|
|
|
|
|
|
| Author |
Message |
Karsten Rothemund
*nix forums beginner
Joined: 06 Jul 2006
Posts: 4
|
 Posted: Thu Jul 06, 2006 10:20 pm Post subject:
Squid/SquidGuard: info of user and category
|
|
|
hello list,
I don't know, if this is the correct forum for my question. Sorry, if
not.
I want to equip my old laptop with a web-filtering software, so that
the children of my sister can use it as a surfbox. The laptop runs
FreeBSD 6.1 and I installed squid from the ports (version 2.5.14),
which works fine at the moment (no complex tasks here  ).
Then I added squidguard, also from the ports (version 1.2.0). I
used a simple config, which principly works: it blocked some of the
sites mentioned in the blacklists - and google(??).=3D20
OK, maybe. So I wanted to put me (and later all adults) in a group
with more freedom. But this did not work. It seems to me, that
squidguard ignores infos about the user.
I found this web page (http://www.onlamp.com/lpt/a/6473) which
contained a cgi-script, which makes some infos available. And right,
there is no info about the user, who requests the page, and about the
category (which will be interesting later).
So the question is, where can I start to debug this situation? Is there=3D20
something (an option or so) I missed, when compiling/installing
squid/squidguard? Or is it a config-problem of squid (I can of course
provide configs - when I know it's the right place here).
Thank you for any hint
Karsten
--
Karsten Rothemund <karsten@photor.de> /"\
PGP-Key: 0x7019CAA5 \ /
Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign
50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News |
|
| Back to top |
|
 |
Peter Albrecht
*nix forums beginner
Joined: 17 Mar 2005
Posts: 18
|
| Posted: Fri Jul 07, 2006 7:13 am Post subject:
Re: Squid/SquidGuard: info of user and category
|
|
|
Hello Karsten,
On Friday 07 July 2006 00:20, Karsten Rothemund wrote:
| Quote: | hello list,
I don't know, if this is the correct forum for my question. Sorry, if
not.
|
This is definitely the correct forum. :-)
| Quote: | I want to equip my old laptop with a web-filtering software, so that
the children of my sister can use it as a surfbox. The laptop runs
FreeBSD 6.1 and I installed squid from the ports (version 2.5.14),
which works fine at the moment (no complex tasks here ).
Then I added squidguard, also from the ports (version 1.2.0). I
used a simple config, which principly works: it blocked some of the
sites mentioned in the blacklists - and google(??).=3D20
OK, maybe. So I wanted to put me (and later all adults) in a group
with more freedom. But this did not work. It seems to me, that
squidguard ignores infos about the user.
I found this web page (http://www.onlamp.com/lpt/a/6473) which
contained a cgi-script, which makes some infos available. And right,
there is no info about the user, who requests the page, and about the
category (which will be interesting later).
So the question is, where can I start to debug this situation? Is there=3D20
something (an option or so) I missed, when compiling/installing
squid/squidguard? Or is it a config-problem of squid (I can of course
provide configs - when I know it's the right place here).
|
I assume all users are logging into your laptop with different user names,
correct? Then the easiest way would be to use user identification as provided
by an ident daemon (RFC 931). For Linux, this could be pidentd, I am sure
there is something similar for FreeBSD available.
From http://www.squidguard.org/config/:
source adults {
user adult1 adult2 ...
}
source children {
user child1 child2 ...
}
Then you need to define your ACLs:
acl {
adults {
pass all
}
children {
pass !blacklists all
}
}
I assume you have a definition for "blacklists" containing the info about your
blacklists.
To get this working, you need to activate the ident lookup method in Squid.
Search for ident_lookup_access in squid.conf. I haven't tried this together
with SquidGuard but that should be no big deal.
Regards,
Peter
--
Peter Albrecht, Novell Training Services, peter.albrecht@novell.com |
|
| Back to top |
|
|
Karsten Rothemund
*nix forums beginner
Joined: 06 Jul 2006
Posts: 4
|
| Posted: Sun Jul 09, 2006 11:15 am Post subject:
Re: Squid/SquidGuard: info of user and category
|
|
|
On Fri, Jul 07, 2006 at 09:13:42AM +0200, Peter Albrecht wrote:
| Quote: | Hello Karsten,
On Friday 07 July 2006 00:20, Karsten Rothemund wrote:
I don't know, if this is the correct forum for my question. Sorry, if
not.
This is definitely the correct forum. :-)
Good to hear. |
[...]
| Quote: |
I assume all users are logging into your laptop with different user names,
correct? Then the easiest way would be to use user identification as provided
|
Yes. Hopefully ;-)
| Quote: | by an ident daemon (RFC 931). For Linux, this could be pidentd, I am sure
there is something similar for FreeBSD available.
It is. And I installed and activated it. |
exactly what I did.
| Quote: |
I assume you have a definition for "blacklists" containing the info about your
blacklists.
|
I started with the lists provided by the FreeBSD-port (so
out-of-the-box)
| Quote: | To get this working, you need to activate the ident lookup method in Squid.
Search for ident_lookup_access in squid.conf. I haven't tried this together
with SquidGuard but that should be no big deal.
I still do not get any info about the requesting user. The field is |
empty (checked with the cgi-script mentioned in my previous mail). It
looks like this gets lost between squid and squidguard.
Stil a little lost.
Karsten
--
Karsten Rothemund <karsten@photor.de> /"\
PGP-Key: 0x7019CAA5 \ /
Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign
50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News |
|
| Back to top |
|
|
Peter Albrecht
*nix forums beginner
Joined: 17 Mar 2005
Posts: 18
|
| Posted: Mon Jul 10, 2006 8:29 am Post subject:
Re: Squid/SquidGuard: info of user and category
|
|
|
Hi Karsten,
| Quote: | I still do not get any info about the requesting user. The field is
empty (checked with the cgi-script mentioned in my previous mail). It
looks like this gets lost between squid and squidguard.
|
Do you see the user information in the Squid log file? Could you try to
restrict access for a specific user using Squid ACLs to see if that works?
Regards,
Peter
--
Peter Albrecht, Novell Training Services, peter.albrecht@novell.com |
|
| Back to top |
|
|
Karsten Rothemund
*nix forums beginner
Joined: 06 Jul 2006
Posts: 4
|
| Posted: Wed Jul 12, 2006 7:40 pm Post subject:
Re: Squid/SquidGuard: info of user and category
|
|
|
On Mon, Jul 10, 2006 at 10:29:42AM +0200, Peter Albrecht wrote:
| Quote: | Hi Karsten,
I still do not get any info about the requesting user. The field is
|
Interesting question. I was about to say no. But then a last test
showed info about the user "photor" (it's my login on the local
machine here). But when I reloaded the site (google.de calssified by
squidGuard as porn ), the user-info disapeared (from the
access.log of squid):
1152732284.356 535 172.16.0.2 TCP_MISS/403 2379 GET http://google.de/ photor DIRECT/127.0.0.1 text/html
1152732374.307 376 172.16.0.2 TCP_MISS/403 2373 GET http://google.de/ photor DIRECT/127.0.0.1 text/html
1152732393.102 342 172.16.0.2 TCP_MISS/403 2395 GET http://google.de/ photor DIRECT/127.0.0.1 text/html
1152732461.940 338 172.16.0.2 TCP_MISS/403 2373 GET http://google.de/ - DIRECT/127.0.0.1 text/html
1152732471.052 337 172.16.0.2 TCP_MISS/403 2377 GET http://www.google.de/ - DIRECT/127.0.0.1 text/html
I don't see any logic or systematics behind this (probably because of
my limited knowledge). The last line I retried to load a slightly
diferent URL to see, if this has to do with reloading the site - but
no. And I doubt this is a squid problem.
Still with problems
Karsten (aka Photor)
--
Karsten Rothemund <karsten@photor.de> /"\
PGP-Key: 0x7019CAA5 \ /
Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign
50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News |
|
| Back to top |
|
|
Chris Robertson
*nix forums Guru
Joined: 01 Feb 2005
Posts: 373
|
| Posted: Mon Jul 17, 2006 8:24 pm Post subject:
Re: Squid/SquidGuard: info of user and category
|
|
|
Karsten Rothemund wrote:
| Quote: | On Mon, Jul 10, 2006 at 10:29:42AM +0200, Peter Albrecht wrote:
Hi Karsten,
I still do not get any info about the requesting user. The field is
Interesting question. I was about to say no. But then a last test
showed info about the user "photor" (it's my login on the local
machine here). But when I reloaded the site (google.de calssified by
squidGuard as porn ), the user-info disapeared (from the
access.log of squid):
1152732284.356 535 172.16.0.2 TCP_MISS/403 2379 GET http://google.de/ ph=
otor DIRECT/127.0.0.1 text/html
1152732374.307 376 172.16.0.2 TCP_MISS/403 2373 GET http://google.de/ ph=
otor DIRECT/127.0.0.1 text/html
1152732393.102 342 172.16.0.2 TCP_MISS/403 2395 GET http://google.de/ ph=
otor DIRECT/127.0.0.1 text/html
1152732461.940 338 172.16.0.2 TCP_MISS/403 2373 GET http://google.de/ - =
DIRECT/127.0.0.1 text/html
1152732471.052 337 172.16.0.2 TCP_MISS/403 2377 GET http://www.google.de=
/ - DIRECT/127.0.0.1 text/html
I don't see any logic or systematics behind this (probably because of
my limited knowledge). The last line I retried to load a slightly
diferent URL to see, if this has to do with reloading the site - but
no. And I doubt this is a squid problem.
Still with problems
Karsten (aka Photor)
As per http://wiki.squid-cache.org/SquidFaq/SquidAcl... |
| Quote: | ...Squid does not wait for the lookup to complete unless the ACL rules
require it.
So unless you have a rule requiring the ident information, it may or may |
not be provided. See that section of the Wiki, and look for the bit
about "How do I block specific users or groups from accessing my
cache?". That should help with reliably getting the ident information.
Chris |
|
| Back to top |
|
|
Karsten Rothemund
*nix forums beginner
Joined: 06 Jul 2006
Posts: 4
|
| Posted: Wed Jul 19, 2006 5:09 pm Post subject:
Re: Squid/SquidGuard: info of user and category
|
|
|
On Mon, Jul 17, 2006 at 12:24:47PM -0800, Chris Robertson wrote:
| Quote: | As per http://wiki.squid-cache.org/SquidFaq/SquidAcl...
...Squid does not wait for the lookup to complete unless the ACL rules
require it.
So unless you have a rule requiring the ident information, it may or may
not be provided. See that section of the Wiki, and look for the bit
about "How do I block specific users or groups from accessing my
cache?". That should help with reliably getting the ident information.
It seems it is enough to put |
acl idents ident REQUIRED
...
http_access allow idents
into the squid.conf. I will still go a little deeper. Thank you for
your help.
Karsten
--
Karsten Rothemund <karsten@photor.de> /"\
PGP-Key: 0x7019CAA5 \ /
Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign
50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Thu Dec 04, 2008 3:22 am | All times are GMT
|
|
Php Scripts | Home Loan | Mortgage Calculator | Myspace Layouts | The eBay Song
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Squid
