[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Is SquidGuard Working?



I tried that command, it still not filtering. I have SELinux disabled. 


-mark

-----Original Message-----
From: Dan Bentson-Royal [mailto:dbentson lcsd k12 wa us] 
Sent: Monday, May 16, 2005 11:11 AM
To: mes4294 lausd k12 ca us
Subject: Re: [K12OSN] Is SquidGuard Working?

Does is it work if you try these two commands (the first one may wrap 
around but it is one command):

  su squid -s /bin/sh -c "/usr/sbin/squidGuard -c 
/etc/squid/squidGuard.conf -C all"
               followed by
  /usr/bin/killall -HUP squid

Let me know if that works. Also, did you make any changes to SELinux?

Mark Sarria wrote:
> I don't think my list is updating, I can access the site you suggested
> (http://www.wno.org/), I tried adding it to my block list and then running
> the update list commands, and I can still access the sites. I know the
proxy
> is working because if I turn off the service, I can't access the web. And
> when I go to www.sex.com it blocks it.
> 
> Anything else I can try, or should look at?
> 
> --mark
> 
> -----Original Message-----
> From: Dan Bentson-Royal [mailto:dbentson lcsd k12 wa us] 
> Sent: Friday, May 13, 2005 5:15 PM
> To: mes4294 lausd k12 ca us
> Subject: Re: [K12OSN] Is SquidGuard Working?
> 
> Yes, though mine took some serious troubleshooting.
> 
> Edit your local-block/domains list and add something like xanga.com 
> (forget the www or whatever - just the domain name).
> 
> Then you should be able to run this:
>       [root filter1 ~]# /usr/sbin/update_squidguard_blacklists
> This will check for new blacklists as well as incorporate your changes.
> 
> This did NOT work for me at first, though. It also takes your proxy 
> offline for (in my case at least) about 45 seconds - which can aggravate 
> users.
> 
> The command above runs nightly via cron - so when you are "in 
> production" you can just wait till the next day for things to be blocked.
> 
> Here was the post where I summarized what I'd done. I hope it helps. I 
> really think squidGuard is important and significant. Here's the post:
> ==========begin post 1============
> When I modify my local-block/domains to include a site to be blocked, 
> how do I get squidGuard to start taking note of that? It seems like 
> squidGuard is ignoring the contents of local-block/domains and my 
> computer is failing to incorporate the contents of local-block/domains 
> into local-block/domains.db - whatever the case, I can't seem to get a 
> local-block to happen.
> 
> I have modified that file (local-block/domains) and then done:
>      /usr/sbin/update_squidguard_blacklists
>      /etc/init.d/squidguard stop
>      /etc/init.d/squidguard start
> But the date on local-block/domains.db never changes and the site I've 
> tried to block still comes through.
> 
> I've also tried running
>      /usr/sbin/squidGuard -C /etc/squid/squidGuard.conf -C all
> but it similarly seems to make no difference. That should be covered 
> anyway when I do the /usr/sbin/update_squidguard_blacklists, right? 
> Anyway...
> 
> Sites listed in the default local-block/domains are blocked 
> (amyshop.com) but not my new additions (xanga.com or myspace.com). Even 
> after a complete restart of the computer, it behaves the same way. I've 
> reinstalled squid and squidGuard from scratch three times now and I just 
> can't seem to figure it out!
> 
> Any suggestions would be much appreciated.
> BTW, I am running the latest updates of squid and squidGuard on LTSP4.2.0
> ==========end post 1==============
> ==========begin post 2============
> Thanks for listening in to me on this... I *finally* found the/my problem.
> 
> The squidguard.mesd site indicates that after editing the 
> local-block/domains file that I needed to run:
>       /usr/sbin/update_squidGuard_blacklists
> and it would be good to go but it wasn't working for me. After trying 
> about 200,000 unrelated things, I tried the next suggestion for those 
> "not using the pre-built RPM" - even though I am.
> 
> I ran:
>       su squid -s /bin/sh -c "/usr/sbin/squidGuard -c 
> /etc/squid/squidGuard.conf -C all"
>              followed by
>       /usr/bin/killall -HUP squid
> Now everything works as expected. I think.
> 
> My misunderstanding was that the script update_squidGuard_blacklists 
> would rebuild the database files - now I think it doesn't. At least it 
> wasn't for me.
> 
> I think my issue was needing to run that script as the user squid (su 
> squid) to get the database domains.db to incorporate changes in the text 
> file domains. I changed the update_squidGuard_blacklists to use:
>       su squid -s /bin/sh -c "/usr/sbin/squidGuard -c 
> /etc/squid/squidGuard.conf -C all"
> where before it was just:
>       /usr/sbin/squidGuard -c /etc/squid/squidGuard.conf -C all
> 
> Anyway, it now works for me. I got rid of some bogus domain entries in 
> my domains file - but did not run the update_squidGuard_blacklists 
> script. Hopefully tomorrow I'll see some date changes that will confirm 
> my understanding.
> 
> ==========end post==============
> 
> 
> 
> Mark Sarria wrote:
> 
>>YEAAAAAAA, I think its working NOW, thanks for your comment Dan, It rang a
>>bell, I did not put the full rang of IP address in the list.
>>Now, I want to add a few sites to the black list, can I do this locally on
>>my black list?
>>
>>-mark
>>
>>-----Original Message-----
>>From: Dan Bentson-Royal [mailto:dbentson lcsd k12 wa us] 
>>Sent: Friday, May 13, 2005 3:19 PM
>>To: mes4294 lausd k12 ca us
>>Subject: Re: [K12OSN] Is SquidGuard Working?
>>
>>I think now you have an issue with your ACL lists in squid-squidGuard.conf
>>
>>Can you send the part that identifies your IP addresses and such? Mine 
>>starts in a section that is headed with:
>>      INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>and it will be something like:
>>     acl youmakethisnameup 221.63.88.0/255.255.255.0
>>where the 221.63.88.0 is your IP network
>>
>>You also should have, a couple of lines down, something like:
>>      http_access allow youmakethisnameup
>>to tell squid to let the traffic through.
>>
>>Again, be sure that you are not getting bolluxed up with your ports - 
>>3128 is the default and you changed yours to 8080. Maybe someone here 
>>can tell you where all the places are in the config file that you'll 
>>need to list the altered port number. I don't think you do anything with 
>>the port numbers in the squidGuard.conf file, is that right?
>>
>>Mark Sarria wrote:
>>
>>
>>>Thanks for the info, I can confirm that Squid is working on my server
>>>because it is blocking everything, when I ran tail -n 40
>>>/var/log/squid/access.log I saw my ip address being blocked from the
>>
>>sights.
>>
>>
>>>This is the error I am getting on the browser screen
>>>
>>>The following error was encountered: 
>>>
>>>Access Denied.
>>>
>>>
>>>
>>>-----Original Message-----
>>>From: Dan Bentson-Royal [mailto:dbentson lcsd k12 wa us] 
>>>Sent: Friday, May 13, 2005 1:53 PM
>>>To: mes4294 lausd k12 ca us; Support list for opensource software in
>>>schools.
>>>Subject: Re: [K12OSN] Is SquidGuard Working?
>>>
>>>Look for clues by using these:
>>>     tail -n 40 /var/log/squid/access.log
>>>     tail -n 40 /var/log/squidGuard/squidGuard.log
>>>     ps aux | grep squid
>>>
>>>Right now, you aren't passing any traffic - you know that part.
>>>
>>>Also, I think that the squid.conf file is superceded by 
>>>squid-squidGuard.conf, isn't that right?
>>>
>>>Also, I'd try using the default set up using port 3128 just to be sure 
>>>that it is working in the basic configuration.
>>>
>>>To test, try going to a blocked site. I always try
>>>     http://www.wno.org
>>>to see if it gets blocked. If squidGuard is running, that site will be 
>>>blocked.
>>>
>>>
>>>Mark Sarria wrote:
>>>
>>>
>>>
>>>>*Ok, I think I made some progress. In my attempt visit google, I
>>>>recvied the *
>>>>
>>>>
>>>>*ERROR*
>>>>
>>>>
>>>>  *The requested URL could not be retrieved*
>>>>
>>>>
>>>>
>>>>It looks like all my pages are blocked. I can't access any website. Can 
>>>>someone help me figure this out?
>>>>
>>>>
>>>>
>>>>thanks
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>*From:* k12osn-bounces redhat com [mailto:k12osn-bounces redhat com] *On

>>>>Behalf Of *Mark Sarria
>>>>*Sent:* Friday, May 13, 2005 11:18 AM
>>>>*To:* K12OSN redhat com
>>>>*Subject:* [K12OSN] Is SquidGuard Working?
>>>>
>>>>
>>>>
>>>>I have SquidGuard enabled and I think I configured correctly, because 
>>>>when I start the service it gave me no errors. I opened a browser and 
>>>>typed in the server name with the port number it is listening to (8080) 
>>>>and the Fedora test page appears.
>>>>
>>>>My question is how do I really know its working and is there a basic 
>>>>test I can run to prove that it is working?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>--Mark
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>_______________________________________________
>>>>K12OSN mailing list
>>>>K12OSN redhat com
>>>>https://www.redhat.com/mailman/listinfo/k12osn
>>>>For more info see <http://www.k12os.org>
>>>
>>>
> 

-- 
Dan Bentson-Royal
La Center School District
La Center, WA

      Due to budgetary constraints, the light at
      the end of the tunnel has been turned off.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]