redirector

PDF

Prepared By Visolve Squid Team

Introduction
Squid Guard
Prerequisites
Installation & Configuration
Creating Configuration File for Squid Guard
Creating Blacklist
Configuring Squid for Squid Guard
Squirm
Installing and Configuring Squirm
Creating Configuration files for Squirm
Configuring Squid for Squirm
References
About ViSolve.com

Introduction

Redirector is a highly customizable program, which returns a new URL replacing Client's original request. Squid sends the requested URLs to an external redirector process, and the redirector in turn processes every incoming URL and returns either a new URL, or a blank line to indicate no change.

Redirectors are commonly used at ISPs for filtering offensive materials, and at workplaces to block internet access during business hours. Even Educational Institutes require redirectors, in order to make internet safe for students thereby providing them access to this valuable media with age appropriate contents. Carefully configure these redirectors, and thereby bring the world web under your control:
Block blacklisted sites like drug abuse, pornographic etc.,
Block unknown clients
Redirect Internet Access to custom created Error Pages
Create Different access rules for different user Group

SquidGuard

SquidGuard requires 2.X of the Berkeley DB library installed on your system. If you don't have it already, download and install it. It is available at http://www.sleepycat.com/

Installation & configuration

You can download squidGuard as a gzipped tar ball available at http://www.squidguard.org. Next you have to untar the file and change working directory to squidGuard-*
tar -xvzf squidGuard-*
cd squidGuard-*
Now enter the following commands in order to configure, compile and install squidGuard
./configure
make
make install

Creating Configuration file for squidGuard

Create squidGuard.conf that suits your needs. This file allows you to declare Source group, Destination groups. You can also configure to have different access rules based on time of day, day of the week, date etc. for different user groups.

Here is a simple example to block inappropriate sites.
logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db

dest porn {
domainlist porn/domains
urllist porn/urls
}
acl {
default {
pass !porn all
redirect http://localhost/cgi/blocked?
clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u
}
}

This implies there must be a domain list file "/usr/local/squidGuard/db/porn/domains" and a url list file "/usr/local/squidGuard/db/porn/urls". The domain list file may have a zillion lines like:

porn.com
sex.com br/>br/> The url list file may have lines like: br/>br/> foo.com/~pornbr/> bar.com/img/sex

Creating Blacklist

The blacklist is split into subsections (porn, aggressive, drugs, hacking, ads, ...), to better match different needs. And in turn each subsections consist of separate unlimited lists of domains, URLs and/or regular expressions. The gzipped tar ball of blacklist can be downloaded by HTTP or FTP, or else it can be custom created, by adding domain and URL lists according to your own need.

For example if you want to filter drug material, then create your own domain list file and url list files (remember to specify their location path in squidGuard config file). Your domain list file may have lines like
209.133.83.22
209.1.224.24
207.10.94.222
209.249.147.41
209.108.162.42

nd url list file may have lines like:
207.229.130.206/drugsearch
209.215.97.108/drugs
209.44.25.11/drugs
drugpolicy.org/ecstasy

Configuring Squid for squidGuard

Squid does not use redirectors by default. So you necessarily have to configure squid for redirectors by editing a couple of tags in squid.conf:
redirect_program /fullpathto/redirector redirect_children 5

Here the former tag specifies the location of the executable for the URL redirector. So to specify the location of squidGuard, configure squid with redirect_program /fullpathto/squidGuard. And the later tag is used to set the number of redirect processes to spawn. If you start too few Squid will have to wait for them to process a back log of URLs, slowing it down, and too many of them may use RAM and other system resources.

Squirm

Squirm by Chris Foote can redirect requests for Squid. It can be configured for patterns and IP address with full regular expression matching and replacement.

Installing And Configuring Squirm

You can download squirm as a gzipped tar ball available at http://squirm.foote.com.au/. Next untar the Squirm tar file and then Compile the GNU Regex library by doing:
cd regex
./configure
make clean
make
cp -p regex.o regex.h ..

Creating configuration files for squirm

Squirm requires config files for patterns and IP addresses, which are located as:
"/usr/local/squirm/etc/squirm.local"
"/usr/local/squirm/etc/squirm.patterns"
The former file contains specifications for your client's network. And in the later file specify the block lists, for example: If you want to return the URL http://www/notallowed.html to anyone http://www.xxx.com, then your block list would be;
regexi ^http://www\.xxx\.com/.* http://www/notallowed.html

Configuring Squid for squirm

Once you have Squirm up and running, to get Squid to pass requests through squirm, you need to add a couple of lines to your squid.conf file.
redirect_program /fullpathto/squirm
redirect_children 5

References

ViSolve Squid Configuration Manual 2.4
ViSolve Squid Configuration Manual 3.0
http://www.squidguard.org/
http://squirm.foote.com.au/


About ViSolve.com

ViSolve is an international corporation that provides technical services, for Internet based systems, for clients around the globe. ViSolve is in the business of providing software solutions since 1995. We have experience of executing several major projects and we are now completely focused on leading Internet technologies, Testing QA and support. We are committed to the Open source movement and in the same lines we provide free support for products like Linux, Apache and Squid to the user community.