[squid-users] url_rewrite_program not working randomly after a while from Stefan Bauer on 2012-08-24 (squid-users)

From: Stefan Bauer <stefan.bauer_at_cubewerk.de>
Date: Fri, 24 Aug 2012 11:49:49 +0200

Dear Developers & Users,

we're using latest squidGuard for around 500 Users and match users against LDAP.
Everything is working fine for a while and "bad pages" are blocked as they should.
Randomly, squidGuard ist stopping to block the pages and the users have not limitations anymore.

A reload of squid is fixing the problem.

That is how we included squidguard in squid:

url_rewrite_program /usr/sbin/squidGuard -d -c /etc/squidguard.conf
url_rewrite_children 10

Any help or ideas are greatly appreciated. Please find attached the squidguard.conf

dbhome /var/lib/squidGuard/db
logdir /var/log/squidGuard

ldapbinddn credentials
ldapbindpass password

src superprivusers {
ldapusersearch correct-query
}

src moreprivusers {
ldapusersearch correct-query
}

src noprivusers {
ldapusersearch correct-query
}

dest porn {
        domainlist blacklists/porn/domains
        urllist blacklists/porn/urls
        log blocked_porn.log
}

dest ads {
        domainlist blacklists/ads/domains
        urllist blacklists/ads/urls
        log blocked_ads.log
}

dest ksi_a {
        domainlist blacklists/ksi_a/domains
        urllist blacklists/ksi_a/urls
        log blocked_ksi_a.log
}

dest ksi_b {
        domainlist blacklists/ksi_b/domains
        urllist blacklists/ksi_b/urls
        log blocked_ksi_b.log
}

dest ksi_c {
        domainlist blacklists/ksi_c/domains
        urllist blacklists/ksi_c/urls
        log blocked_ksi_c.log
}

dest warez {
        domainlist blacklists/warez/domains
        urllist blacklists/warez/urls
        log blocked_warez.log
}

acl {
        superprivusers {
                pass all
                redirect http://machine/sgerror.php?url=401%20site%20blocked&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
        }

        moreprivusers {
                pass !warez !ksi_a !ads !porn all
                redirect http://machine/sgerror.php?url=401%20site%20blocked&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
        }

        underprivusers {
                pass !warez !ksi_a !ksi_b !ksi_c !ads !porn all
                redirect http://machine/sgerror.php?url=401%20site%20blocked&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
        }

        noprivusers {
                pass none
                redirect http://machine/sgerror.php?url=401%20site%20blocked&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
        }

        default {
                pass !warez !ksi_a !ksi_b !ads !porn all
                # ### redirect http://localhost/block.html
                redirect http://machine/sgerror.php?url=401%20site%20blocked&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
        }
}

thank you very much in advance

Stefan Bauer
Received on Fri Aug 24 2012 - 09:48:09 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 25 2012 - 12:00:03 MDT