-
Notifications
You must be signed in to change notification settings - Fork 3
/
CONFIGURATION
143 lines (120 loc) · 4.92 KB
/
CONFIGURATION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
Another squidguard website
[1]Home [2]Documentation [3]Download [4]Blacklists [5]Useful stuff
[6]Installation [7]Basic Configuration [8]Extended Configuration
[9]Known Issues
Basic Configuration of SquidGuard
Once SquidGuard is successfully installed, you want to configure the
software according to your needs. A sample configuration has been
installed in the default directory /usr/local/squidGuard (or whatever
directory you pointed you intallation to).
Below you find three examples for the basic configuration of
SquidGuard.
1. Most simple configuration
Most simple configuration: one category, one rule for all
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs
dest porn {
domainlist porn/domains
urllist porn/urls
}
acl {
default {
pass !porn all
redirect http://localhost/block.html
}
}
Make always sure that the very first line of your squidGuard.conf
is not empty!
The entries have the following meaning:
dbhome Location of the blacklists
logdir Location of the logfiles
dest Definition of a category to block. You can enter the domain and
url file along with a regular expression list (talk about regular
expressions later on).
acl The actual blocking defintion. In our example only the default is
displayed. You can have more than one acl in place. The category porn
you defined in dest is blocked by the expression !porn. You have to add
the identifier all after the blocklist or your users will not be able
to surf anyway.
The redirect directive is madatory! You must tell SquidGuard which page
to display instead of the blocked one.
2. Choosing more than one category to block
First you define your categories. Just like you did above for porn.
For example:
Defining three categories for blocking
dest adv {
domainlist adv/domains
urllist adv/urls
}
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
Now your acl looks like that:
acl {
default {
pass !adv !porn !warez all
redirect http://localhost/block.html
}
}
3. Whitelisting
Sometimes there is a demand to allow specific URLs and domains
although they are part of the blocklists for a good reason. In this
case you want to whitelist these domains and URLs.
Defining a whitelist
dest white {
domainlist white/domains
urllist white/urls
}
acl {
default {
pass white !adv !porn !warez all
redirect http://localhost/block.html
}
}
In this example we assumed that your whitelists are located in a
directory called white whithin the blacklist directory you
specified with dbhome.
Make sure that your white identifier is the first in the row of the
pass directive. It must not have an exclamation mark in front
(otherwise all entries belonging to white will be blocked, too).
4. Initializing the blacklists
Before you start up your squidGuard you should initialize the
blacklists i.e. convert them from the textfiles to db files. Using
the db format will speed up the checking and blocking.
The initialization is performed by the following command:
Initializing the blacklists
squidGuard -C all
Depending on the size of your blacklists and the power of your
computer this may take a while. If anything is running fine you
should see something like the following output:
2006-01-29 12:16:14 [31977] squidGuard 1.2.0p2 started (1138533256.959)
2006-01-29 12:16:14 [31977] db update done
2006-01-29 12:16:14 [31977] squidGuard stopped (1138533374.571)
If you look into the directories holding the files domains and urls
you see that additional files have been created: domains.db and
urls.db. These new files must not be empty!
Only those files are converted you specified to block or whitelist
in your squidGuard.conf file.
Proceed with: [10]Extended Configuration of SquidGuard
______________________________________________________________
Mirko Lorenz - mirko at shalla.de
29.01.2006
References
1. http://www.squidguard.org/index.html
2. http://www.squidguard.org/Doc/index.html
3. http://www.squidguard.org/download.html
4. http://www.squidguard.org/blacklists.html
5. http://www.squidguard.org/addsoft.html
6. http://www.squidguard.org/Doc/install.html
7. http://www.squidguard.org/Doc/configure.html
8. http://www.squidguard.org/Doc/extended.html
9. http://www.squidguard.org/Doc/known_issues.html
10. http://www.squidguard.org/Doc/extended.html