کد:
http://www.visolve.com/squid/whitepapers/redirector.php


Introduction

Redirector is a highly customizable program, which returns a new URL replacing Client's original request. Squid sends the requested URLs to an external redirector process, and the redirector in turn processes every incoming URL and returns either a new URL, or a blank line to indicate no change.

Redirectors are commonly used at ISPs for filtering offensive materials, and at workplaces to block internet access during business hours. Even Educational Institutes require redirectors, in order to make internet safe for students thereby providing them access to this valuable media with age appropriate contents. Carefully configure these redirectors, and thereby bring the world web under your control:
Block blacklisted sites like drug abuse, pornographic etc.,
Block unknown clients
Redirect Internet Access to custom created Error Pages
Create Different access rules for different user Group

SquidGuard

SquidGuard is a free (GPL), flexible redirector program for squid. It lets you define multiple access rules with different restrictions for different user groups on a squid cache. SquidGuard uses squid standard redirector interface. Configuring squid with squidGuard blocks access to blacklisted web servers and/or URLs.

Prerequisites

SquidGuard requires 2.X of the Berkeley DB library installed on your system. If you don't have it already, download and install it. It is available at berkeley-db.html

Installation & configuration

You can download squidGuard as a gzipped tar ball available at http://www.squidguard.org. Next you have to untar the file and change working directory to squidGuard-*

tar -xvzf squidGuard-*
cd squidGuard-*

Now enter the following commands in order to configure, compile and install squidGuard

./configure
make
make install

Creating Configuration file for squidGuard

Create squidGuard.conf that suits your needs. This file allows you to declare Source group, Destination groups. You can also configure to have different access rules based on time of day, day of the week, date etc. for different user groups.

Here is a simple example to block inappropriate sites.

logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db

dest porn {
domainlist porn/domains
urllist porn/urls
}

acl {
default {
pass !porn all
redirect http://localhost/cgi/blocked?clienta...roup=%s&url=%u
}
}

This implies there must be a domain list file "/usr/local/squidGuard/db/porn/domains" and a url list file "/usr/local/squidGuard/db/porn/urls". The domain list file may have a zillion lines like:

porn.com
sex.com

The url list file may have lines like:

foo.com/~porn
bar.com/img/sex

Creating Blacklist

The blacklist is split into subsections (porn, aggressive, drugs, hacking, ads, ...), to better match different needs. And in turn each subsections consist of separate unlimited lists of domains, URLs and/or regular expressions. The gzipped tar ball of blacklist can be downloaded by HTTP or FTP, or else it can be custom created, by adding domain and URL lists according to your own need.

For example if you want to filter drug material, then create your own domain list file and url list files (remember to specify their location path in squidGuard config file). Your domain list file may have lines like:
209.133.83.22
209.1.224.24
207.10.94.222
209.249.147.41
209.108.162.42

And url list file may have lines like:
207.229.130.206/drugsearch
209.215.97.108/drugs
209.44.25.11/drugs
drugpolicy.org/ecstasy

Configuring Squid for squidGuard

Squid does not use redirectors by default. So you necessarily have to configure squid for redirectors by editing a couple of tags in squid.conf:

redirect_program /fullpathto/redirector redirect_children 5

Here the former tag specifies the location of the executable for the URL redirector. So to specify the location of squidGuard, configure squid with redirect_program /fullpathto/squidGuard. And the later tag is used to set the number of redirect processes to spawn. If you start too few Squid will have to wait for them to process a back log of URLs, slowing it down, and too many of them may use RAM and other system resources.

Squirm

Squirm by Chris Foote can redirect requests for Squid. It can be configured for patterns and IP address with full regular expression matching and replacement.

Installing And Configuring Squirm

You can download squirm as a gzipped tar ball available at Squirm - A redirector for Squid. Next untar the Squirm tar file and then Compile the GNU Regex library by doing:

cd regex
./configure
make clean
make
cp -p regex.o regex.h ..

Creating configuration files for squirm

Squirm requires config files for patterns and IP addresses, which are located as:

"/usr/local/squirm/etc/squirm.local"
"/usr/local/squirm/etc/squirm.patterns"

The former file contains specifications for your client's network. And in the later file specify the block lists, for example: If you want to return the URL http://www/notallowed.html to anyone http://www.xxx.com, then your block list would be;

regexi ^http://www\.xxx\.com/.* http://www/notallowed.html

Configuring Squid for squirm

Once you have Squirm up and running, to get Squid to pass requests through squirm, you need to add a couple of lines to your squid.conf file.

redirect_program /fullpathto/squirm
redirect_children 5

References

ViSolve Squid Configuration Manual 2.4
ViSolve Squid Configuration Manual 3.0
SquidGuard
Squirm - A redirector for Squid




موضوعات مشابه: