Changes

From Amahi Wiki
Jump to: navigation, search
3,593 bytes added ,  19:50, 4 December 2011
Created page with "== Content filtering with squidGuard == This page is built on configuring squid page. You will need to have that set up first. This tutorial is tested on Fedora 12. s..."
== Content filtering with squidGuard ==

This page is built on [[Squid|configuring squid page]]. You will need to have that set up first. This tutorial is tested on Fedora 12.

squidGuard can be used for content filtering. You can use it for Parental control or just to block known malware/warez sites etc.

This tutorial focuses on blocking porn/adult material, but there are more blacklists available, you just need to enable them.

== Installing squidGuard ==

log in as root and issue the following command:
{{Code|
Code = bash# yum -y install squidGuard
}}
Download the latest blacklist package from MESD (featured on the squidGuard site):
{{Code|
Code = bash# cd /root/
bash# wget http://squidguard.mesd.k12.or.us/blacklists.tgz
}}

== Configuring squidGuard ==

Now you need to configure squidGuard. Create a backup of /etc/squid/squidGuard.conf first:
{{Code|
Code = bash# cp /etc/squid/squidGuard.conf /etc/squid/squidGuard.conf.orig
}}

Then open the file in your favorite editor (e.g. vi).

Change the "dbhome" parameter:
dbhome /var/squidGuard

Then change the "dest adult" block.

The expression list can be hashed out, it's optional and not included in the downloaded blacklists.tgz file. Of course you can create your own expression list or search for them on the internet.

The redirect directive is mandatory. You can set it to point to www.disney.com or create your own page. I abused the phpsysinfo package to serve my own page, just create a blocked.html with some info in it in the /var/hda/web-apps/phpsysinfo/html/ directory.

It should end up looking like this:
dest adult {
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
# expressionlist blacklists/porn/expressions
redirect http://phpsysinfo/blocked.html
}

Then the last modification in /etc/squid/squidGuard.conf, change:
pass local none
to
pass local !adult any

If you have more rules defined (e.g. you've created your own dest malware block) you can add it so it looks like this:
pass local !adult !malware any

== Modifying squid to enable squidGuard ==

Now we need to make Squid aware that it should use squidGuard. First we create a backup:
{{Code|
Code = bash# cp /etc/squid/squid.conf /etc/squid/squid.conf.orig
}}

Open the file with your favorite editor and add the following line at the end:
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

Now we need to extract the blacklist files we've downloaded (they are more up to date than the Fedora maintained versions):
{{Code|
Code = bash# cd /var/squidGuard/
bash# tar -xvzf /root/blacklists.tgz
}}

The last step is reloading squid with the new settings. You can use a separate terminal to follow the logfile.
{{Code|
Code = bash# tail -f /var/log/squidGuard/squidGuard.log
other terminal:
bash# service squid reload
}}

You should see something like this:
init domainlist /var/squidGuard/blacklists/porn/domains
init urllist /var/squidGuard/blacklists/porn/urls
squidGuard 1.4 started

This can take some time (a few minutes for a large list), don't worry.

== Checking the setup ==

Start up a client computer, configure the browser(s) to use the proxy as explained on the squid configuration page.

Now go to a site you are sure is blocked, and you should see the configured redirect page (e.g. www.disney.com or your own blocked.html).

To see when/how often the redirect (in this case blocked.html) has been triggered you can search the squid access log:
{{Code|
Code = bash# grep blocked.html /var/log/squid/access.log
}}

Enjoy!
33

edits