> contained a cgi-script, which makes some infos available. And right,
> there is no info about the user, who requests the page, and about the
> category (which will be interesting later).
>
> So the question is, where can I start to debug this situation? Is there=3D20
> something (an option or so) I missed, when compiling/installing
> squid/squidguard? Or is it a config-problem of squid (I can of course
> provide configs - when I know it's the right place here).
I assume all users are logging into your laptop with different user names,
correct? Then the easiest way would be to use user identification as provided
by an ident daemon (RFC 931). For Linux, this could be pidentd, I am sure
there is something similar for FreeBSD available.
From http://www.squidguard.org/config/:
source adults {
user adult1 adult2 ...
}
source children {
user child1 child2 ...
}
Then you need to define your ACLs:
acl {
adults {
pass all
}
children {
pass !blacklists all
}
}
I assume you have a definition for "blacklists" containing the info about your
blacklists.
To get this working, you need to activate the ident lookup method in Squid.
Search for ident_lookup_access in squid.conf. I haven't tried this together
with SquidGuard but that should be no big deal.
Regards,
Peter
-- Peter Albrecht, Novell Training Services, peter.albrecht@novell.comReceived on Fri Jul 07 2006 - 01:12:33 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT