Re: [squid-users] Configuring Squid to work with squidGuard... from Hendrik Voigtländer on 2004-08-15 (squid-users)

From: Hendrik Voigtländer <hendrik@dont-contact.us>
Date: Sun, 15 Aug 2004 11:39:40 +0200

> -----Original Message-----
> From: Samir Faci [mailto:spamuser@chemtool.com]
> Sent: August 6, 2004 4:28 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Configuring Squid to work with squidGuard...
>
>
> I have squidGuard working (i believe) If i issue the following command:
>
> echo "http://www.zzm.com 64.125.84.23/- - GET" | squidGuard
> -c /etc/squidguard.conf -d

> Angela Burrell wrote:
> Why are you using that command?

I use squidGuard too and I couldn't really follow this approach...

> Personally what I do is run squidGuard -C all (to recompile the databases
> when I add a site.)

I did this only the first time as I have some uncompiled small
databases, e.g. a whitelist which allows me to enable sites very
quickly. I prefer to specify the database to compile.

> Then I do squid -k reconfigure (which restarts squid) and squid
> automatically starts squidGuard.

This is very dangerous if the permissions on the databases are wrong.
I have managed to crash a squid with at least 300 users online in the
middle of a day.

> Then look at the log files and verify that it's running (last line is
> "squidGuard ready for requests")

Squidguard needs rw-Permissions on the database-files. Double check the
permissions especially if the database compilation is done as root.

A safe way ist to start squidGuard as the squid-user logging to
stdout/stderr.

su - proxy 'squidGuard -d'

If you see "squidGuard ready for requests" there, you will see it in the
logfiles after the reconfigure.

>
> Now go to a web browser on a client and try to access a blocked site. You
> should be shown a error page or redirected (whatever you configured it to
> do).
>
> Recap:
> 1. squidGuard -C all (as root)
> 2. squid -k reconfigure
> 3. check to make sure squidGuard is running
> 4. Test with browser
> 5. if not working, do squid -k kill, then "squid" to start it up again.
>

In general this is the recipe I used as well and it works, although I
did not compile from source. Everything on my machine comes from debian
(woody) execpt the kernel (stock kernel did not support the hardware).

Additionally I have modified the page squidGuard is redirecting to. It's
now a quick'n'dirty perl-cgi which offers a convenient way to reports
false positives.

Regards, Hendrik Voigtländer
Received on Sun Aug 15 2004 - 03:40:50 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT