Bonjour,
Je suis en dernière année d'une école d'informatique en Suisse. J'ai un projet a rendre pour la fin de mes études qui est installer un serveur avec un proxy Squid & Squidguard.
j'ai un serveur sous OpenSuse 11.4 avec 2 cartes réseaux une en ligne direct sur le net en DHCP et l'autre en local avec une ip fixe, ma carte réseau en local est relié à un client qui est aussi sous Opensuse mais en 11.2
J'ai installer Squid il tourne... j'ai installer de même squidguard qui marche aussi. j'ai configurer Squid.conf -->
Spoiler :
# WELCOME TO SQUID 2.7.STABLE6
# ----------------------------
#
#Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# RFC1918 possible internal network
# RFC1918 possible internal network
# RFC1918 possible internal network
#
# http
# ftp
# https
# gopher
# wais
# unregistered ports
# http-mgmt
# gss-http
# filemaker
# multiling http
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
acl multipostes src 192.168.0.3-192.168.0.10/255.255.255.
acl admin src 192.168.0.2/255.255.255.000
# Apache to signal ETag correctly on such responses
broken_vary_encoding allow apache
# err, warning, notice, info, debug.
access_log /var/log/squid/access.log squid
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
# Deny requests to unknown ports
# Deny CONNECT to other than SSL ports
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# And finally deny all other access to this proxy
http_access allow multipostes
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
http_access allow admin
#Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
# Squid normally listens to port 3128
http_port 3128
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# cache_mem 8 MB
cache_mem 8 MB
# memory_replacement_policy lru
memory_replacement_policy lru
# cache_replacement_policy lru
cache_replacement_policy lru
# cache_dir ufs /var/cache/squid 100 16 256
cache_dir ufs /var/cache/squid 100 16 256
# minimum_object_size 0 KB
minimum_object_size 0 KB
# maximum_object_size 4096 KB
maximum_object_size 4096 KB
# cache_log /var/log/squid/cache.log
cache_log /var/log/squid/cache.log
# cache_store_log /var/log/squid/store.log
cache_store_log /var/log/squid/store.log
# emulate_httpd_log off
emulate_httpd_log off
# ftp_passive on
ftp_passive on
url_rewrite_program /usr/sbin/squidGuard -C /etc/squid/squidguard.conf
# url_rewrite_children 5
url_rewrite_children 10
#Suggested default:
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320
# Don't upgrade ShoutCast responses to HTTP
upgrade_http0.9 deny shoutcast
# connect_timeout 1 minute
connect_timeout 2 minutes
# client_lifetime 1 day
client_lifetime 1 days
# cache_mgr webmaster
cache_mgr webmaster
# error_directory /usr/share/squid/errors/English
error_directory /usr/share/squid/errors/English
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
#Default:
# windows_ipaddrchangemonitor on
cache_swap_high 95
cache_swap_low 90 |
et je de même configurer squidGuard.conf -->
Spoiler :
dbhome /var/lib/squidGuard/db/blacklists
logdir /var/log/squidGuard
#------------------------------------------------------------------------------------------
#Sources
src admin {
ip 192.168.0.2 #adresse ip admin
}
src multipostes {
ip 192.168.0.3-192.168.0.10 #adresse ip des utilisateurs
}
#-------------------------------------------------------------------------------------------
#destination
dest drogue {
urllist drogue/urls
domainlist drogue/domains
}
#-------------------------------------------------------------------------------------------
acl {
admin {
pass all
}
multipostes {
pass !drogue all
redirect http://www.google.com
}
default{
pass !drogue all
redirect http://www.google.com
}
}
#-------------------------------------------------------------------------------------------- |
Le problème c'est que rien ne marche impossible de bloquer les sites de mes blackslists !!
---------------
étudiant en informatique