LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-15-2020, 02:13 PM   #1
n01k
LQ Newbie
 
Registered: Jan 2020
Location: Ontario Canada
Distribution: Ubuntu
Posts: 5

Rep: Reputation: Disabled
Question Squid Proxy 3.5/SquidGuard on CentOS 7(Minimal) - Squid not blocking at all


***I believe I am posting this in the appropriate section but if I am not, please move it. I am a newbie with SquidProxy/SquidGuard and figured this may be a good spot.

Hello everyone, I want to learn Squidproxy and SquidGuard due to it being used in past workplaces and it was always something I wanted to learn to deploy and maintain.

I've setup a small lab at home with a Windows 7 VM and SquidProxy configured on a Proxmox hypervisor.

Client IP = 10.16.60.244
Server IP = 10.16.61.67:3128

I have followed the following brief guide to build this.
http://linuxpitstop.com/install-squi...ng-this-proxy/

Initially I had difficulty with my client PC not being able to access the internet at all when the proxy configuration is entered in Internet Options.

After some reading, I realized that CentOS had FirewallD enabled. I disabled it (for testing) and the internet passes through squid (from what I can tell via access.log).

The instructions that I followed stated to compile squid using the following command:

Code:
 squidGuard -b -d -C all
The output that I receive is:

Code:
[root@localhost etc]#  squidGuard -b -d -C all
2020-01-14 16:46:15 [9518] New setting: dbhome: /var/squidGuard/blacklists
2020-01-14 16:46:15 [9518] New setting: logdir: /var/log/squidGuard
2020-01-14 16:46:15 [9518] Added User: root
2020-01-14 16:46:15 [9518] Added User: foo
2020-01-14 16:46:15 [9518] Added User: bar
2020-01-14 16:46:15 [9518] destblock good missing active content, set inactive
2020-01-14 16:46:15 [9518] destblock local missing active content, set inactive
2020-01-14 16:46:15 [9518] init domainlist /var/squidGuard/blacklists/blacklists/porn/domains
2020-01-14 16:46:15 [9518] Error db_open: No such file or directory
2020-01-14 16:46:15 [9518] Going into emergency mode
^C
I'm not entirely sure why the compile error occurs, it seems due to db_open, which I'm unsure what to do about.


Reviewing /var/log/squid/access.log, I see the following output:

Code:
........
1579037842.676  94126 10.16.60.244 TCP_TUNNEL/200 9171 CONNECT pixel.facebook.com:443 - HIER_DIRECT/31.13.66.36 -
1579037968.297 240655 10.16.60.244 TCP_TUNNEL/200 5176 CONNECT www.gstatic.com:443 - HIER_DIRECT/172.217.1.3 -
1579037968.323 240668 10.16.60.244 TCP_TUNNEL/200 4058 CONNECT clientservices.googleapis.com:443 - HIER_DIRECT/172.217.1.3 -
1579037972.893 240101 10.16.60.244 TCP_TUNNEL/200 5254 CONNECT update.googleapis.com:443 - HIER_DIRECT/172.217.165.3 -
1579037977.029 240102 10.16.60.244 TCP_TUNNEL/200 163536 CONNECT ssl.gstatic.com:443 - HIER_DIRECT/172.217.165.3 -
1579037977.958 240120 10.16.60.244 TCP_TUNNEL/200 4422 CONNECT www.google-analytics.com:443 - HIER_DIRECT/172.217.0.238 -
1579037980.381 240324 10.16.60.244 TCP_TUNNEL/200 3630 CONNECT www.gmail.com:443 - HIER_DIRECT/172.217.1.5 -
1579037980.745 240083 10.16.60.244 TCP_TUNNEL/200 832 CONNECT fonts.gstatic.com:443 - HIER_DIRECT/172.217.1.3 -
1579037980.849 240791 10.16.60.244 TCP_TUNNEL/200 4992 CONNECT mail.google.com:443 - HIER_DIRECT/172.217.1.5 -
1579037980.910 253231 10.16.60.244 TCP_TUNNEL/200 7039 CONNECT accounts.google.com:443 - HIER_DIRECT/172.217.0.237 -
1579037980.931 253235 10.16.60.244 TCP_TUNNEL/200 148447 CONNECT www.google.com:443 - HIER_DIRECT/172.217.164.228 -
1579038033.506 240078 10.16.60.244 TCP_TUNNEL/200 11914 CONNECT safebrowsing.googleapis.com:443 - HIER_DIRECT/172.217.0.234 -
1579038327.142 240161 10.16.60.244 TCP_TUNNEL/200 5621 CONNECT update.googleapis.com:443 - HIER_DIRECT/172.217.165.3 -
1579038399.960  66376 10.16.60.244 TCP_TUNNEL/200 1160 CONNECT www.facebook.com:443 - HIER_DIRECT/31.13.66.35 -

I'm testing a few regular sites (www.facebook.com and www.gmail.com) which have SSL certificates and I'm also testing another site that is not HTTPS configured and neither is blocked.

I realize that filtering for SSL may require further configurations but I'd expect my personal site to be blocked by squid.

the squid.conf file (/etc/squid/squid.conf) is fairly untouched aside from what I entered from the initial configuration guide.

Any suggestions on what I should look at?
 
Old 01-17-2020, 03:15 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,606

Rep: Reputation: 1802Reputation: 1802Reputation: 1802Reputation: 1802Reputation: 1802Reputation: 1802Reputation: 1802Reputation: 1802Reputation: 1802Reputation: 1802Reputation: 1802
Quote:
2020-01-14 16:46:15 [9518] init domainlist /var/squidGuard/blacklists/blacklists/porn/domains
2020-01-14 16:46:15 [9518] Error db_open: No such file or directory
Most likely there is no /var/squidGuard/blacklists/blacklists/porn/domains file, so suidguard is complaining
 
  


Reply

Tags
squidguard, squidproxy


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Proxy 3.5/SquidGuard on CentOS 7(Minimal) - Problems with not blocking at all n01k Linux - Software 0 01-16-2020 01:45 AM
Trying to implement a url-rewrite proxy using SquidGuard/Squid proxy SSA Linux - Networking 0 08-28-2014 12:44 AM
SquidGuard: include some config file in squidGuard.conf toure32 Linux - Server 1 04-12-2011 03:10 PM
squidguard is not working with squid proxy ssilayaraja Linux - Server 5 12-06-2010 07:52 PM
error: mail command failed for /var/log/squidguard/squidGuard.log.6 Niceman2005 Linux - Networking 1 01-22-2009 02:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration