- Copy internal post link
- Copy external post link
- Report article
https://administrator.de/forum/squid-und-squidguard-filter-funktioniert-nicht-203401.html
[content:203401]
Squid und SquidGuard Filter funktioniert nicht.
Hallo zusammen
An unserem Hauptstandort funktioniert das wunderbar.
Nun habe ich die COnfig-Files (squid.conf und squidguard.con) auf die anderen beiden Server kopiert.
Squid funktioniert. Jedoch werden die Filtereinträge von squidguard nicht ausgewertet.
Hat hier jemand einen Tipp?
Gruß
Content-Key: 203401
Url: https://administrator.de/contentid/203401
Printed on: May 4, 2024 at 15:05 o'clock
- Comment overview - Please log in
- Copy internal comment link
- Copy external comment link
- To the beginning of the comments
https://administrator.de/forum/squid-und-squidguard-filter-funktioniert-nicht-203401.html#comment-825973
[content:203401#825973]
hast Du nur die .conf oder auch die Filterdateien kopiert? Und den squidguard die Filterdateien in sein .db-Format umwandeln lassen?
Grüße
- Copy internal comment link
- Copy external comment link
- To the beginning of the comments
https://administrator.de/forum/squid-und-squidguard-filter-funktioniert-nicht-203401.html#comment-825978
[content:203401#825978]
habe die .conf Files kopiert und die db-files anpassen lassen.
Also Blacklist herunter geladen, in /var/ib/squidguard/db kopiert und dann mit squidGuard -b -C all die .db-files erstellen lassen.
evtl hilfreich:
in squid.conf hinzugefügt:
oberhalb von acl manager proto cache_object:
<cod>redirect_program /usr/sbin/squidGuard
am ende der conf:
access_log /dev/null
cache_store_log /dev/null
cache_log /dev/null
cache_mgr mymail@mydom.tld
Auszug squidguarc.donf:
src netw_vo {
ip 10.0.0.1-10.0.255.254 10.1.0.1-10.1.255.254 192.168.164.1-192.168.164.254
}
dest violence{
domainlist violence/domains
urllist violence/urls
}
dest warez{
domainlist warez/domains
urllist warez/urls
}
dest weapons{
domainlist weapons/domains
urllist weapons/urls
}
acl {
netw_vo {
pass !aggressive !alcohol !costtraps !dating !drugs !fortunetelling !gamble !hobby_cooking !hobby_games-misc !hobby_games-online !hobby_pets !homestyle !jobsearch !porn !redirector !sex_lingerie !sex_education !socialnet !spyware !tracker !violence !warez !weapons all
redirect http://internalserver.mydom.tld }
default {
redirect http://www.google.de
}
}
Gruß
- Copy internal comment link
- Copy external comment link
- To the beginning of the comments
https://administrator.de/forum/squid-und-squidguard-filter-funktioniert-nicht-203401.html#comment-826001
[content:203401#826001]
hast du nachdem umwandeln der Files ins db Format die Besitzerrechte neu angepasst?
chown -R squid /var/ib/squidguard/db
Beim umwandeln der Files haben die db-Files die Besitzrechte von dem User mit dem du den Befehl ausgeführt hast.
- Copy internal comment link
- Copy external comment link
- To the beginning of the comments
https://administrator.de/forum/squid-und-squidguard-filter-funktioniert-nicht-203401.html#comment-826011
[content:203401#826011]
habe folgende beiden Befehle gemacht:
chmod 777 -R /var/lib/squidGuard/db/blacklist
chown squid -R /var/lib/squidGuard/db/blacklist
die habe ich in einer "Installationsanleitung" so gelesen.
Also Rechtetechnisch sollte da alles ok sen, wobei da vermutlich auch 744 geht.
Gruß
- Copy internal comment link
- Copy external comment link
- To the beginning of the comments
https://administrator.de/forum/squid-und-squidguard-filter-funktioniert-nicht-203401.html#comment-826308
[content:203401#826308]
funktioniert irgendwie auch am Hauptstandort nicht mehr. Daher mal die gesamte Config (SquidGuard):
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /var/lib/squidGuard/db
logdir /var/log/squidGuard
#
# SOURCE ADDRESSES:
#
src localnetwork {
ip 10.0.0.0/16
}
#
# DESTINATION CLASSES:
#
dest aggressive{
domainlist aggressive/domains
urllist aggressive/urls
}
dest alcohol{
domainlist alcohol/domains
urllist alcohol/urls
}
dest costtraps{
domainlist costtraps/domains
urllist costtraps/urls
}
dest dating{
domainlist dating/domains
urllist dating/urls
}
dest drugs{
domainlist drugs/domains
urllist drugs/urls
}
dest fortunetelling{
domainlist fortunetelling/domains
urllist fortunetelling/urls
}
dest gamble{
domainlist gamble/domains
urllist gamble/urls
}
dest hobby_cooking{
domainlist hobby/cooking/domains
urllist hobby/cooking/urls
}
dest hobby_games-misc{
domainlist hobby/games-misc/domains
urllist hobby/games-misc/urls
}
dest hobby_games-online{
domainlist hobby/games-online/domains
urllist hobby/games-online/urls
}
dest hobby_gardening{
domainlist hobby/gardening/domains
urllist hobby/gardening/urls
}
dest hobby_pets{
domainlist hobby/pets/domains
urllist hobby/pets/urls
}
dest homestyle{
domainlist homestyle/domains
urllist homestyle/urls
}
dest jobsearch{
domainlist jobsearch/domains
urllist jobsearch/urls
}
dest porn{
domainlist porn/domains
urllist porn/urls
}
dest redirector{
domainlist redirector/domains
urllist redirector/urls
}
dest sex_lingerie{
domainlist sex/lingerie/domains
urllist sex/lingerie/urls
}
dest sex_education{
domainlist sex/education/domains
urllist sex/education/urls
}
dest socialnet{
domainlist socialnet/domains
urllist socialnet/urls
}
dest spyware{
domainlist spyware/domains
urllist spyware/urls
}
dest tracker{
domainlist tracker/domains
urllist tracker/urls
}
dest violence{
domainlist violence/domains
urllist violence/urls
}
dest warez{
domainlist warez/domains
urllist warez/urls
}
dest weapons{
domainlist weapons/domains
urllist weapons/urls
}
#
# ACCESS CONTROL:
#
acl {
localnetwork {
pass !aggressive !alcohol !costtraps !dating !drugs !fortunetelling !gamble !hobby_cooking !hobby_games-misc !hobby_games-online !hobby_pets !homestyle !jobsearch !porn !redirector !sex_lingerie !sex_education !socialnet !spyware !tracker !violence !warez !weapons all
redirect http://no-srv.intra.dom.lan
}
default {
redirect http://www.google.de
}
}
und hier die squid.conf:
#
# Recommended minimum configuration:
#
redirect_program /usr/sbin/squidGuard
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
# Allow localhost always proxy functionality
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
# http_port 3128
http_port 8080
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir aufs /var/cache/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#
# eigene config
access_log /dev/null
cache_store_log /dev/null
cache_log /dev/null
cache_mgr mymail@dom.lan
- Copy internal comment link
- Copy external comment link
- To the beginning of the comments
https://administrator.de/forum/squid-und-squidguard-filter-funktioniert-nicht-203401.html#comment-826952
[content:203401#826952]
Ich habe die Zeile redirect_program per Hand neu eingegeben und squid neu gestartet, schon ging es.
Gruß