I have used squidGuard for years, but only a basic set-up based on cut-and-paste from their examples. The reason for this is that that is all there is… Examples! squidGuard appears to be impossible to find proper documentation for, as even their own website doesn’t explain how it works. Google doesn’t seem to know either…<\/p>\n
It is actually very simple, so a quick description of the logic follows.<\/p>\n
Within a block, say the default<\/em> block, you must have a pass<\/em> statement and if you want to block anything, you must have a redirect<\/em> statement as well. If you want to rewrite a URL, you need a rewrite<\/em> statement. You can have both redirect<\/em> and\/or rewrite<\/em> in your ACL block but as said, without a redirect, you can’t block anything.<\/p>\n A block within an ACL, looks like this:<\/p>\n default {<\/em> When the source hits a block, let’s assume default<\/em>, it will first look for the pass<\/em> statement. It will read from left to right and make a decision based on the first match and exit the pass statement after that. If the first match was none<\/em> or a destination preceded by <\/em>‘!’, squidGuard will then return the redirect<\/em> within the block. (If there is no redirect, squidGuard will do nothing and exit).<\/p>\n A destination is defined as:<\/p>\n dest violence {<\/em> and will match any URL in the file urls<\/em> and any domain in the file domains<\/em>. This directory structure and its files can be found under the directory specified with the dbhome<\/em> directive, usually at the beginning of the configuration file. The log<\/em> has any attempts to reach blocked sites listed.<\/p>\n If the match was either ‘any’, ‘all’, or a destination not preceded by ‘!’, squidGuard will execute any rewrite rules in the block on the URL, and exit returning the re-written URL. If there are no rewrite rules in the block, it will do nothing and exit. Both cases means allowing access to the requested URL.<\/p>\n If no destination in the pass statement matches, squidGuard will do nothing and exit, thus allowing squid to fetch the requested page.<\/p>\n So, the line:<\/p>\n pass none good !hacking any<\/em><\/p>\n will always block, as it executes the redirect<\/em> as soon as it hits none<\/em>. The line:<\/p>\n pass good any !hacking none<\/em><\/p>\n will always pass, as it exits when hitting any<\/em>, if not before.<\/p>\n pass local none<\/em><\/p>\n will pass any local destinations listed in the local<\/em> destination.<\/p>\n I think that was the main bit to get out, the magic within source blocks is what’s not documented. The rest is fairly straight forward. Good luck.<\/p>\n","protected":false},"excerpt":{"rendered":" I have used squidGuard for years, but only a basic set-up based on cut-and-paste from their examples. The reason for this is that that is all there is… Examples! squidGuard appears to be impossible to find proper documentation for, as … Continue reading
\n\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 pass\u00a0\u00a0\u00a0 !violence !hacking any<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0 rewrite facebook<\/em>
\n\u00a0 \u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 redirect http:\/\/www.site.net\/bad.html<\/em>
\n\u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }<\/em><\/p>\n
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 domainlist\u00a0\u00a0\u00a0\u00a0\u00a0 violence\/domains<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 log\u00a0\u00a0\u00a0\u00a0 violence<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 urllist violence\/urls<\/em>
\n}<\/em><\/p>\n