> а ты делал преобразование squidguard -c all
Да. Конечно.
>а можешь показать полное содержимое файла squidguard.conf
logdir /var/log/squidGuard # путь к лог директории
dbhome /usr/local/squidGuard/db # путь к базам
rewrite mp3 {
s@.*\.mp3$@http://www.my.host/my.mp3@r
}
time leisure-time {
weekly * 00:00-08:00 19:00-24:00 # ночь и вечер
weekly fridays 16:00-18:00 # + пятница с 16:00 до 17:00 (если у вас короткий день)
weekly sat sun 00:00-24:00 # + выходные
date*.01.01 # + Новый Год
# и т. д.
}
src admiral {
ip 192.168.1.63
}
src dj_kill {
ip 192.168.1.200
}
src all {
ip 192.168.1.1-192.168.1.199
}
dest pornography {
domainlist porn/domains
expressionlist porn/expressions
urllist porn/urls
redirect http://www.disney.com
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
dest agressive {
domainlist agressive/domains
urllist agressive/urls
}
dest good {
domainlist good/domains #список "хороших" адресов
}
dest chat {
domainlist chat/domains #список "chat" адресов
expressionlist chat/expressions #ожидаемые фразы
}
dest ads {
domainlist ads/domains
expressionlist ads/expressions
urllist ads/urls
redirect http://www.branchise.org/negocio_archivos/NOSpam.jpg # адрес рисунка для подмены рекламных баннеров
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
acl {
all within leisure-time {
pass !ads all #все, кроме рекламы, в нерабочее время
} else {
pass !chat !ads all #отключение chat-ов в рабочее время
redirect http://ya.ru
}
dj_kill {
pass !ads !pornography !agressive !drugs all
}
admiral {
pass !pornography !agressive !drugs !ads all
#покажем, что мы недаром кушаем хлеб
}
default { #для всех остальных
pass none
redirect http://ya.ru
log /var/log/squidGuard/squidGuard.log #и запишем в лог
}
}
Конфиг Squid.
http_port 192.168.1.100:1431
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 96 MB
cache_dir ufs /usr/local/squid/cache 2000 16 256
ftp_user microsoft@microsoft.com
ftp_passive on
dns_nameservers 192.168.1.100 217.72.144.1 195.34.32.10
hosts_file /etc/hosts
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl safe_ports port 81 # for sof
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl Safe_ports port 999 # Novosibirsk Citrix
acl Safe_ports port 2086 # for Roman Podlinov (web mail)
acl Safe_ports port 2087 # for Roman Podlinov (web mail ssl)
acl Safe_ports port 2095 # for Roman Podlinov (Control Panel)
acl Safe_ports port 2096 # for Roman Podlinov (Control Panel ssl)
acl my_net src 192.168.1.0/255.255.255.0
acl snmpsquid snmp_community public
acl squid_block_badlang url_regex -i "/usr/local/etc/squid/squidblock/badlang.block.txt"
acl squid_unblock_badlang url_regex -i "/usr/local/etc/squid/squidblock/badlang.unblock.txt"
acl squid_block_entertain url_regex -i "/usr/local/etc/squid/squidblock/entertain.block.txt"
acl squid_unblock_entertain url_regex -i "/usr/local/etc/squid/squidblock/entertain.unblock.txt"
acl squid_block_games url_regex -i "/usr/local/etc/squid/squidblock/games.block.txt"
acl squid_unblock_games url_regex -i "/usr/local/etc/squid/squidblock/games.unblock.txt"
acl squid_block_pirate url_regex -i "/usr/local/etc/squid/squidblock/pirate.block.txt"
acl squid_block_mp3 url_regex -i "/usr/local/etc/squid/squidblock/mp3.block.txt"
acl squid_unblock_pirate url_regex -i "/usr/local/etc/squid/squidblock/pirate.unblock.txt"
acl squid_block_porn url_regex -i "/usr/local/etc/squid/squidblock/porn.block.txt pron.block.txt"
acl squid_unblock_porn url_regex -i "/usr/local/etc/squid/squidblock/porn.unblock.txt"
acl banners2 url_regex ad\.bannermarket\.com/cgi-bin linkexchange\.ru reklama.*ru.*href www\.cityline\.ru/.*/cbanners/ www\.bizlink\.ru/cgi-bin/irads\.cgi www\.bannerpoint\.ru/image\.asp www\.cross\.ru/cgi/flamingo-image\.pl www\.strongsoftware\.net/cgi-bin/getimage\.cgi www\.digcont\.odessa\.ua/cgi-bin/mill www\.newman\.ru/LOGOS/ www\.newman\.ru/EXCHANGE/ www\.cdru\.com/banner/
acl pointcast url_regex ^http://.*/FIDO-1/
acl banners url_regex "/usr/local/etc/squid/banners"
redirector_bypass on
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf
redirect_children 10
http_access deny pointcast all
http_access deny banners all
http_access deny banners2 all
http_access deny squid_block_badlang !squid_unblock_badlang
http_access deny squid_block_entertain !squid_unblock_entertain
http_access deny squid_block_games !squid_unblock_games
http_access deny squid_block_pirate !squid_unblock_pirate
http_access deny squid_block_mp3
http_access deny squid_block_porn !squid_unblock_porn
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow my_net
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname chizhik
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_no_pmtu_disc on
snmp_port 161
snmp_access allow snmpsquid localhost
snmp_access deny all
e-mail: dj_kill на мэйлру.