|
||||||
|
| Introduction | Squid
Guard | Prerequisites | Installation & Configuration | Creating Configuration File
for Squid Guard | |Creating Blacklist
| Configuring Squid for
Squid Guard | Squirm | Installing and Configuring
Squirm |
|Creating Configuration files for Squirm | Configuring Squid for Squirm | References | About ViSolve.com | |
||||||
Introduction |
Redirector is
a
highly customizable program, which returns a new URL
replacing Client's original request. Squid sends the requested URLs to
an external redirector process, and the redirector in turn processes
every incoming URL and returns either a new URL, or a blank line to
indicate no change. Redirectors are commonly used at ISPs for filtering offensive materials, and at workplaces to block internet access during business hours. Even Educational Institutes require redirectors, in order to make internet safe for students thereby providing them access to this valuable media with age appropriate contents. Carefully configure these redirectors, and thereby bring the world web under your control: Block blacklisted sites like drug abuse, pornographic etc., Block unknown clients Redirect Internet Access to custom created Error Pages Create Different access rules for different user Group |
|||||
SquidGuard |
SquidGuard is a free (GPL), flexible redirector program for squid. It lets you define multiple access rules with different restrictions for different user groups on a squid cache. SquidGuard uses squid standard redirector interface. Configuring squid with squidGuard blocks access to blacklisted web servers and/or URLs. | |||||
Prerequisites |
SquidGuard
requires 2.X
of the Berkeley DB library installed on your system. If you don't have
it already, download and install it. It is available at http://www.sleepycat.com/
|
|||||
Installation & configuration |
You can
download squidGuard as a gzipped tar ball available at http://www.squidguard.org.
Next you have to untar the file and change working directory to
squidGuard-* tar -xvzf squidGuard-* cd squidGuard-* Now enter the following commands in order to configure, compile and install squidGuard ./configure make make install |
|||||
Creating Configuration file for squidGuard |
Create
squidGuard.conf that suits your needs. This file allows you to
declare Source group, Destination groups. You can also configure to
have different access rules based on time of day, day of the week, date
etc. for different user groups. Here is a simple example to block inappropriate sites. logdir /usr/local/squidGuard/log dbhome /usr/local/squidGuard/db dest porn { domainlist porn/domains urllist porn/urls } acl { default { pass !porn all redirect http://localhost/cgi/blocked?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u } } This implies there must be a domain list file "/usr/local/squidGuard/db/porn/domains" and a url list file "/usr/local/squidGuard/db/porn/urls". The domain list file may have a zillion lines like: porn.com sex.com The url list file may have lines like: foo.com/~porn bar.com/img/sex |
|||||
Creating Blacklist |
The blacklist
is split into subsections (porn, aggressive, drugs,
hacking, ads, ...), to better match different needs. And in turn each
subsections consist of separate unlimited lists of domains, URLs and/or
regular expressions. The gzipped tar ball of blacklist can be
downloaded by HTTP or FTP, or else it can be custom created, by adding
domain and URL lists according to your own need. For example if you want to filter drug material, then create your own domain list file and url list files (remember to specify their location path in squidGuard config file). Your domain list file may have lines like: 209.133.83.22 209.1.224.24 207.10.94.222 209.249.147.41 209.108.162.42 And url list file may have lines like: 207.229.130.206/drugsearch 209.215.97.108/drugs 209.44.25.11/drugs drugpolicy.org/ecstasy |
|||||
Configuring Squid for squidGuard |
Squid does not
use redirectors by default. So you necessarily have to
configure squid for redirectors by editing a couple of tags in
squid.conf: redirect_program /fullpathto/redirector redirect_children 5 Here the former tag specifies the location of the executable for the URL redirector. So to specify the location of squidGuard, configure squid with redirect_program /fullpathto/squidGuard. And the later tag is used to set the number of redirect processes to spawn. If you start too few Squid will have to wait for them to process a back log of URLs, slowing it down, and too many of them may use RAM and other system resources. |
|||||
Squirm |
Squirm by Chris Foote can redirect requests for Squid. It can be configured for patterns and IP address with full regular expression matching and replacement. | |||||
Installing And Configuring Squirm |
You
can download squirm as a gzipped tar ball available at
http://squirm.foote.com.au/. Next untar the Squirm tar file and then
Compile the GNU Regex library by doing: cd regex ./configure make clean make cp -p regex.o regex.h .. |
|||||
Creating configuration files for squirm |
Squirm
requires config files for patterns and IP addresses, which are
located as: "/usr/local/squirm/etc/squirm.local" "/usr/local/squirm/etc/squirm.patterns" The former file contains specifications for your client's network. And in the later file specify the block lists, for example: If you want to return the URL http://www/notallowed.html to anyone http://www.xxx.com, then your block list would be; regexi ^http://www\.xxx\.com/.* http://www/notallowed.html |
|||||
Configuring Squid for squirm |
Once you have
Squirm up and running, to get Squid to pass requests
through squirm, you need to add a couple of lines to your squid.conf
file. redirect_program /fullpathto/squirm redirect_children 5 |
|||||
References |
ViSolve
Squid Configuration Manual 2.4 |
|||||
|
About ViSolve.com ViSolve is an international corporation that provides technical services, for Internet based systems, for clients around the globe. ViSolve is in the business of providing software solutions since 1995. We have experience of executing several major projects and we are now completely focused on leading Internet technologies, Testing QA and support. We are committed to the Open source movement and in the same lines we provide free support for products like Linux, Apache and Squid to the user community. |
||||||
| Document Version : 1.0 | Created On : 28-01-06 | Updated On : 30-05-06 |
||||||
