Squid & Squidguard

[linuxguru]

Hi there,

I'm wondering if anyone can help me?

I've installed squid & squidguard with the intention of protecting the kids from unwelcome content on the net.

When I point my browser to the squid proxy I get the following

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.ask.com/

The following error was encountered:

* Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

I have set the redirection program in squid.conf and pointed it to my squidguard.conf as follows

redirect_program /etc/sbin/squidguard -c /etc/squid/squidguard.conf

and am using the following squidguard.conf

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard
logdir /var/log/squidguard

#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

#time workhours {
# weekly mtwhf 08:00 - 16:30
# date *-*-01 08:00 - 16:30
#}

#
# REWRITE RULES:
#

#rew dmz {
# s@://admin/@://admin.foo.bar.no/@i
# s@://foo.bar.no/@://www.foo.bar.no/@i
#}

#
# SOURCE ADDRESSES:
#

#src admin {
# ip 1.2.3.4 1.2.3.5
# user root foo bar
# within workhours
#}

#src foo-clients {
# ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
#}

#src bar-clients {
# ip 172.16.4.0/26
#}

#
# DESTINATION CLASSES:
#

#dest good {
#}

dest local {
urllist /etc/squid/local/good/urls
}

#dest adult {
# domainlist dest/adult/domains
# urllist dest/adult/urls
# expressionlist dest/adult/expressions
# redirect #http://admin.foo.bar.no/cgi/blocked?...lass=%t+url=%u
#}


acl {
# admin {
# pass any
# }

# foo-clients within workhours {
# pass good !in-addr !adult any
# } else {
# pass any
# }

# bar-clients {
# pass local none
# }

default {
pass local none
# rewrite dmz
redirect 302:www.bbc.co.uk
}
}


Hope somebody can help

Thanks

Paul

[jledhead]

how bout your squid.conf?? squid gets hit first and then if its rules say its OK it passes to squidguard. look for your ACLs in your squid.conf

Code:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443 563	# https, snews
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl Safe_ports port 901		# SWAT
acl purge method PURGE
acl CONNECT method CONNECT
no_cache deny QUERY

and then your http_access rules, specificlly this one

Code:

http_access allow all

[linuxguru]

Thanks for that I'll give that a try and let you know if it worked

[linuxguru]

I did that and Squid wouldn't restart after that.I'm going to remove squidguard and get squid working first then install squidguard after that!

[jledhead]

I did that and Squid wouldn't restart after that.I'm going to remove squidguard and get squid working first then install squidguard after that!

well why didn't it restart? check your error log, probably /var/log/squid/* and see what it said. I remember I had the access denied problem when I first started using squid and I think squid out of the box installed to not allow any access.

[linuxguru]

I've got the squid side of things running,I checked through the logs and spotted the following entry after I'd got squid running :-

2005/02/06 23:28:20| clientAccessCheck: proxy request denied in accel_only mode
2005/02/06 23:28:20| clientAccessCheck: proxy request denied in accel_only mode

After removing the references to accel mode in the conf file I can access the squid proxy and get to websites fine,so fingers crossed now I've got this part done squidguard should be a piece of cake.

Thanks for your support

Paul[/code]

[dovad]

I recently installed the "Addons Server" to my IPCop machine and after downloading SquidGuard and turning it on ALL the computers on my network are unable to surf the web. When I go to the "Status" tab and select "System Status" the "Web Proxy" is shown to be disabled. When I go to the "Services" tab and select "Proxy" then "Save" web access is restored (and according to SquidGuard's documentation SquidGurad is then disabled). Note also that ALL computers loose web access when SquidGuard is Started including those in the "Priviledged IP Range".

Guidance is greatly appreciated...

Dave Ovad