copie de mon fichier squid.conf
acl lan src 192.168.8.0/24 # RFC1918 possible internal network
acl lan src 192.168.0.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow lan
http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_port 3128
cache_effective_user proxy
cache_effective_group proxy
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
redirect_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
#http_access deny all
Copie de mon ficheir squidGuard;conf# CONFIG FILE FOR SQUIDGUARD
#
# Caution: do NOT use comments inside { }
#
dbhome /var/lib/squidguard/db
logdir /var/log/squidguard
dest porn {
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
}
acl {
default {
pass !porn all
redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
Voila manque à écrire la doc, sachant que jele fait tourner sur Raspian.
Les
docs sur l’installation de squid & squiguard ne manquent pas sur le
net, sinon se référrer a l’article sur Linux pratique N° 100.
—
