Hi,
I've been working with Squid + SquidGuard for a few years, though only on Slackware. I'm currently transferring my proxy expertise to CentOS 7, and right now I'm having a little problem with that.
Squid works perfectly so far as a transparent HTTP + HTTPS cache proxy.
The next step is to add SquidGuard, so I installed it and edited the most basic /etc/squid/squidGuard.conf file possible.
In this setup, my workstation (192.168.2.2) is allowed to access anything on the Web, and all other client machines on the networks are blocked and should be redirected to the avertissement.html block page for every request.
--8<------------------------------------------------------------------ # /etc/squid/squidGuard.conf dbhome /var/squidGuard logdir /var/log/squidGuard
src admin { ip 192.168.2.2 }
acl { admin { pass any } default { pass none redirect http://nestor.microlinux.lan/avertissement.html } } --8<------------------------------------------------------------------
I appended the following lines to /etc/squid/squid.conf:
--8<------------------------------------------------------------------ # SquidGuard url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf url_rewrite_children 5 --8<------------------------------------------------------------------
Now this setup sort of works. My workstation can access anything, other clients are blocked. Unfortunately, the block page avertissement.html is not displayed. Instead, I get a Squid error page:
The following error was encountered while trying to retrieve the URL: https://http/*
Unable to determine IP address from host name "http".
Any idea why my static block page avertissement.html is not displayed?
Cheers,
Niki
Nicolas Kovacs wrote:
Hi,
I've been working with Squid + SquidGuard for a few years, though only on Slackware. I'm currently transferring my proxy expertise to CentOS 7, and right now I'm having a little problem with that.
Squid works perfectly so far as a transparent HTTP + HTTPS cache proxy.
The next step is to add SquidGuard, so I installed it and edited the most basic /etc/squid/squidGuard.conf file possible.
In this setup, my workstation (192.168.2.2) is allowed to access anything on the Web, and all other client machines on the networks are blocked and should be redirected to the avertissement.html block page for every request.
<SNIP>
Stupid questions: 0. Does http://nestor.microlinux.lan/avertissement.html exist? 1. What are its ownership and group? 2. Can Apache access that directory and file?
mark
Le 14/03/2018 à 14:40, m.roth@5-cent.us a écrit :
Stupid questions: 0. Does http://nestor.microlinux.lan/avertissement.html exist?
- What are its ownership and group?
- Can Apache access that directory and file?
mark
Yes, the page exists, and it can be opened from any browser in the network.
Niki
Le 14/03/2018 à 14:40, m.roth@5-cent.us a écrit :
Stupid questions: 0. Does http://nestor.microlinux.lan/avertissement.html exist?
- What are its ownership and group?
- Can Apache access that directory and file?
mark
OK, I found the solution. Apparently I have to use a different syntax.
acl { admin { pass any } default { pass none redirect 302:http://nestor.microlinux.lan/avertissement.html } }
Prefixing the block page URL with 302: did the trick.
Cheers,
Niki
Le 14/03/2018 à 14:40, m.roth@5-cent.us a écrit :
Stupid questions: 0. Does http://nestor.microlinux.lan/avertissement.html exist?
- What are its ownership and group?
- Can Apache access that directory and file?
mark
Problem solved.
https://blog.microlinux.fr/squidguard-centos/
Cheers,
Niki
-
m.roth@5-cent.us -
Nicolas Kovacs