Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE
User Name
SUSE / openSUSE This Forum is for the discussion of Suse Linux.


  Search this Thread
Old 09-29-2008, 12:04 PM   #1
Registered: Sep 2004
Distribution: Slackware/Ubuntu/CentOS
Posts: 286

Rep: Reputation: 31
Squid/Squidguard and suse 10.1

ok, so im not a newbie to linux but i am a newbie when it comes to deploying proxy servers, as well as squid and suse
trying to setup a content filtering proxy server w/ 1 NIC. the network layout goes like this
|=======CLIENT PCS

below is my squid.conf and squidguard.conf - main concern is the squid.conf and it being correct
all of my configuration has come from researching and playing around with it.
squid -z gave me a permission denied error when a cache directory was specified but when i removed that entry it seem to create the swap directories without any problems.
ive also created a deny page that squid redirects to when a blacklisted url is used, ive deployed this via apache. when trying to test this i put in a url to a client that has the proxy server ip and port but it always shoots back my deny page...which makes sense b/c it thinks its a web server
if anyone can help me complete this configuration it would be much so frustrated right now

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

visible_hostname SuSEproxy

refresh_pattern ^ftp:           1440    60%     20160
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       40%     8640

acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl allowed_hosts src
acl serv src
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

http_access allow manager localhost

http_access allow manager serv

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

acl network src

http_access allow network

redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
redirect_children 8
redirector_bypass on
i dont think squidguard has any issues but im going to post it for troubleshooting purposes

dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs

dest ads {
        domainlist      ads/domains
        urllist         ads/urls
        log             /var/log/squid/blocked.log
dest adult {
        domainlist      adult/domains
        urllist         adult/urls
        log             /var/log/squid/blocked.log
dest aggressive {
        domainlist      aggressive/domains
        urllist         aggressive/urls
        log             /var/log/squid/blocked.log

dest dating {
        domainlist      dating/domains
        urllist         dating/urls
        log             /var/log/squid/blocked.log

dest dialers {
        domainlist      dialers/domains
        urllist         dialers/urls
        log             /var/log/squid/blocked.log

dest drugs {
        domainlist      drugs/domains
        urllist         drugs/urls
        log             /var/log/squid/blocked.log

dest gambling {
        domainlist      gambling/domains
        urllist         gambling/urls
	log             /var/log/squid/blocked.log

dest guns {
        domainlist      guns/domains
        urllist         guns/urls
	log             /var/log/squid/blocked.log

dest hacking {
        domainlist      hacking/domains
        urllist         hacking/urls
	log             /var/log/squid/blocked.log

dest instantmessaging {
        domainlist      instantmessaging/domains
        urllist         instantmessaging/urls
	log             /var/log/squid/blocked.log

dest malware {
        domainlist      malware/domains
        urllist         malware/urls
	log             /var/log/squid/blocked.log

dest marketingware {
        domainlist      marketingware/domains
	log             /var/log/squid/blocked.log

dest mixed_adult {
        domainlist      mixed_adult/domains
	log             /var/log/squid/blocked.log

dest phishing {
        domainlist      phishing/domains
        urllist         phishing/urls
	log             /var/log/squid/blocked.log

dest porn {
        domainlist      porn/domains
        urllist         porn/urls
        log             /var/log/squid/blocked.log

dest proxy {
        domainlist      proxy/domains
        urllist         proxy/urls
	log             /var/log/squid/blocked.log

dest sexuality {
        domainlist      sexuality/domains
        urllist         sexuality/urls
	log             /var/log/squid/blocked.log

dest spyware {
        domainlist      spyware/domains
	log             /var/log/squid/blocked.log

dest verisign {
        domainlist      verisign/domains
	log             /var/log/squid/blocked.log

dest violence {
        domainlist      violence/domains
        urllist         violence/urls
	log             /var/log/squid/blocked.log

dest virusinfected {
        domainlist      virusinfected/domains
        urllist         virusinfected/urls
	log             /var/log/squid/blocked.log

dest warez {
        domainlist      warez/domains
        urllist         warez/urls
	log             /var/log/squid/blocked.log

dest weapons {
        domainlist      weapons/domains
        urllist         weapons/urls
        log             /var/log/squid/blocked.log

dest white {
        domainlist      whitelist/domains
        urllist         whitelist/urls
        log             /var/log/squid/blocked.log

acl {
        default {
                pass   white !ads !adult !aggressive !dating !dialers !drugs !gambling !guns !hacking !instantmessaging !malware !marketingware !mixed_adult !phishing !porn !proxy !sexuality !spyware !verisign !violence !virusinfected !warez !weapons all
                redirect http://suseproxy/index.html
error message in cache.log
2008/09/29 10:23:15| Starting Squid Cache version 2.5.STABLE12 for i686-pc-linux-gnu...
2008/09/29 10:23:15| Process ID 24523
2008/09/29 10:23:15| With 1024 file descriptors available
2008/09/29 10:23:15| Performing DNS Tests...
2008/09/29 10:23:15| Successful DNS name lookup tests...
2008/09/29 10:23:15| DNS Socket created at, port 32870, FD 6
2008/09/29 10:23:15| Adding nameserver from /etc/resolv.conf
2008/09/29 10:23:15| helperOpenServers: Starting 8 'squidGuard' processes
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| User-Agent logging is disabled.
2008/09/29 10:23:15| Referer logging is disabled.
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| ipcCreate: /usr/local/bin/squidGuard: (1) Operation not permitted
2008/09/29 10:23:15| Unlinkd pipe opened on FD 19
2008/09/29 10:23:15| Swap maxSize 102400 KB, estimated 7876 objects
2008/09/29 10:23:15| Target number of buckets: 393
2008/09/29 10:23:15| Using 8192 Store buckets
2008/09/29 10:23:15| Max Mem  size: 8192 KB
2008/09/29 10:23:15| Max Swap size: 102400 KB
2008/09/29 10:23:15| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2008/09/29 10:23:15| /etc/squid/cache/00: (2) No such file or directory
FATAL: 	Failed to verify one of the swap directories, Check cache.log
	for details.  Run 'squid -z' to create swap directories
	if needed, or if running Squid for the first time.
Squid Cache (Version 2.5.STABLE12): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.000 user + 0.008 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
and when i try to test that squidguard is working properly i get
2008-09-29 12:13:13 [8432] squidGuard 1.3 started (1222708393.643)
2008-09-29 12:13:13 [8432] squidGuard ready for requests (1222708393.662)
2008-09-29 12:13:13 [8432] source not found
2008-09-29 12:13:13 [8432] no ACL matching source, using default

2008-09-29 12:13:13 [8432] squidGuard stopped (1222708393.664)

Last edited by joker20; 09-29-2008 at 12:14 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid And Squidguard SBN Linux - Software 1 07-27-2006 05:21 AM
Squid not redirecting SquidGuard lesneely Linux - Networking 3 12-21-2005 05:35 AM
squid and squidguard metallica1973 Linux - Networking 5 12-07-2005 10:23 AM
squid conf: squid failed when I type insert redirect_program /usr/bin/squidguard Niceman2005 Linux - Software 1 11-24-2004 02:29 PM
Can squid/squidguard be used to do this? Jeff D Linux - Newbie 2 01-13-2003 03:45 AM > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE

All times are GMT -5. The time now is 06:26 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration