Squid ve SquidGuard

Merhaba arkadaslar. Testlerini yapmak icin Fedora makinama squid ve squidGuard kurdum. Squid'im squid.conf dosyamda asagidaki satirlari kaldirinca normal calisiyor. Ekleyince browser uzun süre bekliyor ve sayfa görüntülemiyor hatasi veriyor.  4 5 gündür ugrasiyorum ama bitürlü cikamadim isin icinden.. Bikac kere kaldirip yeniden kurmayi falanda denedim ama maalesef bi sonuc alamadim.

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

redirect_children 10

 

squidGuard versiyon :1.4

squid versiyon : 3.0

 

 squid.conf  dosyamin tamami ;

http_port 192.168.1.9:3128
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#url_rewrite_program /usr/local/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 10
visible_hostname cevatlinux.local
mail_from [email protected]
client_netmask 255.255.255.255
dns_nameservers 192.168.1.2
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_port 3130 proxy-only
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /var/spool/squid 1024 16 256
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
hosts_file /etc/hosts
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/English
diskd_program /usr/lib/squid/diskd-daemon
unlinkd_program /usr/lib/squid/unlinkd
debug_options ALL,1
ftp_user Squid@
uri_whitespace strip
cache_effective_user squid
cache_effective_group squid
cache_mgr root
mail_program mail
umask 027
announce_host tracker.ircache.net
as_whois_server whois.ra.net
wccp_address 0.0.0.0
wccp2_address 0.0.0.0
wccp_router 0.0.0.0
store_dir_select_algorithm least-load
coredump_dir /var/spool/squid
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
forward_timeout 4 minutes

connect_timeout 1 minutes
peer_connect_timeout 30 seconds
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 1 minutes
pconn_timeout 120 seconds
ident_timeout 10 seconds
dns_timeout 2 minutes
dns_retransmit_interval 5 seconds
snmp_port 0
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
ftp_list_width 32
memory_pools_limit 5 MB
request_header_max_size 20 KB
request_body_max_size 0 KB
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 5 minutes
positive_dns_ttl 6 seconds
negative_dns_ttl 1 seconds
range_offset_limit 0 KB

client_lifetime 1 day
shutdown_lifetime 30 seconds
reply_header_max_size 20 KB
announce_period 0
announce_port 3131
logfile_rotate 0
tcp_recv_bufsize 0 bytes
minimum_direct_hops 4
minimum_direct_rtt 400
 store_avg_object_size 13 KB
store_objects_per_bucket 20
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
maximum_single_addr_tries 1
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_weight 10000
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
digest_bits_per_entry 5
digest_rebuild_period 1 seconds
digest_rewrite_period 1 seconds
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0
sleep_after_fork 0
minimum_expiry_time 60 seconds
authenticate_cache_garbage_interval 1 seconds
authenticate_ttl 1 seconds
authenticate_ip_ttl 0
check_hostnames on
dns_defnames off
emulate_httpd_log off
log_ip_on_direct on
log_mime_hdrs off
log_fqdn off
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
allow_underscore on
memory_pools on

half_closed_clients on
httpd_suppress_version_string off
via on
forwarded_for on
log_icp_queries on
client_db on
icp_hit_stale off
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
global_internal_static on
short_icon_urls off
offline_mode off
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
redirector_bypass off
ignore_unknown_nameservers on
client_persistent_connections on
server_persistent_connections on
persistent_connection_after_error off
detect_broken_pconn off
balance_on_multiple_ip on
pipeline_prefetch off
request_entities off
ie_refresh off
vary_ignore_expire off
relaxed_header_parser on
retry_on_error off
wccp2_rebuild_wait on
digest_generation on
acl all src 0.0.0.0/0.0.0.0
acl our_networks src 192.168.1.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl manager proto cache_object
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access allow our_networks
http_reply_access allow all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
cache deny QUERY
http_access deny all
snmp_access deny all
 

 squidGuard.conf dosyam ise;

dbhome /usr/local/squidGuard/db
logdir /var/log/squid

#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
# kapali
time kapali {
weekly * 18:30-07:30
}

# Patron Beyimizin Kurali
src patron {
ip 192.168.1.71
log block.log
}

# Sirket Network Ip Araligi
src sirket {
ip 192.168.1.70-192.168.1.75
log block.log
}

#
dest hacking {
domainlist hacking/domains
urllist hacking/urls
log block.log
}

#
dest mail {
domainlist mail/domains
log block.log
}

#
dest porn {
domainlist porn/domains
expressionlist porn/expressions
urllist porn/urls
log block.log
}

#
dest proxy {
domainlist proxy/domains
urllist proxy/urls
log block.log
}

#
dest warez {
domainlist warez/domains
urllist warez/urls
log block.log
}

#
dest yasak {
domainlist yasak/domains
urllist yasak/urls
log block.log
}

#
acl {
# Patron
patron {
pass all
}
#
sirket within kapali {
pass !hacking !mail !porn !proxy !warez !yasak none
redirect http://192.168.1.9/yasak.php
log block.log
} else {
pass !hacking !porn !proxy !warez !yasak mail all
redirect http://192.168.1.9/yasak.php
log block.log
}
#
default {
pass !hacking !mail !porn !proxy !warez !yasak all
redirect http://192.168.1.9/yasak.php
log block.log
}
}

 

tail ile  baktigimda ;

tail -f /var/log/squid/squidGuard.log
2009-05-08 16:59:05 [9191] init urllist /usr/local/squidGuard/db/hacking/urls
2009-05-08 16:59:05 [9191] init domainlist /usr/local/squidGuard/db/mail/domains
2009-05-08 16:59:05 [9192] init urllist /usr/local/squidGuard/db/hacking/urls
2009-05-08 16:59:05 [9192] init domainlist /usr/local/squidGuard/db/mail/domains
2009-05-08 16:59:05 [9184] init domainlist /usr/local/squidGuard/db/porn/domains
2009-05-08 16:59:05 [9185] init domainlist /usr/local/squidGuard/db/mail/domains
2009-05-08 16:59:05 [9187] init domainlist /usr/local/squidGuard/db/porn/domains
2009-05-08 16:59:05 [9191] init domainlist /usr/local/squidGuard/db/porn/domains
2009-05-08 16:59:05 [9185] init domainlist /usr/local/squidGuard/db/porn/domains
2009-05-08 16:59:05 [9192] init domainlist /usr/local/squidGuard/db/porn/domains

 

[root@cevatlinux ~]# cd /var/log/squid/
[root@cevatlinux squid]# ls
access.log    block.log   squidGuard.log  store.log  cache.log   squid.out

 Hepside squid useri yetkili.  Yine blacklistin kayitli oldugu;  hepside squid yetkili;

[root@cevatlinux db]# cd /usr/local/squidGuard/db/
ads/              celebrity/        filesharing/      kidstimewasting/  pets/             sports/
adult/            cellphones/       financial/        magazines/        phishing/         spyware/
aggressive/       chat/             frencheducation/  mail/             porn/             updatesites/
antispyware/      child/            gambling/         malware/          press/            vacation/
artnudes/         childcare/        games/            manga/            proxy/            verisign/
astrology/        cleaning/         gardening/        marketingware/    radio/            violence/
audio-video/      clothing/         government/       medical/          reaffected/       virusinfected/
banking/          culinary/         guns/             mixed_adult/      religion/         warez/
beerliquorinfo/   dating/           hacking/          mobile-phone/     ringtones/        weapons/
beerliquorsale/   desktopsillies/   homerepair/       naturism/         searchengines/    weather/
bigblacklist.tar  dialers/          humor/            news/             sect/             webmail/
blacklists/       drugs/            hygiene/          onlineauctions/   sexuality/        whitelist/
blog/             ecommerce/        instantmessaging/ onlinegames/      shopping/        
books/            entertainment/    jewelry/          onlinepayment/    socialnetworking/
CATEGORIES        filehosting/      jobsearch/        personalfinance/  sportnews/