We now need to create a /etc/squidGuard.conf. Using pico as our editor, issue the command pico -w /etc/squidGuard.conf then make it look something like the example below:
# Gavin Henry 26/09/03
# initial conf file for squidGuard
logdir /var/log/
dbhome /usr/local/squidGuard/db
dest ads {
domainlist ads/domains
urllist ads/urls
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
dest mail {
domainlist mail/domains
}
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest proxy {
domainlist proxy/domains
urllist proxy/urls
}
dest violence {
domainlist violence/domains
urllist violence/urls
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
acl {
default {
pass !ads !aggressive !audio-video !drugs !gambling !hacking !mail !porn !proxy !violence !warez all
redirect http://www.suretecsystems.com/redirect/index.html
}
}
Example 2. Creating a /etc/squidGuard.conf file
Now that the url lists have been defined, it's time to install them. Navigate to the home directory of squidGuard, which is indicated in the squidGuard.conf. In /var/local/squidGuard/db extract the blacklists.tar.gz that you downloaded from here . These are updated daily and we will be configuring an update script in Section 12, “Improvements”.
tar -xzvf blacklists.tar.gz mv blacklists/* ../db squidGuard -C all
![[Note]](./stylesheet-images/note.png) | Note |
|---|---|
If you get an error saying command not found then the path to squidGuard is not in your ~/.bash_profile Using pico open up ~/.bash_profile and add /usr/local/squidGuard/bin to the PATH: section. | |
We now need to test that things are blocked, passed and redirected. We are going to put example urls in a few files. Create the files in any directory and test squidGuard with these commands:
echo "http://www.cnn.com 10.0.0.1/- - GET" > test.pass
echo "http://www.playboy.com 10.0.0.1/- -GET" > test.block
squidGuard -c /etc/squidGuard.conf < test.pass > test.pass.out
squidGuard -c /etc/squidGuard.conf < test.block > test.block.out
wc -l test.pass
wc -l test.pass.out
wc -w test.pass.out
wc -l test.block
wc -l test.block.out
diff test.block test.block.out | egrep -ic '^> ..* [0-9.]+/..* ..* [a-z]+$'
more test.block.out
The first set of commands create the test files with urls that resemble what would appear in /var/log/squid/access.log. The second set of commands test squidguard and the last set check that the results are as expected.
wc -l test.pass etc. should have identical numerical results for the first 2 commands and 0 for the last. wc -l test.block etc. should have identical results for the first 3 tests. The more lets you visually check that the blocked url is redirected as expected.
Copy the suretecsystemslogo.gif (save it from the suretecsystems website) into /var/www/html directory and create a webpage that is shown when a banned url is reached using the following code (copy and paste this into a file called index.html in /var/www/html:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>THIS WEBSITE IS BANNED</title> </head> <body> <table> <tr> <td<>img src="http://www.suretecsystems.com/suretecsystemslogo.gif" width="137" height="81" border="0" name="suretecsystems" alt="Suretecsystems Logo" align="right"></td> <td><b><h1>BANNED</h1></b><b>You have reached this page because you are trying to view a banned website. If you feel that this site has been wrongly banned then contact our administrator at <a href="mailto:scott.forbes@suretecsystems.com?Subject=Banned Website&Body=This should not be banned"> Suretecsystems Proxy Help</a></b></td> </tr> </table> </body> </html>
Open up your favourite editor and uncomment the line in /etc/squid.conf with redirect_program in it and change it to:
redirect_program /usr/local/squidGuard/bin/squidGuard -c /etc/squidGuard.conf
Make squid re-read it's configuration file using squid -k reconfigure
Test with your browser by entering a banned url eg. http://www.playboy.com You should be redirected to your custom webpage.
Setup complete.