New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

How to Create a Transparent Proxy using squid and squidguard

A collection of tips on howto tweak your Bubba.
Post Reply
Eek
Posts: 372
Joined: 23 Dec 2007, 03:03
Location: the Netherlands

How to Create a Transparent Proxy using squid and squidguard

Post by Eek »

This how-to describes the installation of a transparent proxy using squid and squidGuard.
If you are new to linux, don't worry. It may look like much, but it isn't. Also where it says vi you can use nano instead.

Why
I bought the bubba2 to act as a transparent proxy so all http request can be monitored.
In combination with squidGuard, this gives me and my family members unlimited access to the internet without having to worry about the bad sites or bad guys.

Packages
Install the packages and some nice utilities which are handy

Code: Select all

apt-get install squid squid-cgi squidclient squidguard squidview
Download blacklists

Code: Select all

cd /tmp
wget ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
Transparent Proxy
Setup transparent squid proxy

Code: Select all

vi /etc/squid/squid.conf
search for :
http_port 3128
replace with/add:
http_port <lan ip>:3128 transparent

search for :
always_direct
replace with/add:
always_direct allow all

search for :
#acl our_networks src
replace with/add:
acl lan src <wan ip> 192.168.1.0/24
http_access allow localhost
http_access allow lan

Setup routing

Code: Select all

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to <lan ip>:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Restart squid

Code: Select all

/etc/init.d/squid restart
All traffic http trafic is now proxyed through squid, as can be verified in the /var/log/squid/access.log

Squidquard
Setting up the blacklists

Code: Select all

cd /var/lib/squidguard/db
gzip -d /tmp/blacklists.tar.gz
tar xvf /tmp/blacklists.tar
Setup the configuration,
this can be as simple and complex as you want and there are many blacklisted categories, see also [3] and [4].
So I only give a simple example here.

Code: Select all

vi /etc/squid/squidGuard.conf
dbhome /var/lib/squidguard/db
logdir /var/log/squid
dest aggressive {
domainlist blacklists/aggressive/domains
urllist blacklists/aggressive/urls
log aggressiveaccesses
}
acl {
default {
pass !aggressive all
redirect http://localhost/block.html
}
}

Code: Select all

echo "Blocked site!">/home/web/block.html
Initializing the blacklists

Code: Select all

chown -R proxy:proxy /var/lib/squidguard/db/*
squidGuard -C all
chown -R proxy:proxy /var/lib/squidguard/db/*
Configuring squid

Code: Select all

echo "redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf" >> /etc/squid/squid.conf
Restart squid

Code: Select all

/etc/init.d/squid restart
This is it, you should now not be able to access the aggressive sites.

Automatic updates
see http://forum.excito.net/viewtopic.php?p=7409#7409

Have fun
Eek

References
1. squid : http://www.squid-cache.org/
2. http://www.lesismore.co.za/2008/02/squi ... proxy.html
3. squidGuard: http://www.squidguard.org/index.html
4. blacklists: http://cri.univ-tlse1.fr/blacklists/index_en.php
Last edited by Eek on 01 Mar 2009, 16:45, edited 1 time in total.
carl
Posts: 474
Joined: 07 May 2008, 04:41

Post by carl »

Just a note, after changing the iptables, execute

Code: Select all

iptables-save > /etc/network/firewall.conf
so the change in the tables are persistent during reboots.

Alternative, make the changes directly in above file, and execute

Code: Select all

cat /etc/network/firewall.conf | iptables-restore 
/Carl
/Carl Fürstenberg, Excito Software Developer
http://www.excito.com
support@excito.com
whilbone
Posts: 25
Joined: 22 Oct 2008, 03:09

Post by whilbone »

acl lan src <wan ip> 192.168.1.0/24
In the line above, do we have to specify the wan ip? What if we (like most home users) do not have the luxury of a static ip?
Eek
Posts: 372
Joined: 23 Dec 2007, 03:03
Location: the Netherlands

Post by Eek »

Take the IP assigned to you.
as long as you do not reboot, you will keep that IP
I doubt that your ISP forces you to change IP when still connected.
By the way: I am a home user and my ISP gave me the option of a static ip.
moxieman
Posts: 21
Joined: 24 Oct 2008, 02:12

My adaptation

Post by moxieman »

Excellent howto! This worked perfectly for me. I made the following adaptations in my own execution of it, however:

Transparent Proxy

In squid.conf, I replaced

Code: Select all

acl lan src <wan ip> 192.168.1.0/24
http_access allow localhost
http_access allow lan
with

Code: Select all

acl lan src 192.168.10.0/24
http_access allow localhost
http_access allow lan
If you're only using Squid to proxy http traffic that is traveling from inside, through bubba, to outside, this means that you don't need to proxy or worry about allowing the wan ip.

The CIDR notation address in the acl lan src line is whatever subnet you have your LAN on.


squidGuard

First, download the blacklists (I used a different one than Eek). Not to say Eek's is bad, just that I was already familiar with a different one.

Code: Select all

cd /tmp
wget http://www.shallalist.de/Downloads/shallalist.tar.gz
Optionally, you can check the md5 sum by downloading:

Code: Select all

wget http://www.shallalist.de/Downloads/shallalist.tar.gz.md5
By following this next code from Eek with a minor change, you extract the files:

Code: Select all

cd /var/lib/squidguard/db
gzip -d /tmp/shallalist.tar.gz
tar xvf /tmp/shallalist.tar
I only changed the file name - however, the structure of the tarball requires another modification in the squidGuard.conf file. You modify the path to the databases slightly. Here is an excerpt from my configuration so you can see:
dbhome /var/lib/squidguard/db/BL
logdir /var/log/squid

dest adv {
domainlist adv/domains
urllist adv/urls
redirect http://localhost/ads.jpg
}

dest spyware {
domainlist spyware/domains
urllist spyware/urls
}


acl {
default {
pass !adv !spyware all
redirect http://localhost/block.html?+%t
}
}
The neat thing this does is instead of advertisements (the adv acl) when you browse, you see whatever image you've saved at

Code: Select all

/home/web/ads.jpg
My fiancee absolutely loves the fact that now, instead of annoying ads for random useless products, she sees a picture of her and me.

Just make sure you execute

Code: Select all

chmod +r /home/web/ads.jpg
in order to make it readable by the www-data group.

The %t in the redirect line indicates which category has been blocked. There are some other options too - read the default squidGuard.conf and see some of the links Eek posted above.

Anytime you make any changes to the files, or the databases, or the squidGuard or squid configuration files, you'll need to execute a

Code: Select all

sudo /etc/init.d/squid restart
command to make it "effective".


On a more personal note, vi as a text editor is the bane of my existence, but the beauty of a Debian based installation is the presence of nano which i very much enjoy.

********

One final note - the absolutely ONLY error I encountered with Eek's was a problem when creating the block.html file. Bash didn't like the exclamation point inside the quotes, so if you run into problems, remove that and you should be good.[/b]

I cut my teeth, so to speak, on Ubuntu, which is a Debian based distribution, and that involved some rather convoluted work with squid and squidGuard for the network I was SysAd for. I'm happy to take any questions specifically about squid and squidGuard, or anything else for that matter.
moxieman
Posts: 21
Joined: 24 Oct 2008, 02:12

A couple quick updates

Post by moxieman »

I don't know if maybe I had a "space cadet" moment or what - but for some reason my HTTPS wasn't working. When I thought about it, I hadn't accessed anything through that protocol since I installed squid.

Anyway, you want to verify the following lines exist in your squid.conf:

Code: Select all

acl SSL_ports port 443 # https
http_access allow CONNECT SSL_ports
Second, the problem I always had with Squid and SquidGuard was that after a while, they slow down and slow down and eventually stop. This happened quickly when I had 100 users going through my server, and slowly now that it's just me and a couple computers. Randomly, I found the solution this morning while troubleshooting the https.

Execute the following code as root at the command prompt:

Code: Select all

echo 0 > /proc/sys/net/ipv4/tcp_ecn
I was trying to do some downloads which didn't work. Every time I restarted them, they would get to a shorter and shorter point (less data downloaded) and then stop altogether. The very second after I applied this fix, the downloads worked perfectly and quickly.

Apparently, it's related to an ECN bug in the kernel. Not sure what kernel is running on Bubba Two, but the error was quoted as being in the 2.4 branch. I tried it just in case and it worked.

Finally, if you're like me, you get annoyed with all those extra comments and stuff in the REALLY long squid.conf file. The following command will remove all extraneous information from the squid.conf file (it'll work on any other file you care to use as well) and create a backup named squid.conf.bak at the same time of the original file:

Code: Select all

sed -i.bak '/^$/d; /^#/d' /etc/squid/squid.conf
I hope this was helpful. I know how annoying it is to have to search and search and search forums for solutions or wait and wait and wait for responses to your questions - the more places the solutions already exist, the better.
urbaxe
Posts: 7
Joined: 06 Jan 2009, 15:00
Contact:

Can't get squid and squidguard working.

Post by urbaxe »

Hello!
Maybe I doing something wrong, but I can't get squidguard working for me. The only thing it does is logging access to the loggfiles.
It doesn’t really blocking any content.
I have done everything as described in the above "How-to".
Any suggestions?
moxieman
Posts: 21
Joined: 24 Oct 2008, 02:12

Log entries?

Post by moxieman »

Can you post the contents of cache.log and squidGuard.log? They're probably located in /var/log/squid/

An indicator of your problem is probably in there somewhere.

It may be helpful to post your squid.conf and/or your squidGuard.conf files. Please use the above command to remove all the comments and stuff first as that will aid us in reading the files.

Thanks,
Moxieman
urbaxe
Posts: 7
Joined: 06 Jan 2009, 15:00
Contact:

Post by urbaxe »

Hi!
Here are the files you asked for.
I haven’t done much fine tuning, just a simple first try.

cache.log

Code: Select all

2009/02/15 06:27:06| storeDirWriteCleanLogs: Starting...
2009/02/15 06:27:07|   Finished.  Wrote 5328 entries.
2009/02/15 06:27:07|   Took 0.1 seconds (54609.2 entries/sec).
2009/02/15 06:27:07| logfileRotate: /var/log/squid/store.log
2009/02/15 06:27:07| logfileRotate: /var/log/squid/access.log
2009/02/15 06:27:07| helperOpenServers: Starting 5 'squidGuard' processes
2009/02/16 06:26:51| storeDirWriteCleanLogs: Starting...
2009/02/16 06:26:51|   Finished.  Wrote 5790 entries.
2009/02/16 06:26:51|   Took 0.1 seconds (68613.3 entries/sec).
2009/02/16 06:26:51| logfileRotate: /var/log/squid/store.log
2009/02/16 06:26:51| logfileRotate: /var/log/squid/access.log
2009/02/16 06:26:51| helperOpenServers: Starting 5 'squidGuard' processes
2009/02/16 21:06:07| parseHttpRequest: Unsupported method '..
'
2009/02/16 21:06:07| clientReadRequest: FD 17 (192.168.77.145:1076) Invalid Request
2009/02/16 21:06:40| parseHttpRequest: Unsupported method '0 Α.g......\.x
'
2009/02/16 21:06:40| clientReadRequest: FD 33 (192.168.77.145:1054) Invalid Request
2009/02/17 06:27:03| storeDirWriteCleanLogs: Starting...
2009/02/17 06:27:03|   Finished.  Wrote 5945 entries.
2009/02/17 06:27:03|   Took 0.1 seconds (53539.7 entries/sec).
2009/02/17 06:27:03| logfileRotate: /var/log/squid/store.log
2009/02/17 06:27:03| logfileRotate: /var/log/squid/access.log
2009/02/17 06:27:03| helperOpenServers: Starting 5 'squidGuard' processes
squid.conf

Code: Select all

http_port 192.168.77.1:3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.77.0/24
http_access allow localhost
http_access allow lan
http_access allow CONNECT SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_group proxy
always_direct allow all
coredump_dir /var/spool/squid
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
squidGuard.conf

Code: Select all

dbhome /var/lib/squidguard/db/blacklists
logdir /var/log/squid

time workhours {
        weekly mtwhf 08:00 - 16:30
        date *-*-01  08:00 - 16:30
}
dest good {
}
dest local {
}
dest ads {
    domainlist      ads/domains
    urllist         ads/urls
}
dest gargamell {
    domainlist      gargamell/domains
    urllist         gargamell/urls
    log pornaccesses
}
dest warez {
    domainlist      warez/domains
    urllist         warez/urls
}
acl {
        default {
                pass    !ads !gargamell !warez !in-addr all
        }
}
squidGuard.log

Code: Select all

2009-02-17 06:27:03 [13357] destblock good missing active content, set inactive
2009-02-17 06:27:03 [13357] destblock local missing active content, set inactive
2009-02-17 06:27:03 [13357] init domainlist /var/lib/squidguard/db/blacklists/ads/domains
2009-02-17 06:27:03 [13357] loading dbfile /var/lib/squidguard/db/blacklists/ads/domains.db
2009-02-17 06:27:03 [13357] init urllist /var/lib/squidguard/db/blacklists/ads/urls
2009-02-17 06:27:03 [13357] loading dbfile /var/lib/squidguard/db/blacklists/ads/urls.db
2009-02-17 06:27:03 [13358] destblock good missing active content, set inactive
2009-02-17 06:27:03 [13358] destblock local missing active content, set inactive
2009-02-17 06:27:03 [13357] init domainlist /var/lib/squidguard/db/blacklists/gargamell/domains
2009-02-17 06:27:03 [13357] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/domains.db
2009-02-17 06:27:03 [13357] init urllist /var/lib/squidguard/db/blacklists/gargamell/urls
2009-02-17 06:27:03 [13357] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/urls.db
2009-02-17 06:27:03 [13358] init domainlist /var/lib/squidguard/db/blacklists/ads/domains
2009-02-17 06:27:03 [13358] loading dbfile /var/lib/squidguard/db/blacklists/ads/domains.db
2009-02-17 06:27:03 [13358] init urllist /var/lib/squidguard/db/blacklists/ads/urls
2009-02-17 06:27:03 [13358] loading dbfile /var/lib/squidguard/db/blacklists/ads/urls.db
2009-02-17 06:27:03 [13359] destblock good missing active content, set inactive
2009-02-17 06:27:03 [13357] init domainlist /var/lib/squidguard/db/blacklists/warez/domains
2009-02-17 06:27:03 [13357] loading dbfile /var/lib/squidguard/db/blacklists/warez/domains.db
2009-02-17 06:27:03 [13358] init domainlist /var/lib/squidguard/db/blacklists/gargamell/domains
2009-02-17 06:27:03 [13358] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/domains.db
2009-02-17 06:27:03 [13358] init urllist /var/lib/squidguard/db/blacklists/gargamell/urls
2009-02-17 06:27:03 [13358] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/urls.db
2009-02-17 06:27:03 [13358] init domainlist /var/lib/squidguard/db/blacklists/warez/domains
2009-02-17 06:27:03 [13358] loading dbfile /var/lib/squidguard/db/blacklists/warez/domains.db
2009-02-17 06:27:03 [13358] init urllist /var/lib/squidguard/db/blacklists/warez/urls
2009-02-17 06:27:03 [13358] loading dbfile /var/lib/squidguard/db/blacklists/warez/urls.db
2009-02-17 06:27:03 [13360] destblock good missing active content, set inactive
2009-02-17 06:27:03 [13360] destblock local missing active content, set inactive
2009-02-17 06:27:03 [13360] init domainlist /var/lib/squidguard/db/blacklists/ads/domains
2009-02-17 06:27:03 [13360] loading dbfile /var/lib/squidguard/db/blacklists/ads/domains.db
2009-02-17 06:27:03 [13360] init urllist /var/lib/squidguard/db/blacklists/ads/urls
2009-02-17 06:27:03 [13360] loading dbfile /var/lib/squidguard/db/blacklists/ads/urls.db
2009-02-17 06:27:03 [13358] squidGuard 1.2.0 started (1234848446.602)
2009-02-17 06:27:03 [13358] recalculating alarm in 5577 seconds
2009-02-17 06:27:03 [13358] squidGuard ready for requests (1234848446.707)
2009-02-17 06:27:03 [13357] init urllist /var/lib/squidguard/db/blacklists/warez/urls
2009-02-17 06:27:03 [13357] loading dbfile /var/lib/squidguard/db/blacklists/warez/urls.db
2009-02-17 06:27:03 [13357] squidGuard 1.2.0 started (1234848446.550)
2009-02-17 06:27:03 [13357] recalculating alarm in 5577 seconds
2009-02-17 06:27:03 [13357] squidGuard ready for requests (1234848446.711)
2009-02-17 06:27:03 [13359] destblock local missing active content, set inactive
2009-02-17 06:27:03 [13359] init domainlist /var/lib/squidguard/db/blacklists/ads/domains
2009-02-17 06:27:03 [13359] loading dbfile /var/lib/squidguard/db/blacklists/ads/domains.db
2009-02-17 06:27:03 [13359] init urllist /var/lib/squidguard/db/blacklists/ads/urls
2009-02-17 06:27:03 [13359] loading dbfile /var/lib/squidguard/db/blacklists/ads/urls.db
2009-02-17 06:27:03 [13361] destblock good missing active content, set inactive
2009-02-17 06:27:03 [13361] destblock local missing active content, set inactive
2009-02-17 06:27:03 [13361] init domainlist /var/lib/squidguard/db/blacklists/ads/domains
2009-02-17 06:27:03 [13361] loading dbfile /var/lib/squidguard/db/blacklists/ads/domains.db
2009-02-17 06:27:03 [13361] init urllist /var/lib/squidguard/db/blacklists/ads/urls
2009-02-17 06:27:03 [13361] loading dbfile /var/lib/squidguard/db/blacklists/ads/urls.db
2009-02-17 06:27:03 [13359] init domainlist /var/lib/squidguard/db/blacklists/gargamell/domains
2009-02-17 06:27:03 [13359] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/domains.db
2009-02-17 06:27:03 [13359] init urllist /var/lib/squidguard/db/blacklists/gargamell/urls
2009-02-17 06:27:03 [13359] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/urls.db
2009-02-17 06:27:03 [13359] init domainlist /var/lib/squidguard/db/blacklists/warez/domains
2009-02-17 06:27:03 [13359] loading dbfile /var/lib/squidguard/db/blacklists/warez/domains.db
2009-02-17 06:27:03 [13360] init domainlist /var/lib/squidguard/db/blacklists/gargamell/domains
2009-02-17 06:27:03 [13360] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/domains.db
2009-02-17 06:27:03 [13360] init urllist /var/lib/squidguard/db/blacklists/gargamell/urls
2009-02-17 06:27:03 [13360] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/urls.db
2009-02-17 06:27:03 [13359] init urllist /var/lib/squidguard/db/blacklists/warez/urls
2009-02-17 06:27:03 [13359] loading dbfile /var/lib/squidguard/db/blacklists/warez/urls.db
2009-02-17 06:27:03 [13359] squidGuard 1.2.0 started (1234848446.635)
2009-02-17 06:27:03 [13359] recalculating alarm in 5577 seconds
2009-02-17 06:27:03 [13359] squidGuard ready for requests (1234848446.746)
2009-02-17 06:27:03 [13361] init domainlist /var/lib/squidguard/db/blacklists/gargamell/domains
2009-02-17 06:27:03 [13361] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/domains.db
2009-02-17 06:27:03 [13361] init urllist /var/lib/squidguard/db/blacklists/gargamell/urls
2009-02-17 06:27:03 [13361] loading dbfile /var/lib/squidguard/db/blacklists/gargamell/urls.db
2009-02-17 06:27:03 [13361] init domainlist /var/lib/squidguard/db/blacklists/warez/domains
2009-02-17 06:27:03 [13361] loading dbfile /var/lib/squidguard/db/blacklists/warez/domains.db
2009-02-17 06:27:03 [13360] init domainlist /var/lib/squidguard/db/blacklists/warez/domains
2009-02-17 06:27:03 [13360] loading dbfile /var/lib/squidguard/db/blacklists/warez/domains.db
2009-02-17 06:27:03 [13360] init urllist /var/lib/squidguard/db/blacklists/warez/urls
2009-02-17 06:27:03 [13360] loading dbfile /var/lib/squidguard/db/blacklists/warez/urls.db
2009-02-17 06:27:03 [13360] squidGuard 1.2.0 started (1234848446.671)
2009-02-17 06:27:03 [13360] recalculating alarm in 5577 seconds
2009-02-17 06:27:03 [13360] squidGuard ready for requests (1234848446.769)
2009-02-17 06:27:03 [13361] init urllist /var/lib/squidguard/db/blacklists/warez/urls
2009-02-17 06:27:03 [13361] loading dbfile /var/lib/squidguard/db/blacklists/warez/urls.db
2009-02-17 06:27:03 [13361] squidGuard 1.2.0 started (1234848446.680)
2009-02-17 06:27:03 [13361] recalculating alarm in 5577 seconds
2009-02-17 06:27:03 [13361] squidGuard ready for requests (1234848446.780)
2009-02-17 08:00:00 [13358] recalculating alarm in 30 seconds
2009-02-17 08:00:00 [13357] recalculating alarm in 30 seconds
2009-02-17 08:00:00 [13359] recalculating alarm in 30 seconds
2009-02-17 08:00:00 [13360] recalculating alarm in 30 seconds
2009-02-17 08:00:00 [13361] recalculating alarm in 30 seconds
2009-02-17 08:00:30 [13358] recalculating alarm in 30 seconds
2009-02-17 08:00:30 [13357] recalculating alarm in 30 seconds
2009-02-17 08:00:30 [13359] recalculating alarm in 30 seconds
2009-02-17 08:00:30 [13360] recalculating alarm in 30 seconds
2009-02-17 08:00:30 [13361] recalculating alarm in 30 seconds
2009-02-17 08:01:00 [13358] recalculating alarm in 30540 seconds
2009-02-17 08:01:00 [13357] recalculating alarm in 30540 seconds
2009-02-17 08:01:00 [13359] recalculating alarm in 30540 seconds
2009-02-17 08:01:00 [13360] recalculating alarm in 30540 seconds
2009-02-17 08:01:00 [13361] recalculating alarm in 30540 seconds
2009-02-17 16:30:00 [13358] recalculating alarm in 30 seconds
2009-02-17 16:30:00 [13357] recalculating alarm in 30 seconds
2009-02-17 16:30:00 [13359] recalculating alarm in 30 seconds
2009-02-17 16:30:00 [13360] recalculating alarm in 30 seconds
2009-02-17 16:30:00 [13361] recalculating alarm in 30 seconds
2009-02-17 16:30:30 [13358] recalculating alarm in 30 seconds
2009-02-17 16:30:30 [13357] recalculating alarm in 30 seconds
2009-02-17 16:30:30 [13359] recalculating alarm in 30 seconds
2009-02-17 16:30:30 [13360] recalculating alarm in 30 seconds
2009-02-17 16:30:30 [13361] recalculating alarm in 30 seconds
2009-02-17 16:31:00 [13358] recalculating alarm in 26940 seconds
2009-02-17 16:31:00 [13357] recalculating alarm in 26940 seconds
2009-02-17 16:31:00 [13359] recalculating alarm in 26940 seconds
2009-02-17 16:31:00 [13360] recalculating alarm in 26940 seconds
2009-02-17 16:31:00 [13361] recalculating alarm in 26940 seconds
moxieman
Posts: 21
Joined: 24 Oct 2008, 02:12

Time Data

Post by moxieman »

Do me a favor and and make the following two changes to your squidGuard.conf file::

1. remove the entire time portion from your squidGuard.conf file. There have been some reported issues with this functionality. It will also stop squidGuard from writing to your log file every thirty seconds for each agent running. You don't have a lot of computing power on that poor little bubba - conserve it :)

2. In your default acl, under the pass line, add a redirect. You'll want to specify a page that actually exists. Something like this:

Code: Select all

redirect http://localhost/block.html
Then make sure you actually create the file block.html and put it in your www directory. This folder is:

Code: Select all

/var/www/
I dunno if you know much html, but start with something simple, like a simple "hellow world" or

Code: Select all

<html>
<head></head>
<body>
Hello blocked content
</body>
</html>
I think this is your issue - I just tested removing the redirect line from my squidGuard.conf file, and it stopped blocking pages. The default behavior seems to be that without another page to display in its place, the "malicious" page is displayed instead.

The steps to do this properly are as follows:

Edit & save your squidGuard.conf file as indicated above.

Create your block.html file.

type the following:

Code: Select all

squid -k reconfigure
attempt to load a "malicious" page.

let me know if that works, or if my ramblings need more clarification :)

Cheers,
MoxieMan
urbaxe
Posts: 7
Joined: 06 Jan 2009, 15:00
Contact:

Post by urbaxe »

Yeah, now we are talking blocking.
You were right. It was the “block.htmlâ€
Eek
Posts: 372
Joined: 23 Dec 2007, 03:03
Location: the Netherlands

Post by Eek »

Automatic update

I realized that the how-to missed an automatic update script.
You can use and adapt supplied scripts, like
- http://www.maynidea.com/squidguard/getlists.sh
- ftp://ftp.univ-tlse1.fr/blacklist/ajout_squidguard.sh

Or use my script SquidGuardBlacklistUpdate.sh :

Code: Select all

#!/bin/sh

echo "squidGuard blacklist update start on: `date`"

#get blacklists
cd /tmp
rm blacklists.tar.gz blacklists.tar
wget ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
echo "blacklists retrieved..."

#Unpack
cd /var/lib/squidguard/db
gzip -d /tmp/blacklists.tar.gz
tar xvf /tmp/blacklists.tar
chown -R proxy:proxy *
echo "blacklists unpacked..."

#Update
/usr/bin/squidGuard -C all
/usr/bin/squidGuard -u
/etc/init.d/squid restart
echo "squid restarted..."

echo "squidGuard blacklist update finish on: `date`"
exit 0
Put it in the crontab for, in my case, a monthly run

Code: Select all

00 01 28 * * /usr/local/bin/SquidGuardBlacklistUpdate.sh >>/var/log/squid/SquidGuardBlacklistUpdate.log 2>&1
cheers
Eek
moxieman
Posts: 21
Joined: 24 Oct 2008, 02:12

Nice

Post by moxieman »

Eek, Good catch. I'd been thinking about just that the other day, but hadn't gotten around to it yet :) Thanks!
Hammer
Posts: 124
Joined: 02 Oct 2007, 13:37

Post by Hammer »

Really great, it blocks everything.


The following error was encountered:

Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:

Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed
Your cache administrator is webmaster.

--------------------------------------------------------------------------------

Generated Thu, 05 Mar 2009 16:50:21 GMT by bitch.localdomain (squid/2.6.STABLE5)


And I can't even turn the damn thing off!!!!
What to do?
Eek
Posts: 372
Joined: 23 Dec 2007, 03:03
Location: the Netherlands

Post by Eek »

Post Reply