squidGuard guide

I have used squidGuard for years, but only a basic set-up based on cut-and-paste from their examples. The reason for this is that that is all there is… Examples! squidGuard appears to be impossible to find proper documentation for, as even their own website doesn’t explain how it works. Google doesn’t seem to know either…

It is actually very simple, so a quick description of the logic follows.

Within a block, say the default block, you must have a pass statement and if you want to block anything, you must have a redirect statement as well. If you want to rewrite a URL, you need a rewrite statement. You can have both redirect and/or rewrite in your ACL block but as said, without a redirect, you can’t block anything.

A block within an ACL, looks like this:

default {
                   pass    !violence !hacking any
                   rewrite facebook
                   redirect http://www.site.net/bad.html
              }

When the source hits a block, let’s assume default, it will first look for the pass statement. It will read from left to right and make a decision based on the first match and exit the pass statement after that. If the first match was none or a destination preceded by ‘!’, squidGuard will then return the redirect within the block. (If there is no redirect, squidGuard will do nothing and exit).

A destination is defined as:

dest violence {
        domainlist      violence/domains
        log     violence
        urllist violence/urls
}

and will match any URL in the file urls and any domain in the file domains. This directory structure and its files can be found under the directory specified with the dbhome directive, usually at the beginning of the configuration file. The log has any attempts to reach blocked sites listed.

If the match was either ‘any’, ‘all’, or a destination not preceded by ‘!’, squidGuard will execute any rewrite rules in the block on the URL, and exit returning the re-written URL. If there are no rewrite rules in the block, it will do nothing and exit. Both cases means allowing access to the requested URL.

If no destination in the pass statement matches, squidGuard will do nothing and exit, thus allowing squid to fetch the requested page.

So, the line:

pass none good !hacking any

will always block, as it executes the redirect as soon as it hits none. The line:

pass good any !hacking none

will always pass, as it exits when hitting any, if not before.

pass local none

will pass any local destinations listed in the local destination.

I think that was the main bit to get out, the magic within source blocks is what’s not documented. The rest is fairly straight forward. Good luck.

This entry was posted in Software. Bookmark the permalink.

Leave a Reply