Squid configuration with Squid Guard

View previous topic View next topic Go down

Squid configuration with Squid Guard

Post  Admin on Thu Jun 10, 2010 3:33 am

Squid.conf file with squid guard redirector

###########################SQUID.CONF################################################
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8
acl tenth src 10.0.0.0/24
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
acl apache rep_header Server ^Apache
acl nace dstdomain webmail.nace.co.in
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow nace
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
cache_mem 8 MB
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /var/cache/squid 1000 16 256
minimum_object_size 0 KB
maximum_object_size 4096 KB
cache_swap_low 90
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
ftp_passive on
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320
upgrade_http0.9 deny shoutcast
connect_timeout 2 minutes
client_lifetime 1 days
cache_mgr webmaster
visible_hostname dhcppc0
error_directory /usr/share/squid/errors/English
coredump_dir /var/cache/squid
cache_swap_high 95
##########SQUID_BASIC_AUTH######################
##auth_param basic program /usr/sbin/pam_auth
##auth_param basic children 5
##auth_param basic realm Squid proxy-caching web server
##auth_param basic credentialsttl 2 hours
##auth_param basic casesensitive off
####Authentication cannot be used in a transparently intercepting proxy as the client then thinks it is talking to an origin server and not the proxy. This is a limitation of bending the TCP/IP protocol to transparently intercepting port 80, not a limitation in Squid
###########SQUID_DIGEST_AUTH#################
##auth_param digest program /usr/sbin/digest_pw_auth /etc/squid/squidpass
##auth_param digest children 5
##auth_param digest realm Squid proxy-caching web server Digest
##auth_param digest nonce_garbage_interval 5 minutes
##auth_param digest nonce_max_duration 30 minutes
#redirect_program /usr/bin/perl /usr/bin/sqd.pl
redirect_program /usr/sbin/squidGuard
######################################################################################################

###########################squidGuard.conf################################
# http://www.vitki.net/static/docs/squidguard/squidguard-1.3-configuration.html#Acls
dbhome /var/lib/squidGuard/db
logdir /var/log/squid

time workhours {
# weekly mtwhf 08:00 - 16:30
weekly mtwhf 08:00 - 19:20
# date *-*-01 08:00 - 16:30
}
#rew nacemail {
# s@^webmail.nace.co.in$@http://webmail.nace.co.in/gw/webacc@r
# }
src admin {
ip 10.0.0.6 10.0.0.7 10.0.0.9 10.0.0.100 10.0.0.10
# ip 192.168.1.0/24
# user root foo bar
}
src intranet {
ip 10.0.0.0/24
}
#rew dmz {
# s@http://webmail.nace.co.in/@http://webmail.nace.co.in/gw/webacc@
# s@http://www.google.co.in/@http://www.google.com/ig@
#s@://foo.bar.de/@://www.foo.bar.de/@i
#}
dest good {
}

dest local {
}

dest ads {
# domainlist ads/domains
urllist ads/urls
}
dest hotmail {
domainlist blacklist/hotmail
}
dest proxy {
domainlist proxy/domains
urllist proxy/urls
}
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest mail {
domainlist mail/domains
urllist mail/urls
}
dest webmail {
domainlist webmail/domains
}
dest whitelist {
domainlist whitelist/domains
}
acl {
# admin {
# pass all
# }
admin within workhours {
pass !porn !proxy !ads all
# rewrite dmz
} else {
pass all
# rewrite dmz
}
intranet {
pass !ads !mail !porn !hotmail !proxy webmail whitelist all
redirect http://localhost/proxy/
}

default {
pass !ads !mail !porn !hotmail !proxy webmail whitelist all
redirect http://localhost/proxy/
# rewrite dmz
}
}

Download scripts for squidguard upload
http://wiki.debian.org/DebianEdu/HowTo/SquidGuard
http://doxfer.com/Webmin/SquidInterceptionProxying
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.4
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.4
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth1 -p tcp --dport 3128
iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80

# cat /var/log/squid/access.log | nice -39 calamaris -aH 'daily worf' -F html > dd.html
# cat /var/log/squid/access.log | nice -39 calamaris -aH 'daily worf' -F mail | mail -s "hello" natesh@nace.co.in
# calamaris -d 10 /var/log/squid/access.log
# calamaris -a /var/log/squid/access.log
# sarg -x -z -e natesh@nace.co.in
# vim /etc/sarg.conf
view # man sarg # man calmaris


http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid
avatar
Admin
Admin

Posts : 32
Join date : 2009-09-13
Age : 31
Location : Chennai

View user profile http://linux.nsguru.com

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum