-
Redirector for Squid
[LEFT][CODE]http://www.visolve.com/squid/whitepapers/redirector.php[/CODE][B][B][SIZE=-1][B]
Introduction[/B][/SIZE][/B][/B]
[SIZE=-1]Redirector is a highly customizable program, which returns a new URL replacing Client's original request. Squid sends the requested URLs to an external redirector process, and the redirector in turn processes every incoming URL and returns either a new URL, or a blank line to indicate no change. [/SIZE]
[SIZE=-1] Redirectors are commonly used at ISPs for filtering offensive materials, and at workplaces to block internet access during business hours. Even Educational Institutes require redirectors, in order to make internet safe for students thereby providing them access to this valuable media with age appropriate contents. Carefully configure these redirectors, and thereby bring the world web under your control: [/SIZE]
[SIZE=-1]Block blacklisted sites like drug abuse, pornographic etc., [/SIZE]
[SIZE=-1]Block unknown clients [/SIZE]
[SIZE=-1]Redirect Internet Access to custom created Error Pages [/SIZE]
[SIZE=-1]Create Different access rules for different user Group [/SIZE] [B][B][SIZE=-1][B]
SquidGuard[/B][/SIZE][/B][/B]
[SIZE=-1]SquidGuard is a free (GPL), flexible redirector program for squid. It lets you define multiple access rules with different restrictions for different user groups on a squid cache. SquidGuard uses squid standard redirector interface. Configuring squid with squidGuard blocks access to blacklisted web servers and/or URLs. [/SIZE] [B][B][SIZE=-1][B]
Prerequisites[/B][/SIZE][/B][/B]
[SIZE=-1]SquidGuard requires 2.X of the Berkeley DB library installed on your system. If you don't have it already, download and install it. It is available at [URL="http://www.sleepycat.com/"]berkeley-db.html[/URL]
[/SIZE] [B][B][SIZE=-1][B]
Installation & configuration[/B][/SIZE][/B][/B]
[SIZE=-1]You can download squidGuard as a gzipped tar ball available at [URL="http://www.squidguard.org/"]http://www.squidguard.org[/URL]. Next you have to untar the file and change working directory to squidGuard-*
tar -xvzf squidGuard-*
cd squidGuard-*
Now enter the following commands in order to configure, compile and install squidGuard
./configure
make
make install
[/SIZE] [B][B][SIZE=-1][B]
Creating Configuration file for squidGuard[/B][/SIZE][/B][/B]
[SIZE=-1]Create squidGuard.conf that suits your needs. This file allows you to declare Source group, Destination groups. You can also configure to have different access rules based on time of day, day of the week, date etc. for different user groups.
Here is a simple example to block inappropriate sites.
logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db
dest porn {
domainlist porn/domains
urllist porn/urls
}
acl {
default {
pass !porn all
redirect [URL]http://localhost/cgi/blocked?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u[/URL]
}
}
This implies there must be a domain list file "/usr/local/squidGuard/db/porn/domains" and a url list file "/usr/local/squidGuard/db/porn/urls". The domain list file may have a zillion lines like:
porn.com
sex.com
The url list file may have lines like:
foo.com/~porn
bar.com/img/sex
[/SIZE][B][B][SIZE=-1][B]Creating Blacklist[/B][/SIZE][/B][/B]
[SIZE=-1]The blacklist is split into subsections (porn, aggressive, drugs, hacking, ads, ...), to better match different needs. And in turn each subsections consist of separate unlimited lists of domains, URLs and/or regular expressions. The gzipped tar ball of blacklist can be downloaded by [URL="http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz"]HTTP[/URL] or [URL="ftp://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz"]FTP[/URL], or else it can be custom created, by adding domain and URL lists according to your own need.
For example if you want to filter drug material, then create your own domain list file and url list files (remember to specify their location path in squidGuard config file). Your domain list file may have lines like:
209.133.83.22
209.1.224.24
207.10.94.222
209.249.147.41
209.108.162.42
And url list file may have lines like:
207.229.130.206/drugsearch
209.215.97.108/drugs
209.44.25.11/drugs
drugpolicy.org/ecstasy [/SIZE] [B][B][SIZE=-1][B]
Configuring Squid for squidGuard[/B][/SIZE][/B][/B]
[SIZE=-1]Squid does not use redirectors by default. So you necessarily have to configure squid for redirectors by editing a couple of tags in squid.conf:
[I]redirect_program /fullpathto/redirector redirect_children 5[/I]
Here the former tag specifies the location of the executable for the URL redirector. So to specify the location of squidGuard, configure squid with redirect_program /fullpathto/squidGuard. And the later tag is used to set the number of redirect processes to spawn. If you start too few Squid will have to wait for them to process a back log of URLs, slowing it down, and too many of them may use RAM and other system resources.
[/SIZE] [B][B][SIZE=-1][B]
Squirm[/B][/SIZE][/B][/B]
[SIZE=-1]Squirm by Chris Foote can redirect requests for Squid. It can be configured for patterns and IP address with full regular expression matching and replacement. [/SIZE] [B][B][SIZE=-1][B]
Installing And Configuring Squirm[/B][/SIZE][/B][/B]
[SIZE=-1]You can download squirm as a gzipped tar ball available at [URL="http://squirm.foote.com.au/"]Squirm - A redirector for Squid[/URL]. Next untar the Squirm tar file and then Compile the GNU Regex library by doing:
cd regex
./configure
make clean
make
cp -p regex.o regex.h .. [/SIZE] [B][B][SIZE=-1][B]
Creating configuration files for squirm[/B][/SIZE][/B][/B]
[SIZE=-1]Squirm requires config files for patterns and IP addresses, which are located as:
"/usr/local/squirm/etc/squirm.local"
"/usr/local/squirm/etc/squirm.patterns"
The former file contains specifications for your client's network. And in the later file specify the block lists, for example: If you want to return the URL [URL]http://www/notallowed.html[/URL] to anyone [URL]http://www.xxx.com[/URL], then your block list would be;
[I]regexi ^[URL="http://www%5C.xxx%5C.com/.*"]http://www\.xxx\.com/.*[/URL] [URL]http://www/notallowed.html[/URL][/I] [/SIZE] [B][B][SIZE=-1][B]
Configuring Squid for squirm[/B][/SIZE][/B][/B]
[SIZE=-1]Once you have Squirm up and running, to get Squid to pass requests through squirm, you need to add a couple of lines to your squid.conf file.
[I]redirect_program /fullpathto/squirm
redirect_children 5[/I]
[/SIZE][B][SIZE=-1][B]References[/B] [/SIZE][/B]
[SIZE=-1]
[/SIZE] [SIZE=-1][URL="http://www.visolve.com/squid/squid24s1/contents.php"]ViSolve Squid Configuration Manual 2.4[/URL]
[URL="http://www.visolve.com/squid/squid30/contents.php"]ViSolve Squid Configuration Manual 3.0[/URL]
[URL="http://www.squidguard.org/"]SquidGuard[/URL]
[URL="http://squirm.foote.com.au/"]Squirm - A redirector for Squid[/URL][/SIZE]
[/LEFT]