Re: [squid-users] squid and squidguard

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Wed, 27 Aug 2008 10:26:50 -0300

Ismail,

ufdbGuard is free.
It can be used with a free URL database and
with a commercial database.

-Marcus

İsmail ÖZATAY wrote:
> Marcus Kool yazmış:
>> Hi Ismail,
>>
>> I would add a redirect statement to the int_net acl rule.
>>
>> observation: blocking porn without blocking proxies is the same as
>> blocking nothing.
>> You might want to try ufdbGuard: it is faster than squidguard, and has
>> additional features for enforcing Google SafeSearch and verifying
>> HTTPS traffic (certificates and optionally blocking HTTPS to IP
>> addresses instead of FQDNs).
>>
>> -Marcus
>>
>>
>> İsmail ÖZATAY wrote:
>>> Hi ,
>>> I am using 2.6.STABLE6 on CentOS 5.2 + squidguard 1.3 & p1,p2,p3 +
>>> berkeley db 2.7. Everything seems ok without any problem but when i
>>> use redirect_program in squid.conf my internal network connect
>>> bypassing the squidguard. I searched something but can not fix it ?
>>> Can anybody help me ? Here is my config;
>>>
>>> squidGuard.conf
>>> -----------------
>>> logdir /usr/local/squidGuard/log
>>> dbhome /usr/local/squidGuard/db
>>>
>>> src int_net {
>>> ip 192.168.0.0/24
>>> }
>>> dest porn {
>>> domainlist BL/porn/domains
>>> urllist BL/porn/urls
>>> }
>>> acl {
>>> int_net {
>>> pass !porn all
>>> }
>>> default { pass none
>>> redirect http://www.google.com.tr
>>> }
>>> }
>>>
>>>
>>>
>>> squid.conf
>>> -----------
>>> http_port 0.0.0.0:3128
>>> acl all src 0.0.0.0/0.0.0.0
>>> redirect_program /usr/local/bin/squidGuard -c
>>> /usr/local/squidGuard/squidGuard.conf
>>> acl manager proto cache_object
>>> acl localhost src 127.0.0.1/255.255.255.255
>>> acl to_localhost dst 127.0.0.0/8
>>> acl SSL_ports port 443
>>> acl Safe_ports port 80 # http
>>> acl Safe_ports port 21 # ftp
>>> acl Safe_ports port 443 # https
>>> acl Safe_ports port 70 # gopher
>>> acl Safe_ports port 210 # wais
>>> acl Safe_ports port 1025-65535 # unregistered ports
>>> acl Safe_ports port 280 # http-mgmt
>>> acl Safe_ports port 488 # gss-http
>>> acl Safe_ports port 591 # filemaker
>>> acl Safe_ports port 777 # multiling http
>>> acl CONNECT method CONNECT
>>>
>>> http_access allow manager localhost
>>> http_access deny manager
>>> http_access deny !Safe_ports
>>> http_access deny CONNECT !SSL_ports
>>>
>>>
>>>
>>>
>>>
>>
>>
> Also i saw that this is a commercial product. Do you know any free
> software like this ?
>
>
>
>
Received on Wed Aug 27 2008 - 13:27:05 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 27 2008 - 12:00:04 MDT