# squid / squidGuard problem filtering

## kpoman

hello

i installed squid, then squidguard,

downloaded a list of banned stuff, and i then created the db's as you may see:

my squidguard.conf :

```

kpoman db # less /etc/squidGuard/squidGuard.conf

logdir /var/log/squidGuard

dbhome /usr/local/squidGuard/db

dest porn {

        domainlist porn/domains

        urllist porn/urls

}

dest ads {

        domainlist ads/domains

        urllist ads/urls

}

dest aggressive {

        domainlist aggressive/domains

        urllist aggressive/urls

}

dest gambling {

        domainlist gambling/domains

        urllist gambling/urls

}

dest warez {

        domainlist warez/domains

        urllist warez/urls

}

acl {

        default {

                pass !porn !ads !aggressive !gambling !warez all

                redirect http://localhost/death.jpg

        }

}

/etc/squidGuard/squidGuard.conf (END)

```

and then the banned stuff:

```

kpoman db # cd /usr/local/squidGuard/db

kpoman db # find . | grep db

./ads/domains.db

./ads/urls.db

./aggressive/domains.db

./aggressive/urls.db

./gambling/domains.db

./gambling/urls.db

./porn/domains.db

./porn/urls.db

./warez/domains.db

./warez/urls.db

kpoman db #

```

i have also put this line in my /etc/squid/squid.conf file:

```

redirect_program /usr/bin/squidGuard -c /etc/squidGuard/squidGuard.conf

```

so everything shoudl be ok by now,

to be sure squidguard is running i do this:

```

kpoman db # ps ax | grep squid

10017 pts/2    T      0:00 squidGuard -c /etc/squidGuard/squidGuard.conf

10481 ?        S      0:00 /usr/sbin/squid -DYC

10483 ?        S      0:00 (squid) -DYC

10485 ?        S      0:00 (squidGuard) -c /etc/squidGuard/squidGuard.conf

10486 ?        S      0:00 (squidGuard) -c /etc/squidGuard/squidGuard.conf

10487 ?        S      0:00 (squidGuard) -c /etc/squidGuard/squidGuard.conf

10488 ?        S      0:00 (squidGuard) -c /etc/squidGuard/squidGuard.conf

10489 ?        S      0:00 (squidGuard) -c /etc/squidGuard/squidGuard.conf

10506 pts/2    S      0:00 vim /etc/squidGuard/squidGuard.conf

kpoman db #

```

so it should be allright, but when i try to go to porn sites :p it lets me view the fat asses ! so if someone has an idea what is going wrong ? i am trying to set this up until a long time and cont figure out what is not working ! please help me!

----------

## slartibartfasz

same here - i never got it running - i think there are some other squid filters too...

EDIT: sorry - i know this doesnt help, but perhaps it makes u feel better, knowing that u r not alone  :Wink: 

----------

## kpoman

 :Arrow:  insert help here

----------

## kpoman

please, pity on me  :Shocked: 

----------

## snafoo

ive heard dansguardian is very good for filtering, no blacklists, on the fly detection of inappropriate materials. its really fast too

----------

## cPF

Guess, I was kind of lucky getting it working just fine right away? hmm My setup ought not differ from you in anyway. But I urge you to use an expressionlist for porn sites as well, because it will so then be much more sensitive for goat sex and stuff. Oh, i manually added a ban for hello.jpg  :Wink: 

Good luck

----------

## kpoman

so with same configuration you could managte it to get it working ?  :Embarassed: 

what am i doing wrong then ???

----------

## kpoman

still broken  :Exclamation: 

no one tried this squidguard ever ?

----------

## kpoman

 :Question:  help  :Question: 

----------

## neal_cz

Hi, are your db files readable to the user under which squid is run? You may also want to check your logfiles for a note about emergency mode in which squidGuard runs if anything's wrong.

----------

## neal_cz

And also make sure that exists the object you want to redirect to.

Ales

----------

## cryos

I had some initial problems getting this running too. You need to create /var/log/squidGuard and then chown it like so,

mkdir /var/log/squidGuard

chown squid.squid /var/log/squidGuard

Also chown /etc/squidGuard to squid too (assuming your db files are in here too,

chown squid.squid -R /etc/squidGuard

Then try issuing /etc/init.d/squid restart and it should be working finally! If not let me know. I have also submitted a bug to bugzilla to try and get them to modify the ebuild. If they add the line,

./configure --prefix=/usr --with-sg-config=/etc/squidGuard/squidGuard.conf --with-sg-logdir=/var/log/squidGuard

into the src_compile() function then you wouldn't need the extra -c option. Adzapper wouldn't pass this to squidGuard when trying to chain the two together, and so when I modified the ebuild with that line it all worked without passing the argument to squidGuard!

Hope this helps anyway.

----------

## puddpunk

Hi there, after a lot of huffing and puffing, I managed to get my squidGuard to block things. Here are a few things to check...

Make sure your http traffic is actually going through squid!!! (Don't laugh, it got me  :Smile: ) You need an IPTABLES rule like this:

```
$IPTABLES -t nat -A PREROUTING -i $INT_IF -p tcp --dport 80 -j REDIRECT --to-port 3128
```

 Make sure squidGuard can access the things it needs. When it starts up, it reads the databases and writes to it's log. If it can't do that it goes into "emergency mode" which is a "pass all" state. Check the logs (squids cache.log is sometimes helpful, squidGuard writes to it through squid.) Also, make sure that squidGuards databases are owned by squid 

```
# chown -R squid /etc/squidGuard
```

 And finally, make sure squid hasnt cached the website, or else it wont go through the redirector.

Hope that helps,

Chris.

----------

