Hello all,

I have got squid working properly. I use it for internet sharing as well as content filtering. There are about 150 clients that use my squid. Some of the clients are allowed to access all the sites without filtering. Only exception is that they are not allowed porn sites.
Rest of the clients are not allowed full access. Mailing sites, pornography and some unwanted sites that could chock up the bandwidth are banned.
It is a transparent proxy and I do it this way.
I tired to integrate dansguardian in the existing setup and changed 3128 to 8080 in the above command keeping other things as it is. It does work but not the way I want it to.
Clients that are allowed to browse emailing sites such as yahoo rediff and gmail are getting blocked with error from squid if the connections are redirected to 8080 but if connections are redirected to 3128 everything works fine.

For example:

I have acl allowed_stations
acl allowed_stations src 192.168.1.71 192.168.1.71 192.168.1.57

http_access allow allowed_stations
http_access deny blocked_sites where this acl mentions which sites are to be blocked. This contains mailing sites as well.
If I redirect it to 3128 it works properly.

But if I redirect it to 8080 allowed_stations are not able to browse banned sites. And the error is from squid not from dansguardian.

Any help will be appreciated.

This is what I got while searching the web. It says I should be putting my squid in front of Dansguardian.

Now can anyone please help me understand me exactly what do I need to do? What does this mean?

I dont really like to bump my own thread but if there was need of more information I would be more than willing to give if I knew what I should be. But please help me understand the above FAQ from dansguardian website that I seem not to understand as well I should.

It started working. I guess there was some problem with iptables rules. It is working but I want to tweak it more to put more security now.

HI,

I have also same requirement,is it possible that both squid ACL and dansguardian filtering rule work at same time,according to me if we redirect traffic to 8080 then dansguardin should be apply and redirect traffic to 3128 then squid acl should apply if it is possible that dansguardin and squid acl work at same time please advise me and send me all code this will be appriciable.

thanks

I started this thread more than couple of months ago. And nobody has posted since then. And I resolved it myself. If you have got some issue start your own thread rather than hijacking this oldie. And post as much information as possible when starting your thread.

I suggest that you show how you solved it here so others can benefit also and do not waste time searching for info that you have. The reason for having such a great forum is to share knowledge not to blame others.

Hi Chaitnaya


I am working on squid and dans for more than 2 year but i am new for this forum. if i would be this forum i must haply help you. but i am not able to use both acl together if i transfer traffic to 8080 then dans acl work and when transfer traffic to 3128 then squid acl work i pass my linux ip on client gateway not on browser i have more than 400 pc's.if you are able to use both acl together please help me. I have already posted my own thread but answer is not like my thought. according to your thread you already done this therefore i want from your side if you help me this will be appreciable.

Thanks

I would have posted the solution if I knew the exact one. And if you read the complete thread I have mentioned this before as well that I have no idea how it started working out of the blue and that I also mentioned that probably there were issues with iptables rules which I changed to make it work.

It would have been better if you started your own thread but still if you could just redirect the traffic from port 80 to 8080 it should work. If your squid and dansguardian are configured properly then just this redirection should work.

AOA

In order to work Squid ACL and dansguardian both at a time you have to do two things.

1. In dansguardian.conf set the 2 tags like this.

forwardedfor = on
usexforwardedfor = on

2. Now in squid.conf you have to use x-forwarded option. Set the tags like this. By default these tags are commented. Search these tags and Remove the '#' and set like this:

follow_x_forwarded_for deny all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on

And finally in writing ACL see the example below

acl my_network src 192.168.41.60
follow_x_forwarded_for allow my_network
http_access deny all

where 192.168.41.60 is the ip of my squid server and dansguardian in on the same machine.

You da man!! You solved my riddle of the week. Thank you!

Marking this grandma solved so that no one comes and digs it out of its grave. Let it RIP.

I had searched a lot forums , & not found any solution for the same question.
But even after following this steps. I cant resolve my problem.. so I bumped this old post.. anyone here to help me?