Build SquidGuard Server
Author:Liangzhi Zou
Date:2001/24/8
With the passage of the Children's Internet Protection Act ,schools and libraries are required to filter access to the internet in order to be elegible for E-Rate funds.E-Rate can be a substantial amount of money.With tightening budgets,foregoing the E-Rate funds will not be an option in most cases.
Unfortunately,commerical filtering software is very expensive.With the passage of the CIPA,it is likely to be even more expensive.
This puts quite a burden on under-funded schools and libraries.They need the E-Rate founds to help pay for internet access,but in turn must spend a significant amount of money on filtering software.
The good news is that there exists free filtering software .Until recently,MESD had been using expensive commerical filtering software.We are very pleased with the performance of squidGuard and currently have no plans to renew the license of the commerical filter.
SquidGuard is a free(GPL),flexible and ultra fast filter, redirector and access controller plugin for squid.It lets you define multiple access rules with different restrictions for different user groups on a squid cache.SquidGuard uses squid's standard redirector interface.
1.Source
squidGuard-1.1.4.tar.gz
2.Install
2.1 First and foremost,you must install Squid Proxy Server in your
current system.
2.2 Next install version 2.X of the Berkeley DB library(if not already
installed on your system).
2.3 Eventually you can install squidGuard package.
#tar xvzf squidGuard-1.1.4.tar.gz #cd squidGuard-1.1.4 #./configure(optionally add the environment and flags you prefer) #make #make install This will install the squidGuard executable in prefix/bin/squidGuard where prefix is /usr/local unless you changed it with --prefix=/some/ where/else.3.Create a squidGuard.conf that suits your needs.
The default path for the squidGuard configuration file is "/usr/local/squidGuard.conf",but another default can be set at compile time,and can be changed at runtime.
Basic Congiguration
- General
- Path declarations
- Time space declarations
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
time workhours{
weekly mtwhf 09:00 - 22:00
}
src Demo{
ip 192.168.0.0/255.255.255.0
}
src Virtual{
ip 192.168.10.0/255.255.255.0
}
dest local{
domainlist local/localdomain
expressionlist local/localexpression
}
dest adult{
domainlist dest/adult/domains
urllist dest/adult/urls
expressionlist dest/adult/expressions
}
acl{
Demo within workhours{
pass !local !adult all
redirect http://localhost/AccessDeny.html
} else{
pass !local all
redirect http://localhost/AccessDeny.html
}
Virtual within workhours{
pass !local !adult all
redirect http://localhost/AccessDeny.html
} else{
pass !local all
redirect http://localhost/AccessDeny.html
}
default{
pass all
}
}
sample4.Make the destination lists(databases) you want(if any at all).
Databases Category:
- Domainlists
- URLlists
- Expressionlists
The domainlist file format is simply domainnames/zonenames separated by a newline.
For instance:
amex.com
asx.com.au
sample
The urllist file format is simply URLs separated by newline but with the "proto:" and ":port" parts and normally also the ending "/filename" part.
For instance:
foo.com/~badguy
bar.com/whatever/suspect
sample
The expressionlist file format is lines with regular expression.
For instance:
(^|[-\?+=/_])(bondage|boobs?|busty?|hardcore|porno?|
sex|xxx+)([-\?+=/_]|$)
sample
NOTE:
You must change all the Blacklist Files(Domainlists, URLlists,Expressionlists) being owned by User squid and Group squid.
#chown -R squid Blacklist/ #chown -R .squid Blacklist/5.Assuredly you have told Squid to use squidGuard as the redirector (refer to Squid Server Configuration),you can restart squid now.
#/etc/rc.d/init.d/squid restart
