URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID12
Нить номер: 6744
[ Назад ]

Исходное сообщение
"Squid+SquidGuard"
Отправлено biohazard , 25-Ноя-11 13:47

всем доброго времени суток...столкнулся с проблемой в настройке связки squid+squidguard...ОС ubuntu server 10.10, squid version 3.1.6, squidguard version 1.4 Berkeley DB 4.7.25
настраивая инет канал в локальную сеть.....внешний адрес 10.13.13.90, шлюз 10.13.13.254, локальный 10.10.10.1 сеть 10.10.10.0/32.
squid настроен и работает на локальных машинах на ура, вот конфиг:

#       WELCOME TO SQUID 3.1.11
#       ----------------------------
#
#       This is the default Squid configuration file. You may wish
#       to look at the Squid home page (http://www.squid-cache.org/)
#       for the FAQ and other documentation.
#
#       The default Squid config file shows what the defaults for
#       various options happen to be.  If you don't need to change the
#       default, you shouldn't uncomment the line.  Doing so may cause
#       run-time problems.  In some cases "none" refers to no default
#       setting at all, while in other cases it refers to a valid
#       option - the comments for that keyword indicate if this is the
#       case.
#
#
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 5
redirector_bypass on
#HTTP port
http_port 10.10.10.1:3128
#TAG: maximum odject_size_in_memory
maximum_object_size_in_memory 102400.00 bytes
#TAG: cache_dir
cache_dir ufs /var/spool/squid3/ 4096 32 256
error_directory /usr/share/squid3/errors/Russian-1251
#TAG: dns_nameservers
dns_nameservers 10.13.13.238
http_port 3128 transparent
#GLOBAL SETTINGS
acl localnet src 10.10.10.0/24
acl 10.10.10.10 src 10.10.10.10
http_access allow 10.10.10.10
http_access allow localnet
http_access deny all
acl getway src 10.13.13.254
#acl our_network src 10.13.13.0/24
acl acldomain srcdomain .eisst.local
acl archive urlpath_regex -i \.rar$ \.zip$ \.7z$
acl audio urlpath_regex -i \.mp3$ \.asf$ \.wma$ \.acc$ \.FLACC$
acl video urlpath_regex -i \.avi$ \.mob$ \.vob$ \.3gp$ \.wmw$
acl shell urlpath_regex -i \.cmd$ \.bat
acl execute urlpath_regex -i \.exe$
#getway access
http_access allow getway audio
http_access allow getway video
http_access allow getway archive
http_access allow getway shell
http_access allow getway execute
#localhosts access
http_access allow localnet  audio
http_access allow localnet  video
http_access allow localnet  archive
http_access deny  localnet  shell
http_access deny localnet   execute
#local acces internet at up rulez

#client speed
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 128000/128000
delay_access 1 allow localnet
delay_access 1 deny all
refresh_pattern -i \.gif$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.png$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.jpg$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.jpeg$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.pdf$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.zip$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.tar$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.gz$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.tgz$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.exe$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.prz$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.ppt$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.inf$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.swf$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.mid$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.wav$ 43200 100% 13200 override-lastmod override-expire
refresh_pattern -i \.mp3$ 43200 100% 13200 override-lastmod override-expire
устанавливаю SquidGuard с пакетов....прикручиваю к squid'у....запускаю apache (делаю свою страницу на редирект)....качаю базы с блэклистами заливаю /var/lib/squidguard/db/....настраиваю сам squidguard....перезапускаю squid и обновляю базы squidguard'а....пытаюсь зайти на локальной машине в инет пускает так же как и без ограничений....вот конфиг squidguarda и моей базы тестовой...
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /var/lib/squidguard/db
logdir /var/log/squid
#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
        weekly mtwhf 08:00 - 16:30
        date *-*-01  08:00 - 16:30
}
src admin {
        ip              10.10.10.10
#       user            Administrator
#       within          workhours
}
dest adv {
        domainlist adv/domains
        urllist    adv/urls
        redirect http://10.10.10.1/redirect.html
}
dest denylocal {
        domainlist denylocal/domains
        redirect http://127.0.0.1/redirect.html
}
dest good {
}
dest local {
}
#dest adult {
#       domainlist      adult/domains
#       urllist         adult/urls
#       expressionlist  adult/expressions
#       redirect        http://admin.foo.bar.de/cgi-bin/squidGuard.cgi?clientaddr=&#...
#}

acl {
        admin {
                pass     !denylocal all
        }

        default {
                pass     local none
#               rewrite  dmz
#               redirect http://admin.foo.bar.de/cgi-bin/squidGuard.cgi?clientaddr=&#...
        }
вот конфиг базы...
mail.ru
vkontakte.ru
запускаю squidGuard -d -C all

root@ubuntu:~# squidGuard -d -C all
2011-11-25 01:42:09 [4032] New setting: dbhome: /var/lib/squidguard/db
2011-11-25 01:42:09 [4032] New setting: logdir: /var/log/squid
2011-11-25 01:42:09 [4032] init domainlist /var/lib/squidguard/db/adv/domains
2011-11-25 01:42:09 [4032] create new dbfile /var/lib/squidguard/db/adv/domains.db
2011-11-25 01:42:09 [4032] init urllist /var/lib/squidguard/db/adv/urls
2011-11-25 01:42:09 [4032] create new dbfile /var/lib/squidguard/db/adv/urls.db
2011-11-25 01:42:09 [4032] init domainlist /var/lib/squidguard/db/denylocal/domains
2011-11-25 01:42:09 [4032] create new dbfile /var/lib/squidguard/db/denylocal/domains.db
2011-11-25 01:42:09 [4032] destblock good missing active content, set inactive
2011-11-25 01:42:09 [4032] destblock local missing active content, set inactive
2011-11-25 01:42:09 [4032] squidGuard 1.4 started (1322214129.181)
2011-11-25 01:42:09 [4032] db update done
2011-11-25 01:42:09 [4032] squidGuard stopped (1322214129.284)
root@ubuntu:~#
смущает последняя строка...если запускаю squidGuard -d
root@ubuntu:~# squidGuard -d
2011-11-25 01:43:19 [4040] New setting: dbhome: /var/lib/squidguard/db
2011-11-25 01:43:19 [4040] New setting: logdir: /var/log/squid
2011-11-25 01:43:19 [4040] init domainlist /var/lib/squidguard/db/adv/domains
2011-11-25 01:43:19 [4040] loading dbfile /var/lib/squidguard/db/adv/domains.db
2011-11-25 01:43:19 [4040] init urllist /var/lib/squidguard/db/adv/urls
2011-11-25 01:43:19 [4040] loading dbfile /var/lib/squidguard/db/adv/urls.db
2011-11-25 01:43:19 [4040] init domainlist /var/lib/squidguard/db/denylocal/domains
2011-11-25 01:43:19 [4040] loading dbfile /var/lib/squidguard/db/denylocal/domains.db
2011-11-25 01:43:19 [4040] destblock good missing active content, set inactive
2011-11-25 01:43:19 [4040] destblock local missing active content, set inactive
2011-11-25 01:43:19 [4040] squidGuard 1.4 started (1322214199.613)
2011-11-25 01:43:19 [4040] Info: recalculating alarm in 22601 seconds
2011-11-25 01:43:19 [4040] squidGuard ready for requests (1322214199.619)
и все...управление терминалу не передает....какие у кого мысли по всему этому поводу....2 день уже сижу на этих граблях....перекапал пол интернета...писал конфиги по готовым шаблонам.....либо squid отваливался, либо на squidguard ругался....в итоге решил оставить своей конфиг сквида...

Содержание

Squid+SquidGuard,Костя, 02:13 , 27-Ноя-11
Squid+SquidGuard,Aquarius, 01:33 , 28-Ноя-11

Сообщения в этом обсуждении

"Squid+SquidGuard"
Отправлено Костя , 27-Ноя-11 02:13

> redirector_bypass on
по-моему если так, то редиректор просто пропускает весь контент ничего не фильтруя. попробуйте закомментировать эту строчку

"Squid+SquidGuard"
Отправлено Aquarius , 28-Ноя-11 01:33

>[оверквотинг удален]
> 2011-11-25 01:43:19 [4040] loading dbfile /var/lib/squidguard/db/denylocal/domains.db
> 2011-11-25 01:43:19 [4040] destblock good missing active content, set inactive
> 2011-11-25 01:43:19 [4040] destblock local missing active content, set inactive
> 2011-11-25 01:43:19 [4040] squidGuard 1.4 started (1322214199.613)
> 2011-11-25 01:43:19 [4040] Info: recalculating alarm in 22601 seconds
> 2011-11-25 01:43:19 [4040] squidGuard ready for requests (1322214199.619)
> и все...управление терминалу не передает....какие у кого мысли по всему этому поводу....2
> день уже сижу на этих граблях....перекапал пол интернета...писал конфиги по готовым
> шаблонам.....либо squid отваливался, либо на squidguard ругался....в итоге решил оставить
> своей конфиг сквида...
а если без -d ? а лучше документацию почитать