Subject: squidGuard is not blocking
To: NetHELP <netbsd-help@netbsd.org>
From: Sam Carleton <scarleton@miltonstreet.com>
List: netbsd-help
Date: 08/10/2001 12:51:24
Folks,

I have had a number of people on the squid and squidGuard mailing list
put in their two cents worth on what my problem is, but the problem
still remains.  I thought I would summerize it again in hopes that
someone else might have some input on a solution.  I know one is out
there!

* The Problem:

squidGuard is running, but it is not blocking any sites.

* The Enviornment:

I am running NetBSD v1.5.0.  The machine is a firewall, NAT, gateway,
squid proxy and now is running squidGuard, also.  I am using IPFilter as

the firwall/NAT.  To make squid transparent and force all traffic
through it, all traffic coming in on the internal NIC for port 80 is
redirected to squid with this ipnat rule: rdr ex0 0/0 port 80 ->
127.0.0.1  port 3128 tcp.

When using the cachemgr tool of squid, squidGuard IS running.  The test
of squidGuard (from the installation instruction on the web page) all
work correctly, pass sites are passed and blocked sites are blocked.
When the web browser is told about the proxy or when it is not told
about the proxy, it is never blocked from a blocked site.

-----------squid.conf-----------
http_port 3128 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/squid/cache 1500 16 256
redirect_program /usr/local/bin/squidGuard -c
/usr/local/squidGuard/squidGuard.conf
redirect_rewrites_host_header on
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl internal_network src 192.168.0.0/255.255.255.0
http_access allow manager internal_network
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow internal_network
http_access allow localhost
http_access deny all
icp_access allow internal_network
icp_access deny all
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
-----------squid.conf-----------

-----------squidGuard.conf-----------
logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db

dest blockedsites {
        domainlist      blacklists/porn/domains
        urllist         blacklists/porn/urls
}

acl {
        default {
                pass !blockedsites all
                redirect

http://localhost/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u

        }
}
-----------squidGuard.conf-----------

Sam