joker20 |
09-29-2008 12:04 PM |
Squid/Squidguard and suse 10.1
ok, so im not a newbie to linux but i am a newbie when it comes to deploying proxy servers, as well as squid and suse
trying to setup a content filtering proxy server w/ 1 NIC. the network layout goes like this
INTERNET=======CABLE MODEM=======SWITCH
|=======SUSEPROXY
|=======CLIENT PCS
below is my squid.conf and squidguard.conf - main concern is the squid.conf and it being correct
all of my configuration has come from researching and playing around with it.
squid -z gave me a permission denied error when a cache directory was specified but when i removed that entry it seem to create the swap directories without any problems.
ive also created a deny page that squid redirects to when a blacklisted url is used, ive deployed this via apache. when trying to test this i put in a url to a client that has the proxy server ip and port but it always shoots back my deny page...which makes sense b/c it thinks its a web server
if anyone can help me complete this configuration it would be much appreciated...im so frustrated right now
Code:
http_port 10.64.83.225:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
visible_hostname SuSEproxy
refresh_pattern ^ftp: 1440 60% 20160
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 40% 8640
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl allowed_hosts src 10.64.83.0/255.255.255.0
acl serv src 10.64.83.225/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager serv
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl network src 10.64.83.0/24
http_access allow network
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
redirect_children 8
redirector_bypass on
i dont think squidguard has any issues but im going to post it for troubleshooting purposes
Code:
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs
dest ads {
domainlist ads/domains
urllist ads/urls
log /var/log/squid/blocked.log
}
dest adult {
domainlist adult/domains
urllist adult/urls
log /var/log/squid/blocked.log
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
log /var/log/squid/blocked.log
}
dest dating {
domainlist dating/domains
urllist dating/urls
log /var/log/squid/blocked.log
}
dest dialers {
domainlist dialers/domains
urllist dialers/urls
log /var/log/squid/blocked.log
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
log /var/log/squid/blocked.log
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
log /var/log/squid/blocked.log
}
dest guns {
domainlist guns/domains
urllist guns/urls
log /var/log/squid/blocked.log
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
log /var/log/squid/blocked.log
}
dest instantmessaging {
domainlist instantmessaging/domains
urllist instantmessaging/urls
log /var/log/squid/blocked.log
}
dest malware {
domainlist malware/domains
urllist malware/urls
log /var/log/squid/blocked.log
}
dest marketingware {
domainlist marketingware/domains
log /var/log/squid/blocked.log
}
dest mixed_adult {
domainlist mixed_adult/domains
log /var/log/squid/blocked.log
}
dest phishing {
domainlist phishing/domains
urllist phishing/urls
log /var/log/squid/blocked.log
}
dest porn {
domainlist porn/domains
urllist porn/urls
log /var/log/squid/blocked.log
}
dest proxy {
domainlist proxy/domains
urllist proxy/urls
log /var/log/squid/blocked.log
}
dest sexuality {
domainlist sexuality/domains
urllist sexuality/urls
log /var/log/squid/blocked.log
}
dest spyware {
domainlist spyware/domains
log /var/log/squid/blocked.log
}
dest verisign {
domainlist verisign/domains
log /var/log/squid/blocked.log
}
dest violence {
domainlist violence/domains
urllist violence/urls
log /var/log/squid/blocked.log
}
dest virusinfected {
domainlist virusinfected/domains
urllist virusinfected/urls
log /var/log/squid/blocked.log
}
dest warez {
domainlist warez/domains
urllist warez/urls
log /var/log/squid/blocked.log
}
dest weapons {
domainlist weapons/domains
urllist weapons/urls
log /var/log/squid/blocked.log
}
dest white {
domainlist whitelist/domains
urllist whitelist/urls
log /var/log/squid/blocked.log
}
acl {
default {
pass white !ads !adult !aggressive !dating !dialers !drugs !gambling !guns !hacking !instantmessaging !malware !marketingware !mixed_adult !phishing !porn !proxy !sexuality !spyware !verisign !violence !virusinfected !warez !weapons all
redirect http://suseproxy/index.html
}
}
error message in cache.log
Code:
2008/09/29 10:23:15| Starting Squid Cache version 2.5.STABLE12 for i686-pc-linux-gnu...
2008/09/29 10:23:15| Process ID 24523
2008/09/29 10:23:15| With 1024 file descriptors available
2008/09/29 10:23:15| Performing DNS Tests...
2008/09/29 10:23:15| Successful DNS name lookup tests...
2008/09/29 10:23:15| DNS Socket created at 0.0.0.0, port 32870, FD 6
2008/09/29 10:23:15| Adding nameserver 10.64.83.5 from /etc/resolv.conf
2008/09/29 10:23:15| helperOpenServers: Starting 8 'squidGuard' processes
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| User-Agent logging is disabled.
2008/09/29 10:23:15| Referer logging is disabled.
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| Unlinkd pipe opened on FD 19
2008/09/29 10:23:15| Swap maxSize 102400 KB, estimated 7876 objects
2008/09/29 10:23:15| Target number of buckets: 393
2008/09/29 10:23:15| Using 8192 Store buckets
2008/09/29 10:23:15| Max Mem size: 8192 KB
2008/09/29 10:23:15| Max Swap size: 102400 KB
2008/09/29 10:23:15| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2008/09/29 10:23:15| /etc/squid/cache/00: (2) No such file or directory
FATAL: Failed to verify one of the swap directories, Check cache.log
for details. Run 'squid -z' to create swap directories
if needed, or if running Squid for the first time.
Squid Cache (Version 2.5.STABLE12): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.000 user + 0.008 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
and when i try to test that squidguard is working properly i get
Code:
2008-09-29 12:13:13 [8432] squidGuard 1.3 started (1222708393.643)
2008-09-29 12:13:13 [8432] squidGuard ready for requests (1222708393.662)
2008-09-29 12:13:13 [8432] source not found
2008-09-29 12:13:13 [8432] no ACL matching source, using default
2008-09-29 12:13:13 [8432] squidGuard stopped (1222708393.664)
|