Topic: squidGuard supdate and https filtering

[Tim Hogan]

I recently set up an SME V5 server and installed the most recent release of squidGuard.  I realize the squidGuard manager will not work on the SME V5 server manager panel and I can live with that (editing the trusted and untrusted dbs manually).  I have tweaked the squidGuard.conf templates and it seems to work fine with two exceptions.  When I installed an earlier release of squidGuard on an E-smith V4.12 server it installed a file called supdate and scheduled it to run daily in cron.daily.  This file automated the download of blacklists.  supdate does not seem to be included in the version I just installed.  Does anyone know where I can get it (or the contents of it so I can create it myself)?  Also, I noticed that squidGuard is blocking http sites fine but seems to let all https site through on machines that have web access blocked for all but trusted sites.  Do I need to edit one of the squidGuard.conf templates to extend filtering to https sites?

I would appreciate any help with this.

[FredS]

#!/bin/sh
echo downloading blacklist...
cd /usr/local/squidGuard
rm -rf blacklists*
wget -nv http://ftp.ost.eltele.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz~
tar -zxf blacklists.tar.gz~
cp -rf blacklists/* db
find db -name \*.\* -exec rm {} \;
rm -Rf db/mail
rm -Rf db/ads
rm -Rf db/README
rm -Rf db/audio-video
chmod -R 644 db
cd db
chmod +x *
cd ..
chmod +x db
cd db
cd trusted
chgrp www *
chmod 764 *
cd ..
cd untrusted
chgrp www *
chmod 764 *
cd ..
cd ..
echo
echo Restarting Squid...
/etc/rc.d/init.d/squid restart
/usr/local/squidGuard/setacls
echo Finished.

[Craig]

Tim,

Checkout the bottom of the following link for the info you need.

http://www.tech-geeks.org/index.php?topic=how-to

Regards
Craig

[Ryan]

This works on 5.0 not 5.1.2

I used the distro from a link (i can't remember) to the greencomputer site.  I downloaded a single squidguard-21.tar file.  After extracting this file, it installs transproxy, squidguard, and all the databases, plus sets up the supdate file (but you have to copy stuff to crontab file).  All this done by running a single file, very easy.

Well anyway, I am able to use the web interface to add trusted/untrused domains and expressions.  (the link in server manager does not work) I did the following:

-In server manager, open the squidguard ibay. Click modify and change the http/ftp to allow access.  I use entire internet w/ password.  If you use a password, the username is the name of the ibay.

-In any browser, goto:  http://[sme5.0 external ip address]/squidguard
The interface should launch.  

I found a useful procedure if you have more than one server to configure:  
-create a user account on windows box with username=admin password=your sme admin password.

-browse to \[sme server]\squidguard\cgi-bin
-copy the trusted and untrusted folders to your computer

-browse to second sme server.  using same user account in windows.
-copy the trusted/untrusted folders to same directory on 2nd sme server.
-configure 2nd sme server ibay like above.  goto web interface and ad a domain to trusted or untrusted.  This activates the stuff in the folders you copied to cgi-bin.  Then remove the domain you just put in if you don't want it there.

You now have copied all your trusted\untrused domains and expressions.

I also have a large list of expressions I found on the web that effective block urls with words...it works GREAT on porn sites, but blocks others as well....like a foxnews page on kid porn...porn was found in the url, so access denied.  XXX in superbowl news page urls...access denied.  To fix, I simply used the web interface and trusted the foxnews.com domain.   Just paste the expression file contents into the right folder in the squidguard ibay, and use the interface to add/remove so it sees the added data.  

If you want these any files, email and I will give you my ftp server address and the files names you need.