[1][squidGuard.gif] Installing squidGuard [install.gif]
   [2]squidGuard is an ultrafast and free filter, redirector and access
   controller for [3]Squid
   By [4]Pål Baltzersen and [5]Lars Erik Håland
   [6]Copyright © 1999-2000, [7]Tele Danmark InterNordia
   Visitors: [counter] (Since 2002-01-08 19:54:05)
   This page was last modified 2002-01-08

[arrow-red.gif] Installation instructions

   The good news:
          squidGuard uses Squid's [8]standard redirector interface so no
          patching of Squid is needed!

   and the not so good news:
          Currently we don't distribute precompiled versions of
          squidGuard.
          Though following these few steps should bring you up and going
          with squidGuard within a few minutes, provided you have the
          basic tools:

  [arrow-green.gif] For the impatient/experienced:

    1. Install version 2.X of the [9]Berkeley DB library (if not already
       installed on your system)
    2. [10]./configure
    3. [11]make
    4. [12]make install
    5. Create a [13]squidGuard.conf that suits your needs
    6. Create the [14]domain, [15]url and [16]expression lists you want
    7. Test/simulate
    8. [17]Configure squid to use squidGuard as the redirector and
       specify the number of redirector processes you want
    9. [18]Send Squid a HUP signal
       [19]Voilà!

  [arrow-green.gif] For the less impatient:

    1. Besides [20]Squid you need a basic UNIX development environment
       with a [21]make compatible build tool, an ANSI [22]C compiler, a
       [23]yacc compatible parser generator, a [24]lex compatible lexical
       analyzer generator and a [25]regcomp()/regexec() compatible
       regular expression library. You also need [26]gzip to unpack the
       distribution. Don't despair: If you managed to install Squid you
       most likely have all this! If not the links here points you to all
       the free sources you need.
    2. You need a version 2.X of the [27]Berkeley DB library installed on
       your system. If you don't already have it, [28]download and
       install the latest 2.X version. It should compile and install
       right out of the box. (squidGuard is developed with Berkeley DB
       version 2.x in mind, but it might work with Berkeley DB versions
       1.85 and 1.86 too. If you have success linking and running with
       versions 1.85 or 1.86 please [29]report!)
       Here is a quick installation guide for the Berkeley DB library:

                mkdir -p /local/src (or wherever you like)
                cd /local/src
                gzip -dc /wherever/db-2.y.z.tar.gz | tar xvf -
                cd db-2.y.z/dist
                ./configure (optionally add the environment and flags you
                 prefer) *)
                make
                make install
                make clean (optional)

       *) At [30]Tele Danmark we use:

#!/bin/sh -
   cd build_unix
   CC=gcc \
   CXX=g++ \
   CFLAGS="-O3 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" \
   CXXFLAGS="-O3 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" \
   ../dist/configure \
     --verbose \
     --target=sparc-sun-solaris \
     --enable-dynamic \
     --enable-compat185 \
     --enable-rpc \
     --prefix=/local

       By default the more recent versions of the Berkeley DB library
       installs itself under /usr/local/BerkeleyDB/{lib,include,bin,docs}
    3. [31]Download squidGuard and unpack the distribution with:

                mkdir -p /local/src (or wherever you like)
                cd /local/src
                gzip -dc /wherever/squidGuard-x.y.z.tar.gz | tar xvf -
                cd squidGuard-x.y.z

    4. squidGuard now comes with [32]GNU auto configuration for maximum
       portability and easy compilation setup. For a default environment,
       simply run:

                ./configure

       If you have [33]gcc you may want to force the use of gcc and
       optimize more:

                csh|tcsh# (setenv CC "gcc"; setenv CFLAGS "-O3";
                ./configure)

       or

                sh|bash|ksh# CC="gcc" CFLAGS="-O3" ./configure

       depending on your shell. This will prepare Makefiles to compile
       and optionally install the squidGuard executable as
       /usr/local/bin/squidGuard. If you prefer to install squidGuard as
       for instance /local/squid/bin/squidGuard, use the option:

                ./configure --prefix=/local/squid

       To avoid the need of runing squidGuard with the command line
       option "-c /wherever/filter.conf"*), you may want to change the
       default to the actual location of the configuration file at
       compile time by adding:

                ./configure --with-sg-config=/wherever/filter.conf

       *)Note: squid-2.2.x up to STABLE2are broken and ignores the
       argument list silently without passing it to the redirector.
       Therefor with squid-2.2.x up to STABLE2 you must specify the
       correct config file location with --with-sg-config=... at compile
       time. Versions up to 2.1.PATCH2 do not have this problem.
       To see the full list of build configuration options run:

                ./configure --help

       At [34]Tele Danmark we use:

#!/bin/sh -
   CC="gcc" \
   CFLAGS="-O3 -Wall" \
   LIBS="-R/local/lib -lnls" \
   ./configure \
   --verbose \
   --target=sparc-sun-solaris \
   --prefix=/local/squid \
   --with-db-lib=/local/lib \
   --with-db-inc=/local/include \
   --with-sg-config=/var/spool/www/hosts/proxy.teledanmark.no/filter/conf/filte
r.conf \
   --with-sg-logdir=/var/spool/www/hosts/proxy.teledanmark.no/filter/logs \
   --with-sg-dbhome=/var/spool/www/hosts/proxy.teledanmark.no/filter/db

    5. Now simply run:

                make

       This should compile squidGuard without errors. If you compile with
       gcc -Wall you may safely ignore warnings for the machine generated
       code y.tab.{c,h} (from sg.y) and lex.yy.c (from sg.l). You should
       probably investigate other warnings and errors.
    6. To test the newly built squidGuard run:

                make test

    7. If all is OK run:

                make install

       This will install the squidGuard executable in
       prefix/bin/squidGuard where prefix is /usr/local unless you
       changed it with --prefix=/some/where/else.
    8. Make a [35]configuration file for squidGuard. Start with a
       [36]minimal configuration and extend as your experience and needs
       grow.
    9. Make the [37]destination lists (databases) you want (if any at
       all).
   10. Test your configuration isolated. Put some sample requests in
       three files named something like test.pass, test.rewrite and
       test.block. (Omit test.rewrite if you don't have rewrite rules.)
       The format of these files is:

                URL ip-address/fqdn ident method

       For instance:

                http://freeware.teledanmark.no/squidGuard/ 10.1.2.3/pc123
                .teledanmark.no fdgh GET
                http://bad.site.com/dirty/stuff/foo.htm 10.3.2.1/- - GET

       The ip-address is mandatory, the fqdn and ident fields may be "-"
       depending of how you have configured Squid with respect to reverce
       DNS lookups and indent lookups. The request method is GET, POST,
       etc.
       Put some sample requests that should pass transparently, be
       rewritten/redirected and blocked in test.pass, test.rewrite and
       test.block respectively. Now you are ready to simulate real
       requests. Run the three simulations:

                prefix/bin/squidGuard -c /your/squidGuard.conf < test.pas
                s > test.pass.out
                prefix/bin/squidGuard -c /your/squidGuard.conf < test.rew
                rite > test.rewrite.out
                prefix/bin/squidGuard -c /your/squidGuard.conf < test.blo
                ck > test.block.out

       Check the pass output:

                wc -l test.pass
                wc -l test.pass.out
                wc -w test.pass.out

       The numerical results should be identical for the first two tests
       and 0 for the last.
       Check the rewrite/redirect output (Omit if you don't have rewrite
       rules.):

                wc -l test.rewrite
                wc -l test.rewrite.out
                diff test.rewrite test.rewrite.out | egrep -ic '^> ..* [0
                -9.]+/..* ..* [a-z]+$'
                more test.rewrite.out

       The numerical results should be identical for the first three
       tests. Visually ensure the new URLs are as expected with the more
       command.
       Check the block output:

                wc -l test.block
                wc -l test.block.out
                diff test.block test.block.out | egrep -ic '^> ..* [0-9.]
                +/..* ..* [a-z]+$'
                more test.block.out

       The numerical results should be identical for the first three
       tests. Visually ensure the new URLs are as expected with the more
       command.
   11. Install the empty image, stopsign image, dummy access denied page,
       the more or less intelligent CGI page or whatever your redirectors
       points to, on a web server that Squid can access; typically on the
       proxy server or a nearby server. If you don't have a web server we
       strongly recommend [38]Apache although any stable web server of
       your choice can be used.
   12. Tell Squid to use squidGuard as the redirector by uncommenting and
       changing the following tags in squid.conf to:

                redirect_program /prefix/bin/squidGuard

       or if squidGuard's config file is somewhere else than set at
       compile time*):

                redirect_program /prefix/bin/squidGuard -c /wherever/squi
                dGuard.conf

       where prefix is /usr/local unless you changed it with
       --prefix=/some/where/else.
       *)Note: squid-2.2.x up to STABLE2 are broken and ignores the
       argument list silently without passing it to the redirector.
       Therefor with squid-2.2.x up to STABLE2 you must specify the
       correct config file location with --with-sg-config=... at
       [39]compile time. Versions up to 2.1.PATCH2 do not have this
       problem.
       Also configuere the number of redirector processes you think you
       want:

                redirect_children 4

       I really don't know why one should have more than one squidGuard
       process on a single CPU system cince squidGuard never blocks
       indefinitly like the cache_dns_program and optional
       authenticate_program are more likely to do. Of course with more
       redirectors there is a chance a request that matches the first
       client group, rule and destination group could sneak out before a
       request that matches the last rule. But on the other hand more
       redirectors also slows down the system by added overhead and
       memory usage. Anyway 4 seems like a fine number to start with. We
       haven't done any benchmarking to find the best value and it may
       vary with the actual configuration.
   13. Send Squid a HUP signal:

                kill -HUP `cat /somewhere/squid.pid`

       or

                squid -k reconfigure

   14. Test with a browser.
                        ____________________________

                   [40][gnu-logo.gif] [41][perl-logo.gif]

                 [42][squid-logo.gif] [43][squidGuard.gif]

                           [44][home_header.gif]

References

   1. http://ftp.teledanmark.no/pub/www/proxy/squidGuard/
   2. http://www.squidguard.org/
   3. http://www.squid-cache.org/
   4. http://www.squidguard.org/authors/
   5. http://www.squidguard.org/authors/
   6. http://www.squidguard.org/copyright/
   7. http://www.teledanmark.no/
   8. http://www.squid-cache.org/Versions/1.1/Release-Notes-1.1.txt
   9. http://www.squidguard.org/install/#Detailed_install_2
  10. http://www.squidguard.org/install/#Detailed_install_4
  11. http://www.squidguard.org/install/#Detailed_install_5
  12. http://www.squidguard.org/install/#Detailed_install_7
  13. http://www.squidguard.org/config/
  14. http://www.squidguard.org/config/#Domainlists
  15. http://www.squidguard.org/config/#URLlists
  16. http://www.squidguard.org/config/#Expressionlists
  17. http://www.squidguard.org/install/#Detailed_install_12
  18. http://www.squidguard.org/install/#Detailed_install_13
  19. http://www.squidguard.org/install/#Detailed_install_14
  20. http://www.squidguard.org/links/#Squid
  21. http://www.squidguard.org/links/#Gmake
  22. http://www.squidguard.org/links/#Gcc
  23. http://www.squidguard.org/links/#Bison
  24. http://www.squidguard.org/links/#Flex
  25. http://www.squidguard.org/links/#Regex
  26. http://www.squidguard.org/links/#Gzip
  27. http://www.squidguard.org/links/#DB
  28. http://www.squidguard.org/links/#DB
  29. mailto:squidguard@squidguard.org
  30. http://www.teledanmark.no/
  31. http://www.squidguard.org/download/
  32. http://www.gnu.org/software/autoconf/
  33. http://www.squidguard.org/links/#Gcc
  34. http://www.teledanmark.no/
  35. http://www.squidguard.org/config/
  36. http://www.squidguard.org/config/#Minimal
  37. http://www.squidguard.org/config/#Lists
  38. http://www.squidguard.org/links/#Apache
  39. http://www.squidguard.org/install/#Defaultconfigfile
  40. http://www.gnu.org/
  41. http://www.perl.com/
  42. http://www.squid-cache.org/
  43. http://www.squidguard.org/
  44. http://www.sleepycat.com/