[K12OSN] Is SquidGuard Working?

Mark Sarria mes4294 at lausd.k12.ca.us
Mon May 16 18:52:45 UTC 2005 

I tried that command, it still not filtering. I have SELinux disabled. 


-mark

-----Original Message-----
From: Dan Bentson-Royal [mailto:dbentson at lcsd.k12.wa.us] 
Sent: Monday, May 16, 2005 11:11 AM
To: mes4294 at lausd.k12.ca.us
Subject: Re: [K12OSN] Is SquidGuard Working?

Does is it work if you try these two commands (the first one may wrap 
around but it is one command):

  su squid -s /bin/sh -c "/usr/sbin/squidGuard -c 
/etc/squid/squidGuard.conf -C all"
               followed by
  /usr/bin/killall -HUP squid

Let me know if that works. Also, did you make any changes to SELinux?

Mark Sarria wrote:
> I don't think my list is updating, I can access the site you suggested
> (http://www.wno.org/), I tried adding it to my block list and then running
> the update list commands, and I can still access the sites. I know the
proxy
> is working because if I turn off the service, I can't access the web. And
> when I go to www.sex.com it blocks it.
> 
> Anything else I can try, or should look at?
> 
> --mark
> 
> -----Original Message-----
> From: Dan Bentson-Royal [mailto:dbentson at lcsd.k12.wa.us] 
> Sent: Friday, May 13, 2005 5:15 PM
> To: mes4294 at lausd.k12.ca.us
> Subject: Re: [K12OSN] Is SquidGuard Working?
> 
> Yes, though mine took some serious troubleshooting.
> 
> Edit your local-block/domains list and add something like xanga.com 
> (forget the www or whatever - just the domain name).
> 
> Then you should be able to run this:
>       [root at filter1 ~]# /usr/sbin/update_squidguard_blacklists
> This will check for new blacklists as well as incorporate your changes.
> 
> This did NOT work for me at first, though. It also takes your proxy 
> offline for (in my case at least) about 45 seconds - which can aggravate 
> users.
> 
> The command above runs nightly via cron - so when you are "in 
> production" you can just wait till the next day for things to be blocked.
> 
> Here was the post where I summarized what I'd done. I hope it helps. I 
> really think squidGuard is important and significant. Here's the post:
> ==========begin post 1============
> When I modify my local-block/domains to include a site to be blocked, 
> how do I get squidGuard to start taking note of that? It seems like 
> squidGuard is ignoring the contents of local-block/domains and my 
> computer is failing to incorporate the contents of local-block/domains 
> into local-block/domains.db - whatever the case, I can't seem to get a 
> local-block to happen.
> 
> I have modified that file (local-block/domains) and then done:
>      /usr/sbin/update_squidguard_blacklists
>      /etc/init.d/squidguard stop
>      /etc/init.d/squidguard start
> But the date on local-block/domains.db never changes and the site I've 
> tried to block still comes through.
> 
> I've also tried running
>      /usr/sbin/squidGuard -C /etc/squid/squidGuard.conf -C all
> but it similarly seems to make no difference. That should be covered 
> anyway when I do the /usr/sbin/update_squidguard_blacklists, right? 
> Anyway...
> 
> Sites listed in the default local-block/domains are blocked 
> (amyshop.com) but not my new additions (xanga.com or myspace.com). Even 
> after a complete restart of the computer, it behaves the same way. I've 
> reinstalled squid and squidGuard from scratch three times now and I just 
> can't seem to figure it out!
> 
> Any suggestions would be much appreciated.
> BTW, I am running the latest updates of squid and squidGuard on LTSP4.2.0
> ==========end post 1==============
> ==========begin post 2============
> Thanks for listening in to me on this... I *finally* found the/my problem.
> 
> The squidguard.mesd site indicates that after editing the 
> local-block/domains file that I needed to run:
>       /usr/sbin/update_squidGuard_blacklists
> and it would be good to go but it wasn't working for me. After trying 
> about 200,000 unrelated things, I tried the next suggestion for those 
> "not using the pre-built RPM" - even though I am.
> 
> I ran:
>       su squid -s /bin/sh -c "/usr/sbin/squidGuard -c 
> /etc/squid/squidGuard.conf -C all"
>              followed by
>       /usr/bin/killall -HUP squid
> Now everything works as expected. I think.
> 
> My misunderstanding was that the script update_squidGuard_blacklists 
> would rebuild the database files - now I think it doesn't. At least it 
> wasn't for me.
> 
> I think my issue was needing to run that script as the user squid (su 
> squid) to get the database domains.db to incorporate changes in the text 
> file domains. I changed the update_squidGuard_blacklists to use:
>       su squid -s /bin/sh -c "/usr/sbin/squidGuard -c 
> /etc/squid/squidGuard.conf -C all"
> where before it was just:
>       /usr/sbin/squidGuard -c /etc/squid/squidGuard.conf -C all
> 
> Anyway, it now works for me. I got rid of some bogus domain entries in 
> my domains file - but did not run the update_squidGuard_blacklists 
> script. Hopefully tomorrow I'll see some date changes that will confirm 
> my understanding.
> 
> ==========end post==============
> 
> 
> 
> Mark Sarria wrote:
> 
>>YEAAAAAAA, I think its working NOW, thanks for your comment Dan, It rang a
>>bell, I did not put the full rang of IP address in the list.
>>Now, I want to add a few sites to the black list, can I do this locally on
>>my black list?
>>
>>-mark
>>
>>-----Original Message-----
>>From: Dan Bentson-Royal [mailto:dbentson at lcsd.k12.wa.us] 
>>Sent: Friday, May 13, 2005 3:19 PM
>>To: mes4294 at lausd.k12.ca.us
>>Subject: Re: [K12OSN] Is SquidGuard Working?
>>
>>I think now you have an issue with your ACL lists in squid-squidGuard.conf
>>
>>Can you send the part that identifies your IP addresses and such? Mine 
>>starts in a section that is headed with:
>>      INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>and it will be something like:
>>     acl youmakethisnameup 221.63.88.0/255.255.255.0
>>where the 221.63.88.0 is your IP network
>>
>>You also should have, a couple of lines down, something like:
>>      http_access allow youmakethisnameup
>>to tell squid to let the traffic through.
>>
>>Again, be sure that you are not getting bolluxed up with your ports - 
>>3128 is the default and you changed yours to 8080. Maybe someone here 
>>can tell you where all the places are in the config file that you'll 
>>need to list the altered port number. I don't think you do anything with 
>>the port numbers in the squidGuard.conf file, is that right?
>>
>>Mark Sarria wrote:
>>
>>
>>>Thanks for the info, I can confirm that Squid is working on my server
>>>because it is blocking everything, when I ran tail -n 40
>>>/var/log/squid/access.log I saw my ip address being blocked from the
>>
>>sights.
>>
>>
>>>This is the error I am getting on the browser screen
>>>
>>>The following error was encountered: 
>>>
>>>Access Denied.
>>>
>>>
>>>
>>>-----Original Message-----
>>>From: Dan Bentson-Royal [mailto:dbentson at lcsd.k12.wa.us] 
>>>Sent: Friday, May 13, 2005 1:53 PM
>>>To: mes4294 at lausd.k12.ca.us; Support list for opensource software in
>>>schools.
>>>Subject: Re: [K12OSN] Is SquidGuard Working?
>>>
>>>Look for clues by using these:
>>>     tail -n 40 /var/log/squid/access.log
>>>     tail -n 40 /var/log/squidGuard/squidGuard.log
>>>     ps aux | grep squid
>>>
>>>Right now, you aren't passing any traffic - you know that part.
>>>
>>>Also, I think that the squid.conf file is superceded by 
>>>squid-squidGuard.conf, isn't that right?
>>>
>>>Also, I'd try using the default set up using port 3128 just to be sure 
>>>that it is working in the basic configuration.
>>>
>>>To test, try going to a blocked site. I always try
>>>     http://www.wno.org
>>>to see if it gets blocked. If squidGuard is running, that site will be 
>>>blocked.
>>>
>>>
>>>Mark Sarria wrote:
>>>
>>>
>>>
>>>>*Ok, I think I made some progress. In my attempt visit google, I
>>>>recvied the *
>>>>
>>>>
>>>>*ERROR*
>>>>
>>>>
>>>>  *The requested URL could not be retrieved*
>>>>
>>>>
>>>>
>>>>It looks like all my pages are blocked. I can't access any website. Can 
>>>>someone help me figure this out?
>>>>
>>>>
>>>>
>>>>thanks
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>*From:* k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] *On

>>>>Behalf Of *Mark Sarria
>>>>*Sent:* Friday, May 13, 2005 11:18 AM
>>>>*To:* K12OSN at redhat.com
>>>>*Subject:* [K12OSN] Is SquidGuard Working?
>>>>
>>>>
>>>>
>>>>I have SquidGuard enabled and I think I configured correctly, because 
>>>>when I start the service it gave me no errors. I opened a browser and 
>>>>typed in the server name with the port number it is listening to (8080) 
>>>>and the Fedora test page appears.
>>>>
>>>>My question is how do I really know its working and is there a basic 
>>>>test I can run to prove that it is working?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>--Mark
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>_______________________________________________
>>>>K12OSN mailing list
>>>>K12OSN at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/k12osn
>>>>For more info see <http://www.k12os.org>
>>>
>>>
> 

-- 
Dan Bentson-Royal
La Center School District
La Center, WA

      Due to budgetary constraints, the light at
      the end of the tunnel has been turned off.

More information about the K12OSN mailing list