# apt-get update && apt-get install squidguard
2. modify squidguard configuration
# vim /etc/squid/squidguard.conf
dbhome /var/lib/squidguard/blacklists
logdir /var/log/squid
#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
weekly mtwhf 00:00 - 24:00
date *-*-01 00:00 - 24:00
}
src admin {
ip 10.124.20.159
user root tommy
within workhours
}
src client-src {
ip 10.0.0.0/8
}
#
# DESTINATION CLASSES:
#
dest good {
domainlist good/domains
urllist good/urls
log block.log
}
dest ads {
domainlist ads/domains
urllist ads/urls
log block.log
}
dest adult {
domainlist adult/domains
urllist adult/urls
log block.log
}
dest chat {
domainlist chat/domains
urllist chat/urls
log block.log
}
acl {
admin {
pass any
}
client-src within workhours {
pass good !ads !adult !chat all
} else {
pass any
}
default {
pass none
redirect http://xxx.xxxx.xxxx/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
3. download the blacklist from internet
# cd /var/lib/squidguard/
# tar zxvf bigblacklist.tar.gz
4. create good folder in the db location
# cd /var/lib/squidguard/blacklists
# mkdir good
# touch good/domains
# touch good/urls
5. initial the database and change the permission for squid service account
# squidGuard -C all
# chown -Rf proxy:proxy /var/lib/squidguard/blacklists
6. touch the block.log
# touch /var/log/squid/block.log
# chown -Rf proxy:proxy /var/lig/squid
7. add the line into the squid.conf
# vim /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
8. restart the squid service
# /etc/init.d/squid restart
沒有留言:
張貼留言