Squid Guard
Squid Guard
Squid Guard
Setting up a blacklist proxy with automatic updates using Squid and SquidGuard
Posted in Howto, Linux, Proxy, Security by steelmon on December 9, 2010 The versatile, open source proxy server Squid can be used together with the plug-in SquidGuard to set up a flexible blacklist proxy server Together with a simple cron !ob and a shell script, the database of blacklisted sites is kept up to date This article describes the process step-by-step of how to get up and running I will be setting up the solution on n !buntu 9 ser"er which con"eniently h s the necess ry so#tw re " il ble in its repositories$ %he setup should be "ery simil r #or other Linux en"ironments, but you might h "e to compile the so#tw re #rom scr tch$
0ou should now be ble to use the proxy ser"er #rom your web browser$ 0ou will not be ble to get nything bloc(ed 7ust yet, but you should get p ges ser"ed i# e"erything w s set up correctly$
"nstall SquidGuard
St rt by inst lling S'uid8u rd using pt9get/ sudo apt-get install squidguard -ext, prep re S'uid #or use with S'uid8u rd, so once more open up /etc/squid/squid.conf in your # "orite text editor$ 0ou need to tell s'uid where S'uid8u rd is$ &ind the TAG: url_re*rite_progra5 he ding$ %here is no de# ult setting so dd new line/ url_re*rite_progra5 /usr/6in/squidGuard 7c /etc/squid/squidGuard.conf
$onfigure SquidGuard
;pen the S'uid8u rd con#igur tion #ile, /etc/squid/squidGuard.conf #or edit, nd repl ce the contents with the #ollowing/ # # +"N;IG ;I%E ;" S<#I=G#A = # d6ho5e /8ar/li6/squidguard/d6/6lac4lists
logdir /8ar/log/squid dest ads > do5ainlist ads/do5ains urllist ads/urls ? dest aggressi8e > do5ainlist aggressi8e/do5ains urllist aggressi8e/urls ? dest drugs > do5ainlist drugs/do5ains urllist drugs/urls ? dest hac4ing > do5ainlist hac4ing/do5ains urllist hac4ing/urls ? dest porn > do5ainlist porn/do5ains urllist porn/urls ? dest redirector > do5ainlist redirector/do5ains urllist redirector/urls ? dest suspect > do5ainlist suspect/do5ains urllist suspect/urls ? dest *are@ > do5ainlist *are@/do5ains urllist *are@/urls ? dest audio-8ideo > do5ainlist audio-8ideo/do5ains urllist audio-8ideo/urls ? dest ga56ling > do5ainlist ga56ling/do5ains urllist ga56ling/urls ? dest 5ail > do5ainlist 5ail/do5ains ? dest pro:A > do5ainlist pro:A/do5ains urllist pro:A/urls ? dest spA*are > do5ainlist spA*are/do5ains urllist spA*are/urls ?
dest 8iolence > do5ainlist 8iolence/do5ains urllist 8iolence/urls ? acl > default > pass Bads Baggressi8e Bdrugs Bhac4ing Bporn Bredirector B suspect B*are@ Baudio-8ideo Bga56ling B5ail Bpro:A BspA*are B 8iolence all redirect http://***.:31-.se/6loc4.ht5l ? ? <mong the l st lines, there is !:L to p ge th t gets ser"ed whene"er there is bloc(ed content$ 0ou should ch nge the !:L to your own bloc( p ge =unless your h ppy with my extremely sp rse one in Swedish> $ 1ompile the S'uid8u rd d t b se$ %his m y t (e while to complete/ sudo squidGuard 7+ all St rt S'uid, which in turn will st rt S'uid8u rd, nd recon#igure sudo /etc/init.d/squid start sudo squid -4 reconfigure
Troubleshooting
I# you re h "ing problems, most li(ely it6s rel ted to permissions$ 0ou c n get some use#ul in#orm tion by running S'uid8u rd #rom the comm nd line/ sudo su 7 pro:A echo Chttp://***.u6untu.co5 >client ip address?/ - - GETC D squidGuard -d -c /etc/squid/squidGuard.conf 0ou c n ch nge the !:L to wh te"er you6d li(e to test #or ccess or deni l$ %he IP ddress is the ddress o# the computer you w nt to simul te s sur#ing the net #rom$ I# you encounter ny problems with permissions, you m y try the #ollowing/ sudo cho*n pro:A:pro:A /etc/squid/squidGuard.conf sudo cho*n - pro:A:pro:A /8ar/li6/squidguard/d6 sudo cho*n - pro:A:pro:A /8ar/log/squid/ ch5od /22 /etc/squid/squidGuard.conf ch5od - /21 /8ar/li6/squidguard/d6 ch5od - /22 /8ar/log/squid/ find /8ar/li6/squidguard/d6 -tApe d -e:ec ch5od E33 F>F? FG -print ch5od E33 /8ar/log/squid
%here re more det iled trouble shooting " il ble in the re#erence section$
&eferences