LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-26-2015, 10:53 PM   #1
dbuela
LQ Newbie
 
Registered: Mar 2015
Posts: 1

Rep: Reputation: Disabled
Squid / SquidGuard does not enforce safe search on duckduckgo.com


I configured Squid 3.3.13 as transparent proxy. It is intercepting SSL connections as well. My goal is to enforce safe-search into the major search engines.
At the moment my setup deals with google, yahoo and bing but I can't make duckduckgo to work UNLESS I intercept all SSL communication.
Relevant parts of squid.conf are:

Code:
acl engines dstdomain .yahoo.com
acl engines dstdomain .duckduckgo.com
acl engines dstdomain .google.com
acl engines dstdomain .bing.com

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 500

https_port 3130 intercept ssl-bump connection-auth=off generate-host-certificates=on cert=[my certificate path] key=[my key path] cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:HIGH:!aNull:!MD5:!ADH
ssl_bump none localhost
ssl_bump server-first engines
ssl_bump none all

always_direct allow all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER
-------------------
SquidGuard rewrite rule:

Code:
rewrite engines {
       s@.*bing.com/search.*@&\&adlt=strict@i
       s@.*bing.com/images.*@&\&adlt=strict@i
       s@.*bing.com/videos.*@&\&adlt=strict@i
       s@.*au.search.yahoo.com.*@&\&vm=r@i
       s@.*duckduckgo.com.*@&\&kp=1@i
       s@.*google.com.au.*@1&safe=strict@i
}
---------------
I believe the problem is related to the squid
Code:
acl engines dstdomain .duckduckgo.com
because when I disregard that acl and add:

Code:
ssl_bump server-first all
It enforces duckduckgo.com to safe search, therefore the rewrite in SquidGuard must be fine !

I've been digging deep on this one for about a week and run out of ideas.
Thanks in advance

Last edited by dbuela; 03-26-2015 at 10:59 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: DuckDuckGo may be the next big thing in search engines LXer Syndicated Linux News 1 07-02-2014 05:58 PM
LXer: DuckDuckGo adds video and image search LXer Syndicated Linux News 0 05-08-2014 08:00 AM
LXer: Will DuckDuckGo eventually destroy Google in search? LXer Syndicated Linux News 0 01-18-2014 03:21 AM
LXer: DuckDuckGo Region Boosted Search LXer Syndicated Linux News 0 01-08-2014 10:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration