Re: [squid-users] squid & squidGuard redirect only domain (but not imgs, scripts etc) from Amos Jeffries on 2011-06-23 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 23 Jun 2011 20:45:26 +1200

On 23/06/11 17:15, rootslan_at_mail.ru wrote:
> Hello all!
>
> I am trying to set up redirects from denied domains to our local web-server page. Redirect works, but he don't show pictures from new website, don't use js scripts from new site and etc
> For first time I used such redirector:
>
> #!/usr/bin/perl
> $|=1;
> while (<>) {
> s@http://sex.com@http://mywebsrv/www/workblock\n@;
> print;
> }
>
> This redirect works but all images (and swf- js- files) on our workblock page (like http://mywebsrv/www/workblock/dem.jpg) it try to GET from sex.com - in logs we see GET http://sex.com/dem.jpg or http://sex.com/workblock/dem.jpg :(
> Why so? What I do wrong?

First hint: This is not a redirect. Start the URL with 302 to redirect.

Second hint: sending a URL back to squid every time forces a LOT of
extra processing on unchanged URL for no gain.

Third hint: You are inserting "\n" into the reply sent to Squid.

Fourth hint: You can do this a lot faster and easier with an ACL and the
deny_info directive.

ie
   acl blocked dstdomain sex.com
   deny_info http://mywebsrv/www/workblock blocked
   http_access deny blocked

>
> After that I install squidGuard (both configs are below) but problem is still here :(
> Thank you for any solution or help.
>
> My /etc/squid/squidGuard.conf:
> dbhome /var/lib/squidguard/db
> logdir /var/log/squid
> dest redirector {
> domainlist redirector/domains
> urllist redirector/urls
> }
> acl {
> default {
> pass !redirector all
> redirect http://mywebsrv/www/workblock
> }
> }
>
> My /etc/squid3/squid.conf:
> redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
> redirect_children 3
> redirector_bypass on

Fifth hint: bypass ignores the redirector when it produces invalid URL.

Sixth hint: hint 3 leads to invalid responses from the helper every
second request or so.

> cache_effective_user proxy
> acl SNBC src 10.250.16.0/24
> http_access allow SNBC
> http_port 10.250.16.222:3128
> cache_peer 10.80.20.222 parent 3128 0 no-query default
> never_direct allow all
> cache_mgr na_at_n.com
> dns_nameservers 10.250.16.10 10.250.1.13
>
> Some like such my trouble described here: http://www.mail-archive.com/squid-users@squid-cache.org/msg03292.html (but no solution)
>
> With best regards, Albert

Cheers

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.9 and 3.1.12.3

Received on Thu Jun 23 2011 - 08:45:36 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 24 2011 - 12:00:03 MDT