[ale] squidGuard
Robert L. Harris
Robert.L.Harris at rdlg.net
Fri Apr 16 14:54:10 EDT 2004
In my setup 192.168.0.1 is my gateway, 192.168.0.4 is my proxy/Squid box
and 192.168.0.3 is my desktop. (Sorry about the long lines.
src admin {
ip 192.168.0.3
}
# DESTINATION CLASSES:
dest adult {
domainlist adult/domains
urllist adult/urls
expressionlist adult/expressions
log /var/log/squid/adult.log
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
}
dest forums {
domainlist forums/domains
urllist forums/urls
expressionlist forums/expressions
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
dest redirector {
domainlist redirector/domains
urllist redirector/urls
expressionlist redirector/expressions
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
dest ads {
domainlist ads/domains
urllist ads/urls
}
dest violence {
domainlist violence/domains
urllist violence/urls
expressionlist violence/expressions
}
# ACLs
acl {
admin {
pass any
}
default {
pass !adult !audio-video !forums !hacking !redirector !warez !ads !aggressive !drugs !gambling !violence all
redirect http://www.rdlg.net/squidblocked.html
}
}
Thus spake James P. Kinney III (jkinney at localnetsolutions.com):
> Has anyone setup squidGuard before? I can connect to the local gateway
> machine OK but everything past it is blocked even though I have rules
> set (I think) to allow access.
>
> From
> squidGuard.conf:
> source LAN {
> ip 192.168.1.2
> }
>
>
> dest good {
> expressionlist good.destexprlist
> urllist good.desturllist
> domainlist good.destdomainlist
> }
>
> acl {
> LAN {
> pass good all
> }else{
> pass none
> }
>
> default {
> pass none
> rewrite dmz
> redirect
> http://192.168.1.1/cgi-bin/blocked?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
> }
> }
>
> 192.168.1.1 is the gateway machine that is also a web server. It is the
> squid proxy server
>
> --
> James P. Kinney III \Changing the mobile computing world/
> CEO & Director of Engineering \ one Linux user /
> Local Net Solutions,LLC \ at a time. /
> 770-493-8244 \.___________________________./
> http://www.localnetsolutions.com
>
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
:wq!
---------------------------------------------------------------------------
Robert L. Harris | GPG Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
With Dreams To Be A King First One Should Be A Man
- Manowar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
More information about the Ale
mailing list