squid + squidguard on FC4

squid 2.5
squidGuard 1.2
Fedora Core 4
Dual P4 2.8 Server

I'm pulling my hair out with squidGuard!!!!

I have been using Squid in house for about 2 months, and working great. I want to use block lists for adult, warez, and evil sites of nature so I figured that squidGuard would give me what I need.

So far, squidGuard is not working at all for me.

Simply put, I need squid to just log what IP is going where, so there is no NTLM or kerberos authentication with my windows domain. We don't plan on blocking any web access per username or IP. So my ACL for squid is simple -- Allow All. the All is my range of address 192.168.2.1-192.168.2.254. By the way - SARG is doing my logging, and very well I may say!

Now on squidGuard -- my 'helper program' in squid is setup correctly to point to the squidGuard and config file (/usr/bin/squidguard -c /etc/squid/squidguard.conf). I made an ACL in squidGuard of my internal IP range as stated before, and named it Internal. So my rule for squidGuard simply says Internal Any. This was just to test, so I can see if redirecting to squidGuard works. Well, I can't seem to get anywhere on the internet with this config. ALSO -- I checked my squidGuard.log, and it is empty.

I'll post my squidGuard.conf file here...

Code:

---

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard
logdir /var/log/squidguard

#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

time All {
        weekly * 00:00 - 23:59
}

time workhours {
        weekly mtwhf 06:00 - 18:30
        date *-*-01  08:00 - 16:30
}

#
# REWRITE RULES:
#

rew dmz {
        s@://admin/@://admin.foo.bar.no/@i
        s@://foo.bar.no/@://www.foo.bar.no/@i
}

#
# SOURCE ADDRESSES:
#

src internal {
        ip                192.168.2.1-192.168.2.254
}

src admin {
        ip                192.168.2.33
        user                root foo bar
        within                workhours
}

src foo-clients {
        ip                192.168.2.1-192.168.2.254
}

src bar-clients {
        ip                172.16.4.0/26
}

#
# DESTINATION CLASSES:
#

destination good within All {
        urllist                good.desturllist
        domainlist        good.destdomainlist
}

dest local {
}

dest adult {
        domainlist        dest/adult/domains
        urllist                dest/adult/urls
        expressionlist        dest/adult/expressions
        redirect        http://admin.foo.bar.no/cgi/blocked?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
}


acl {
        internal {
                pass any
                rewrite dmz
        }


        default {
                pass any
                redirect http://admin.foo.bar.no/cgi/blocked?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
        }
}

---

I would rather use squidGuard because I hear that is works great and fast, but if I can't get this to work, I'm just going to make ACL's in squid and block lists.

If someone can help me, great...

how is your squid.conf loading squidguard?

I pulled my hair out for a while and my problem was permissions (on the block list dirs) and also the case sensitive squidGuard. if there is nothing in your error log it sounds like squidguard isn't even getting loaded.

when loading squidguard in squid, after you have started/restarted squid, are there any errors in your squid log?

I also have a guide and examples if you would like me to email them to you, just drop me a PM

and yeah, SARG IS the best report gen for squid/squidguard :)

Thanks for the reply...

My case looks fine in squidGuard...as for the logging, I edited the squidguard.conf file, and purposely entered in some jibberish characters to to have somthing populate in the squidGuard.log, and it sure did.

Code:

---

2005-07-08 10:04:35 [704] syntax error in configfile /etc/squid/squidguard.conf line 13
2005-07-08 10:04:35 [704] going into emergency mode
2005-07-08 10:04:35 [704] ending emergency mode, stdin empty

---

So I guess my test shows me that squidGuard is at least loading when used as a helper program in squid.

As far as permissions go, what files and folder need certian permissions to work?

Also, when installing squidGuard and setting up in webmin, it asked me what user and group that squid was attached to. To my knowledge, it should be squid for user and group.

user and group is squid for webmin

the only thing that needs permissions is the DB directory

try thru webmin and see if you get any better luck

What is the full path to the DB directory for squidGuard? I can't seem to find it on my machine!!! Should there be any files in it when I install, or after I configure it?

The closest thing I have to a folder for squidGuard is the /var/log/squidguard (logfiles) and /var/lib/squidguard (???) and then of course, one for the webmin module.

Quote:

---

Originally Posted by krolrules

What is the full path to the DB directory for squidGuard? I can't seem to find it on my machine!!! Should there be any files in it when I install, or after I configure it?

The closest thing I have to a folder for squidGuard is the /var/log/squidguard (logfiles) and /var/lib/squidguard (???) and then of course, one for the webmin module.

---

in your squidguard.conf one of the first lines should say something like:

Code:

---

dbhome /var/lib/squidguard/db

---

or whatever your directory is. squid needs permissions on that, or a chmod -R 777 /the/folder/in/question should do, might be a little unsecure but eehh, what are you gonna do.

Thanks for the reply, much appreciated!

Although still no workie for me....after your suggestions.

Is there any type of debugging mode on squidguard to see why it's not working correctly? I would think that my squid is properly working, because it can run for users requests just fine, if I take squidguard out of the picture. I guess I could debug squid too...

One last thing...in my squid.conf file, the very last line reads

redirect_program /usr/bin/squidguard -c /etc/squid/squidguard.conf

Is this line correct, and/or does it need to be placed elsewhere in the squid.conf file?

Quote:

---

Originally Posted by krolrules

One last thing...in my squid.conf file, the very last line reads

redirect_program /usr/bin/squidguard -c /etc/squid/squidguard.conf

Is this line correct, and/or does it need to be placed elsewhere in the squid.conf file?

---

yeah that is correct as long as /usr/bin/squidguard exists. mine is /usr/bin/squidGuard and unix IS case sensitive.

yes...I mean squidGuard...not squidguard...

Anything on debugging squidGuard? Is there an alternative to squidGuard?