Sophie

Sophie

distrib > Fedora > 14 > i386 > by-pkgid > b1fe2e8533f5d22bfeaff1ec1d531d86 > files > 23

squidGuard-1.4-8.fc13.i686.rpm

                         Another squidguard website

   [1]Home [2]Documentation [3]Download [4]Blacklists [5]Useful stuff
   [6]Installation [7]Basic Configuration [8]Extended Configuration
   [9]Known Issues

  Extended Configuration of SquidGuard

   There are several more options to configure SquidGuard according to
   your needs.

   [10]Not allowing IP adresses          [11]Times
   [12]Rules based on source IP adresses [13]Logging blocked access tries

     Not allowing IP adresses
   To make sure that people don't bypass the URL filter by simply using
   the IP addresses instead of the fully qualified domain names, you can
   add the   !in-addr   following to your acl:

   Disallowing access to IP addresses
 acl {
        default {
                pass !in-addr all
                redirect http://localhost/block.html
        }
 }

     Blocking based on times
   There are two ways to define times and dates where access to websites
   are allowed or disallowed. The  weekly  directive is used for
   reoccuring access time, f.e. allowing web access to blocked sites after
   work.
   Using the  date  directive you can additionally define special days
   where access may be granted. Wildcards can be used.

   Defining access times
time afterwork {
  weekly   * 17:00-24:00            # After work
  weekly   fridays 16:00-17:00      # On friday we close earlier
  weekly   saturdays sundays        # Weekend
  date   *.01.01                    # New Year's Day
  date   *.12.24 12:00-24:00        # Christmas Eve
  date   2006.04.14-2006.04.17      # Easter 2006
  date   2006.05.01                 # Maifeiertag
}

   To apply the defined times you can use the qualifiers  within  and
   outside , respectively. Now your acl looks like that:

acl {
        all within afterwork {
                pass all
        }
        else {
                pass    !adv !porn !warez all
        }
        default {
                pass    none
                redirect http://localhost/block.html
                }
}

   This means that for everyone free access to web sites is possible
   during the times defines in afterwork. Outsite these times people
   cannot access whatever is defined in adv, porn and warez.

     Rules based on source IP adresses
   If you have policies in place granting some people access to more sites
   than others you have different options how to implement this policy.
   One way is to define source IP acls. This can only work if your user
   groups are well separated within your network.
   Assuming that this is the case you can now define the source IP ranges
   in your squidGuard.conf the following way:

   Defining source IP addresses
src admins {
        ip      192.168.2.0-192.168.2.255
        ip      172.16.12.0/255.255.255.0
        ip      10.5.3.1/28
}

   You can secify IP addresses directly as well as defining IP ranges
   using a from-to notation, defining the netmask or use the netmask
   prefix abbreviation.
   Annotation: If you have many network definitions for a user group you
   can put that info into a separate file and just tell your
   squidGuard.conf about the location of the file. In this case you write
   in your squidGuard.conf:

src admins {
        iplist      adminlist
}

   SquidGuard will look for a file called adminlist located wherever you
   pointed your dbhome directive to. Alternatively you can specify an
   absolute path with your filename. The file itself holds the information
   in the following style:

192.168.2.0-192.168.2.255
172.16.12.0/255.255.255.0
10.5.3.1/28

     Logging blocked access tries
   It may be of interest who is accessing blocked sites. To track that
   down you can add a log directive to your src or dest definitions in
   your squidGuard.conf. If only a file name is given, the file is search
   in the directory specified in the logdir directive. Alternatively you
   can specify an absolute path with your logfilename.

   Logging blocked access tries
dest porn {
        domainlist porn/domains
        urllist porn/urls
        log pornaccesses
}
     __________________________________________________________________

   Mirko Lorenz - mirko at shalla.de
   26.03.2006

References

   1. http://squidguard.shalla.de/index.html
   2. http://squidguard.shalla.de/Doc/index.html
   3. http://squidguard.shalla.de/download.html
   4. http://squidguard.shalla.de/blacklists.html
   5. http://squidguard.shalla.de/addsoft.html
   6. http://squidguard.shalla.de/Doc/install.html
   7. http://squidguard.shalla.de/Doc/configure.html
   8. http://squidguard.shalla.de/Doc/extended.html
   9. http://squidguard.shalla.de/Doc/known_issues.html
  10. http://squidguard.shalla.de/Doc/extended.html#notIP
  11. http://squidguard.shalla.de/Doc/extended.html#times
  12. http://squidguard.shalla.de/Doc/extended.html#sourceIP
  13. http://squidguard.shalla.de/Doc/extended.html#blocklog

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional