Pages : 1
#1 Le 30/08/2007, à 10:33
- siks971
[Prob] SQUID+DansGuardian
bonjour, j'essaye de mettre en place un serveur proxy squid couplé a un filtreur de contenu dansguardian car je trouve squidGuard un peu trop compliquer à mettre en oeuvre.
1-Cependant je n'arrive pas à démarrer squid car quand je fais un service squid restart j'obtient :
root@Hibo:~# service squid restart
* Restarting Squid HTTP proxy squid 2007/08/30 10:11:43| parseConfigFile: line 47 unrecognized: 'http access'
2007/08/30 10:11:43| parseConfigFile: line 73 unrecognized: 'httpd_accel_host virtual'
2007/08/30 10:11:43| parseConfigFile: line 74 unrecognized: 'httpd_accel_port 80'
2007/08/30 10:11:43| parseConfigFile: line 75 unrecognized: 'httpd_accel_with_proxy on'
2007/08/30 10:11:43| parseConfigFile: line 76 unrecognized: 'httpd_accel_uses_host_header on'
[ OK ]
2- je n'arrive pas à demarrer dansguardian non plus
root@Hibo:~# service dansguardian restart
DansGuardian has not been configured!
Please edit /etc/dansguardian/dansguardian.conf manually then rerun
this script.
pouvez vous me donner un coup de main????
Voici le fichier de le de daemon.log
root@Hibo:/etc/dansguardian# tail -30 /var/log/daemon.log
Aug 30 10:11:44 Hibo squid[2569]: Target number of buckets: 4032
Aug 30 10:11:44 Hibo squid[2569]: Using 8192 Store buckets
Aug 30 10:11:44 Hibo squid[2569]: Max Mem size: 8192 KB
Aug 30 10:11:44 Hibo squid[2569]: Max Swap size: 1048576 KB
Aug 30 10:11:44 Hibo squid[2569]: Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
Aug 30 10:11:44 Hibo squid[2569]: Rebuilding storage in /var/spool/squid (CLEAN)
Aug 30 10:11:44 Hibo squid[2569]: Using Least Load store dir selection
Aug 30 10:11:44 Hibo squid[2569]: Set Current Directory to /var/spool/squid
Aug 30 10:11:44 Hibo squid[2569]: Loaded Icons.
Aug 30 10:11:44 Hibo squid[2569]: Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 13.
Aug 30 10:11:44 Hibo squid[2569]: Accepting ICP messages at 0.0.0.0, port 3130, FD 14.
Aug 30 10:11:44 Hibo squid[2569]: HTCP Disabled.
Aug 30 10:11:44 Hibo squid[2569]: WCCP Disabled.
Aug 30 10:11:44 Hibo squid[2569]: Ready to serve requests.
Aug 30 10:11:44 Hibo squid[2569]: Done reading /var/spool/squid swaplog (0 entries)
Aug 30 10:11:44 Hibo squid[2569]: Finished rebuilding storage from disk.
Aug 30 10:11:44 Hibo squid[2569]: 0 Entries scanned
Aug 30 10:11:44 Hibo squid[2569]: 0 Invalid entries.
Aug 30 10:11:44 Hibo squid[2569]: 0 With invalid flags.
Aug 30 10:11:44 Hibo squid[2569]: 0 Objects loaded.
Aug 30 10:11:44 Hibo squid[2569]: 0 Objects expired.
Aug 30 10:11:44 Hibo squid[2569]: 0 Objects cancelled.
Aug 30 10:11:44 Hibo squid[2569]: 0 Duplicate URLs purged.
Aug 30 10:11:44 Hibo squid[2569]: 0 Swapfile clashes avoided.
Aug 30 10:11:44 Hibo squid[2569]: Took 0.3 seconds ( 0.0 objects/sec).
Aug 30 10:11:44 Hibo squid[2569]: Beginning Validation Procedure
Aug 30 10:11:44 Hibo squid[2569]: Completed Validation Procedure
Aug 30 10:11:44 Hibo squid[2569]: Validated 0 Entries
Aug 30 10:11:44 Hibo squid[2569]: store_swap_size = 0k
Aug 30 10:11:45 Hibo squid[2569]: storeLateRelease: released 0 objects
ensuite voici mon fichier de configuration squid.conf
root@Hibo:/var/log/squid# cat /etc/squid/squid.conf
http_port 3128
cache_effective_user proxy
cache_effective_group proxy
visible_hostname none
cache_dir ufs /var/spool/squid 1024 16 256
cache_mgr albanrenier@wanadoo.fr
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Access controls
#Defaults
acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.10.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# Mes règles
acl clients src 192.168.10.0/24
http_access allow localhost
http_access allow lan
######################
http access
######################
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
# http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_group proxy
coredump_dir /var/spool/squid
#################################
#les interdictions sur le web####
#################################
#Les domaines bloqués
acl caramail dstdomain caramail.lycos.fr
http_access deny caramail
acl netlog dstdomain fr.netlog.com
http_access deny netlog
acl skyblog dstdomain skyrock.com
http_access deny skyblog
#redirect_program /usr/bin/squidGuard
#redirect_children 5
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_access allow all
et voici mon fichier dansguardian.conf
root@Hibo:/etc/dansguardian# grep '^[^#]' dansguardian.conf dansguardian.conf.no_com
dansguardian.conf:UNCONFIGURED - Please remove this line after configuration
dansguardian.conf:reportinglevel = 3
dansguardian.conf:languagedir = '/etc/dansguardian/languages'
dansguardian.conf:language = 'french'
dansguardian.conf:loglevel = 3
dansguardian.conf:logexceptionhits = on
dansguardian.conf:logfileformat = 1
dansguardian.conf:filterip =
dansguardian.conf:filterport = 8080
dansguardian.conf:proxyip = 127.0.0.1
dansguardian.conf:proxyport = 3128
dansguardian.conf:accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
dansguardian.conf:nonstandarddelimiter = on
dansguardian.conf:usecustombannedimage = 1
dansguardian.conf:custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
dansguardian.conf:filtergroups = 1
dansguardian.conf:filtergroupslist = '/etc/dansguardian/filtergroupslist'
dansguardian.conf:bannediplist = '/etc/dansguardian/bannediplist'
dansguardian.conf:exceptioniplist = '/etc/dansguardian/exceptioniplist'
dansguardian.conf:banneduserlist = '/etc/dansguardian/banneduserlist'
dansguardian.conf:exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
dansguardian.conf:showweightedfound = on
dansguardian.conf:weightedphrasemode = 2
dansguardian.conf:urlcachenumber = 3000
dansguardian.conf:urlcacheage = 900
dansguardian.conf:phrasefiltermode = 2
dansguardian.conf:preservecase = 0
dansguardian.conf:hexdecodecontent = 0
dansguardian.conf:forcequicksearch = 0
dansguardian.conf:reverseaddresslookups = off
dansguardian.conf:reverseclientiplookups = off
dansguardian.conf:createlistcachefiles = on
dansguardian.conf:maxuploadsize = -1
dansguardian.conf:maxcontentfiltersize = 256
dansguardian.conf:usernameidmethodproxyauth = on
dansguardian.conf:usernameidmethodntlm = off # **NOT IMPLEMENTED**
dansguardian.conf:usernameidmethodident = off
dansguardian.conf:preemptivebanning = on
dansguardian.conf:forwardedfor = off
dansguardian.conf:usexforwardedfor = off
dansguardian.conf:logconnectionhandlingerrors = on
dansguardian.conf:maxchildren = 120
dansguardian.conf:minchildren = 8
dansguardian.conf:minsparechildren = 4
dansguardian.conf:preforkchildren = 6
dansguardian.conf:maxsparechildren = 32
dansguardian.conf:maxagechildren = 500
dansguardian.conf:ipcfilename = '/tmp/.dguardianipc'
dansguardian.conf:urlipcfilename = '/tmp/.dguardianurlipc'
dansguardian.conf:nodaemon = off
dansguardian.conf:nologger = off
dansguardian.conf:softrestart = off
dansguardian.conf:virusscan = on
dansguardian.conf:virusengine = 'clamav'
dansguardian.conf:tricklelength = 32768
dansguardian.conf:forkscanlength = 32768
dansguardian.conf:firsttrickledelay = 10
dansguardian.conf:followingtrickledelay = 10
dansguardian.conf:maxcontentscansize = 41904304
dansguardian.conf:virusscanexceptions = on
dansguardian.conf:urlcachecleanonly = on
dansguardian.conf:virusscannertimeout = 60
dansguardian.conf:notify = 0
dansguardian.conf:emaildomain = 'your.domain.com'
dansguardian.conf:postmaster = 'postmaster@your.domain.com'
dansguardian.conf:emailserver = '127.0.0.1:25'
dansguardian.conf:downloaddir = '/tmp/dgvirus'
dansguardian.conf:clmaxfiles = 1500
dansguardian.conf:clmaxreclevel = 3
dansguardian.conf:clmaxfilesize = 10485760
dansguardian.conf:clblockencryptedarchives = off
dansguardian.conf:cldetectbroken = off
dansguardian.conf:clamdsocket = '/tmp/clamd'
dansguardian.conf:avesocket = '/var/run/aveserver'
dansguardian.conf:trophiesocket = '/var/run/trophie'
dansguardian.conf:sophiesocket = '/var/run/sophie'
dansguardian.conf:icapsocket = 'localhost:1344'
dansguardian.conf:icapservice = 'icap://localhost/avscan'
grep: dansguardian.conf.no_com: Aucun fichier ou répertoire de ce type
root@Hibo:/etc/dansguardian# grep '^[^#]' dansguardian.conf > dansguardian.conf.no_com
root@Hibo:/etc/dansguardian# cat dansguardian.conf.no_com
UNCONFIGURED - Please remove this line after configuration
reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'french'
loglevel = 3
logexceptionhits = on
logfileformat = 1
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 3000
urlcacheage = 900
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
usernameidmethodproxyauth = on
usernameidmethodntlm = off # **NOT IMPLEMENTED**
usernameidmethodident = off
preemptivebanning = on
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
nodaemon = off
nologger = off
softrestart = off
virusscan = on
virusengine = 'clamav'
tricklelength = 32768
forkscanlength = 32768
firsttrickledelay = 10
followingtrickledelay = 10
maxcontentscansize = 41904304
virusscanexceptions = on
urlcachecleanonly = on
virusscannertimeout = 60
notify = 0
emaildomain = 'your.domain.com'
postmaster = 'postmaster@your.domain.com'
emailserver = '127.0.0.1:25'
downloaddir = '/tmp/dgvirus'
clmaxfiles = 1500
clmaxreclevel = 3
clmaxfilesize = 10485760
clblockencryptedarchives = off
cldetectbroken = off
clamdsocket = '/tmp/clamd'
avesocket = '/var/run/aveserver'
trophiesocket = '/var/run/trophie'
sophiesocket = '/var/run/sophie'
icapsocket = 'localhost:1344'
icapservice = 'icap://localhost/avscan'
Merci encore pour votre aide
Dernière modification par slasher-fun (Le 24/03/2011, à 17:22)
Fan de musique? Je suis egalement music producer -> http://siks-music.blogspot.com, n'hesitez pas a vister mon blog Ubuntu http://2tibuntu.blogspot.com
Hors ligne
#2 Le 01/09/2007, à 02:56
- ostyll
Re : [Prob] SQUID+DansGuardian
Bon je vais t'aider du mieux que je pourrais car je suis déjà passé par là !
Ma première question est quel est la version de squid que tu a installer ensuite squidguard est beaucoup plus aisé que dansguardian car dansguardian a de nombreux fichier conf pour filtrer un max !!!
Hors ligne
#3 Le 03/09/2007, à 14:10
- axone
Re : [Prob] SQUID+DansGuardian
Salut,
D'apres ce qu'on constate tes scripts de conf posent problèmes, autant essayer de les reprendre, ton systeme les interprete mal. J'utilise dansguardian et squid mais sur un IPCOP donc la je ne peux pas vraiment plus t'aider. fichier de conf fichier de conf
Bon courage
Hors ligne
#4 Le 03/09/2007, à 14:52
- kuri
Re : [Prob] SQUID+DansGuardian
je vois un "http access" pas commente, alors que normalement il devrait l etre :
http_access allow lan
######################
http access
######################
http_access allow manager localhost
apres je ne sait pas, je n ai pas utilise squid depuis presque 2ans, et ca n a jamais ete mon point fort
Hors ligne
#5 Le 04/09/2007, à 16:46
- siks971
Re : [Prob] SQUID+DansGuardian
Bon je vais t'aider du mieux que je pourrais car je suis déjà passé par là !
Ma première question est quel est la version de squid que tu a installer ensuite squidguard est beaucoup plus aisé que dansguardian car dansguardian a de nombreux fichier conf pour filtrer un max !!!
j'ai une version 2.6 de squid
Fan de musique? Je suis egalement music producer -> http://siks-music.blogspot.com, n'hesitez pas a vister mon blog Ubuntu http://2tibuntu.blogspot.com
Hors ligne
#6 Le 04/09/2007, à 16:53
- siks971
Re : [Prob] SQUID+DansGuardian
je vois un "http access" pas commente, alors que normalement il devrait l etre :
http_access allow lan ###################### http access ###################### http_access allow manager localhost
apres je ne sait pas, je n ai pas utilise squid depuis presque 2ans, et ca n a jamais ete mon point fort
J'ai modifié mon fichiers squid et iptables..Maintenant Squid démarre sans problèmes..
cependant le filtrage de noms de domaine ne fonctionne pas. de laide????
j'ai abandonné dansguardian car j'ai lu qu'il s'occupe uniquement des liens web qui peuvent cacher des virus. je me remet sur squidguard que j'ai installé..Cependant je ne sais pas comment mettre en place la blacklist...de l'aide??????
root@Hibo:~# cat /etc/squid/squid.conf
http_port 8080 transparent
cache_effective_user proxy
cache_effective_group proxy
visible_hostname Hibo.YvelinesRadio.local
pid_filename /var/run/squid.pid
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \? \.cgi \.pl \.ph3 \.asp
no_cache deny QUERY
cache_mem 20 MBM
maximum_object_size_in_memory 1000 KB
cache_dir ufs /var/spool/squid 1024 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_mgr albanrenier@wanadoo.fr
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
##################
#Authentification
##################
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users
#auth_param basic realm Squid proxy-caching web serve
#auth_param basic children 5
#acl foo proxy_auth REQUIRED
#http_access allow foo
################
#Access controls
###############
#Defaults
acl lan src 192.168.10.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
#never_direct allow all
always_direct deny all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
######################
#http access
######################
http_access allow lan
#http_access deny all
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_reply_access allow all
icp_access allow all
acl POST method GET POST HEAD
http_access allow POST
#################################
#les interdictions sur le web####
#################################
#Les domaines bloqués
acl caramail dstdomain .caramail.lycos.fr
http_access deny caramail
acl netlog dstdomain netlog.com
http_access deny netlog
acl skyblog dstdomain .skyrock.com
http_access deny skyblog
error_directory /usr/share/squid/errors/French
cache_effective_group proxy
coredump_dir /var/spool/squid
#redirect_program /usr/bin/squidGuard
#redirect_children 5
debug_options ALL,1 33,2
#dns_nameservers 212.27.32.5 212.27.32.176
#######
#activer le snmp
#######
acl snmppublic snmp_community public
snmp_port 3401
snmp_access allow snmppublic all
le fichier squidGuard.conf
root@Hibo:/etc/squid# cat squidGuard.conf
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /etc/blacklists
logdir /var/log/squid
#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
#
# REWRITE RULES:
#
#rew dmz {
# s@://admin/@://admin.foo.bar.no/@i
# s@://foo.bar.no/@://www.foo.bar.no/@i
#}
#
# SOURCE ADDRESSES:
#
src lan {
ip 192.168.10.10-192.168.10.90
}
#src admin {
# ip 1.2.3.4 1.2.3.5
# user root foo bar
# within workhours
#}
#src foo-clients {
# ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
#}
#src bar-clients {
# ip 172.16.4.0/26
#}
#
# DESTINATION CLASSES:
#
dest good {
}
dest local {
}
#dest adult {
# domainlist adult/domains
# urllist adult/urls
# expressionlist adult/expressions
# redirect http://admin.foo.bar.no/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
#}
acl {
lan {
pass !adult all
redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n+clienident=%i+srcclass=%s&targetclass=%t&url=%u
}
# admin {
# pass any
# }
# foo-clients within workhours {
# pass good !in-addr !adult any
# } else {
# pass any
# }
# bar-clients {
# pass local none
# }
default {
pass none
# rewrite dmz
# redirect http://admin.foo.bar.no/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
}
}
Fan de musique? Je suis egalement music producer -> http://siks-music.blogspot.com, n'hesitez pas a vister mon blog Ubuntu http://2tibuntu.blogspot.com
Hors ligne
#7 Le 06/09/2007, à 09:51
- rz1
Re : [Prob] SQUID+DansGuardian
Pour Dansguardian, regarde bien dans le fichier de conf.
Premiere ligne:
UNCONFIGURED - Please remove this line after configuration
...
Ligne à virer, sinon Dansguardian se considere comme pas configuré
#8 Le 07/09/2007, à 15:13
- crem51
Re : [Prob] SQUID+DansGuardian
Bonjour à tous. J'ai mis en place un serveur proxy pour restreindre l'accès à certain site.
J'utilise squid 2.6 auxquel j'ai ajouté un système d'authentification ncsa_auth.
Pour le control parental, j'ai choisit dansguardian.
Lorsque je connecte mon client sur le port de squid (3128), j'ai bien la demande d'authentification.
Mais lorsque je connecte mon client sur le port de dansguardian (8080), j'ai bien le filtrage de site mais plus l'authentification (normal puisque je ne passe plus par squid).
N'y a t-il pas un moyen pour obtenir le filtrage et l'authentification?
Hors ligne
#9 Le 07/09/2007, à 15:26
- siks971
Re : [Prob] SQUID+DansGuardian
Bonjour à tous. J'ai mis en place un serveur proxy pour restreindre l'accès à certain site.
J'utilise squid 2.6 auxquel j'ai ajouté un système d'authentification ncsa_auth.
Pour le control parental, j'ai choisit dansguardian.
Lorsque je connecte mon client sur le port de squid (3128), j'ai bien la demande d'authentification.
Mais lorsque je connecte mon client sur le port de dansguardian (8080), j'ai bien le filtrage de site mais plus l'authentification (normal puisque je ne passe plus par squid).
N'y a t-il pas un moyen pour obtenir le filtrage et l'authentification?
j'avour que moi aussi j'aurai bien aimé savoir....je pense meme revenir au filtrage avec Suidguard
Fan de musique? Je suis egalement music producer -> http://siks-music.blogspot.com, n'hesitez pas a vister mon blog Ubuntu http://2tibuntu.blogspot.com
Hors ligne
Pages : 1