Je comptais utiliser mon rapsberry pi actuellement sous Raspbian pour mettre en place un proxy local afin de limiter les accès Web aux ordinateurs de mes enfants.
Pour cela, j'ai installé le couple Squid3 / SquidGuard (qui me semblait être un bon ensemble).
Seulement voilà, j'avais l'impression que cela fonctionnait bien (en tout cas, les premiers tests me l'on montrait) mais désormais, rien à faire. Les sites adultes ne sont pas bloqués, les horaires pour Youtubes ne sont pas respectés
Du coup, je me dis que j'ai loupé quelque chose dans la config de squidGuard alors si quelqu'un peut jeter un œil dessus, les voici ci-après.
Code :
- cat /etc/squid3/squid.conf
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- acl LocalNet src 192.168.0.0/24
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost manager
- http_access deny manager
- http_access allow localhost
- http_access allow LocalNet
- http_access deny all
- http_port 3128
- coredump_dir /var/spool/squid3
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 0 20% 4320
- url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
|
Code :
- # cat /etc/squid3/squidGuard.conf
- # CONFIG FILE FOR SQUIDGUARD
- #
- # Caution: do NOT use comments inside { }
- #
- dbhome /var/lib/squidguard/db
- logdir /var/log/squidguard
- #
- # TIME RULES:
- # abbrev for weekdays:
- # s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
- time workhours {
- weekly mtwhf 08:00 - 16:30
- date *-*-01 08:00 - 16:30
- }
- time youtubehours {
- weekly mtwhf 19:30 - 20:30
- weekly as 10:30 - 12:30
- weekly as 17:30 - 21:00
- }
- #
- # SOURCE ADDRESSES:
- #
- src parents {
- ip 192.168.0.27 192.168.0.14
- }
- src enfants {
- ip 192.168.0.16 192.168.0.17
- }
- #
- # DESTINATION CLASSES:
- #
- # [see also in file dest-snippet.txt]
- dest audiovideo {
- domainlist audio-video/domains
- urllist audio-video/urls
- }
- dest porn {
- domainlist porn/domains
- urllist porn/urls
- log pornaccesses
- }
- #
- # ACL RULES:
- #
- acl {
- parents {
- pass !porn all
- }
- enfants within youtubehours {
- pass !porn all
- # redirect http://localhost/block.html
- } else {
- pass !porn !audiovideo all
- }
- default {
- pass all
- # redirect http://localhost/block.html
- }
- }
|
En gros :
- Je bloque le porn aux ordis enfants et parents (ici, j'ai rajouté le blocage aux ordis parents pour faire les tests depuis mon poste) avec log dans pornaccess
- Je règle des horaires pour les urls audios-videos (youtubehours) pour rejeter l'accès aux sites audiovideos en dehors de ces heures
- Tous les autres ordis ont tous les droits
Evidemment, j'ai réglé le proxy des postes concernés sur le rpi, port 3128 (si le proxy est arrêté, je n'ai plus d'accès au Net sur ces postes).
Au démarrage du service squid3, j'ai les logs suivantes dans squidguard :
Code :
- 2017-04-28 21:42:37 [4678] INFO: New setting: dbhome: /var/lib/squidguard/db
- 2017-04-28 21:42:37 [4678] INFO: New setting: logdir: /var/log/squidguard
- 2017-04-28 21:42:37 [4678] init domainlist /var/lib/squidguard/db/audio-video/domains
- 2017-04-28 21:42:37 [4678] INFO: loading dbfile /var/lib/squidguard/db/audio-video/domains.db
- 2017-04-28 21:42:37 [4678] init urllist /var/lib/squidguard/db/audio-video/urls
- 2017-04-28 21:42:37 [4678] INFO: loading dbfile /var/lib/squidguard/db/audio-video/urls.db
- 2017-04-28 21:42:37 [4678] init domainlist /var/lib/squidguard/db/porn/domains
- 2017-04-28 21:42:37 [4678] INFO: loading dbfile /var/lib/squidguard/db/porn/domains.db
- 2017-04-28 21:42:37 [4678] init urllist /var/lib/squidguard/db/porn/urls
- 2017-04-28 21:42:37 [4678] INFO: loading dbfile /var/lib/squidguard/db/porn/urls.db
- 2017-04-28 21:42:37 [4678] INFO: squidGuard 1.5 started (1493408557.026)
- 2017-04-28 21:42:37 [4678] INFO: squidGuard ready for requests (1493408557.074)
- 2017-04-28 21:43:03 [4679] INFO: New setting: dbhome: /var/lib/squidguard/db
- 2017-04-28 21:43:03 [4679] INFO: New setting: logdir: /var/log/squidguard
- 2017-04-28 21:43:03 [4679] init domainlist /var/lib/squidguard/db/audio-video/domains
- 2017-04-28 21:43:03 [4679] INFO: loading dbfile /var/lib/squidguard/db/audio-video/domains.db
- 2017-04-28 21:43:03 [4679] init urllist /var/lib/squidguard/db/audio-video/urls
- 2017-04-28 21:43:03 [4679] INFO: loading dbfile /var/lib/squidguard/db/audio-video/urls.db
- 2017-04-28 21:43:03 [4679] init domainlist /var/lib/squidguard/db/porn/domains
- 2017-04-28 21:43:03 [4679] INFO: loading dbfile /var/lib/squidguard/db/porn/domains.db
- 2017-04-28 21:43:03 [4679] init urllist /var/lib/squidguard/db/porn/urls
- 2017-04-28 21:43:03 [4679] INFO: loading dbfile /var/lib/squidguard/db/porn/urls.db
- 2017-04-28 21:43:03 [4679] INFO: squidGuard 1.5 started (1493408583.172)
- 2017-04-28 21:43:03 [4680] INFO: New setting: dbhome: /var/lib/squidguard/db
- 2017-04-28 21:43:03 [4679] INFO: squidGuard ready for requests (1493408583.294)
- 2017-04-28 21:43:03 [4680] INFO: New setting: logdir: /var/log/squidguard
- 2017-04-28 21:43:03 [4680] init domainlist /var/lib/squidguard/db/audio-video/domains
- 2017-04-28 21:43:03 [4680] INFO: loading dbfile /var/lib/squidguard/db/audio-video/domains.db
- 2017-04-28 21:43:03 [4680] init urllist /var/lib/squidguard/db/audio-video/urls
- 2017-04-28 21:43:03 [4680] INFO: loading dbfile /var/lib/squidguard/db/audio-video/urls.db
- 2017-04-28 21:43:03 [4680] init domainlist /var/lib/squidguard/db/porn/domains
- 2017-04-28 21:43:03 [4680] INFO: loading dbfile /var/lib/squidguard/db/porn/domains.db
- 2017-04-28 21:43:03 [4680] init urllist /var/lib/squidguard/db/porn/urls
- 2017-04-28 21:43:03 [4680] INFO: loading dbfile /var/lib/squidguard/db/porn/urls.db
- 2017-04-28 21:43:03 [4680] INFO: squidGuard 1.5 started (1493408583.284)
- 2017-04-28 21:43:03 [4680] INFO: squidGuard ready for requests (1493408583.387)
- 2017-04-28 21:43:03 [4681] INFO: New setting: dbhome: /var/lib/squidguard/db
- 2017-04-28 21:43:03 [4681] INFO: New setting: logdir: /var/log/squidguard
- 2017-04-28 21:43:03 [4681] init domainlist /var/lib/squidguard/db/audio-video/domains
- 2017-04-28 21:43:03 [4681] INFO: loading dbfile /var/lib/squidguard/db/audio-video/domains.db
- 2017-04-28 21:43:03 [4681] init urllist /var/lib/squidguard/db/audio-video/urls
- 2017-04-28 21:43:03 [4681] INFO: loading dbfile /var/lib/squidguard/db/audio-video/urls.db
- 2017-04-28 21:43:03 [4681] init domainlist /var/lib/squidguard/db/porn/domains
- 2017-04-28 21:43:03 [4681] INFO: loading dbfile /var/lib/squidguard/db/porn/domains.db
- 2017-04-28 21:43:03 [4681] init urllist /var/lib/squidguard/db/porn/urls
- 2017-04-28 21:43:03 [4681] INFO: loading dbfile /var/lib/squidguard/db/porn/urls.db
- 2017-04-28 21:43:03 [4681] INFO: squidGuard 1.5 started (1493408583.404)
- 2017-04-28 21:43:03 [4681] INFO: squidGuard ready for requests (1493408583.484)
- 2017-04-28 21:43:04 [4682] INFO: New setting: dbhome: /var/lib/squidguard/db
- 2017-04-28 21:43:04 [4682] INFO: New setting: logdir: /var/log/squidguard
- 2017-04-28 21:43:04 [4682] init domainlist /var/lib/squidguard/db/audio-video/domains
- 2017-04-28 21:43:04 [4682] INFO: loading dbfile /var/lib/squidguard/db/audio-video/domains.db
- 2017-04-28 21:43:04 [4682] init urllist /var/lib/squidguard/db/audio-video/urls
- 2017-04-28 21:43:04 [4682] INFO: loading dbfile /var/lib/squidguard/db/audio-video/urls.db
- 2017-04-28 21:43:04 [4682] init domainlist /var/lib/squidguard/db/porn/domains
- 2017-04-28 21:43:04 [4682] INFO: loading dbfile /var/lib/squidguard/db/porn/domains.db
- 2017-04-28 21:43:04 [4682] init urllist /var/lib/squidguard/db/porn/urls
- 2017-04-28 21:43:04 [4682] INFO: loading dbfile /var/lib/squidguard/db/porn/urls.db
- 2017-04-28 21:43:04 [4682] INFO: squidGuard 1.5 started (1493408584.305)
- 2017-04-28 21:43:04 [4682] INFO: squidGuard ready for requests (1493408584.378)
|
et enfin dans le fichier access.log de squid3, je peux trouver les logs à youporn par exemple :
Code :
- 1493406771.367 4025 192.168.0.16 TCP_MISS/200 61411 CONNECT www.youporn.com:443 - HIER_DIRECT/31.192.120.44 -
|
Merci d'avance de votre aide.
Message édité par jay31790 le 28-04-2017 à 21:53:38
---------------
Achats/Ventes