Fedora-Fr

Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

squidGuard ne tient pas compte de ses blacklists

fredouille

Bonjour à tous,

Je suis en train de travailler sur squid+squidGuard pour mon petit réseau, et à ma grande surprise squidGuard ne semble pas tenir compte de toutes ses blacklists.

Voici ce que j'ai fais :
modifié mon squid.conf en suivant ceci et en rajoutant donc à la fin du fichier /etc/squid/squid.conf celà :

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 5

Puis j'ai téléchargé les blacklists proposées par l'université de Toulouse

Enfin j'ai rajouté les dites blacklists de l'université de Toulouse dans un répertoire autorisé en lecture/écriture à squid et modifié le fichier squidGuard.conf comme ceci :

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/squidGuard
logdir /var/log/squidGuard

#
# TIME RULES:
# abbrev for weekdays: 
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

time horaires-gamins {
    weekly    swa    10:00 - 12:00
    weekly    swa    14:00 - 16:00
    weekly    mthf    18:00 - 19:00
#    date *-*-01  08:00 - 16:30
}

#
# REWRITE RULES:
#

#rew dmz {
#    s@://admin/@://admin.foo.bar.de/@i
#    s@://foo.bar.de/@://www.foo.bar.de/@i
#}

#
# SOURCE ADDRESSES:
#

src admin {
    ip    192.168.0.224
#    ip    127.0.0.1
#    user    root foo bar
#    within    workhours
}

src Roots {
    ip    192.168.0.0/24
    user    Fred
}
src users {
    ip    192.168.0.0/24
    user    user1
}
src gamins {
    ip    192.168.0.0/24
    user    gamin1
}

#
# DESTINATION CLASSES:
#

#dest good {
#}

#dest local {
#}

dest ads {
# Sites Publicitaires
    log    ads
    domainlist    blacklists.origine-paquet/ads/domains
    urllist    blacklists.origine-paquet/ads/urls
}

dest adult {
# Sites adultes erotisme -> pornographie
    log    adult
    domainlist    blacklists/adult/domains
    urllist    blacklists/adult/urls
    expressionlist    blacklists/adult/very_restrictive_expression
}

dest aggressive {
# Sites Racistes Antisémites
    log    aggressive
    domainlist    blacklists.origine-paquet/aggressive/domains
    urllist    blacklists.origine-paquet/aggressive/urls
}

dest agressif {
    log    agressif
    domainlist    blacklists/agressif/domains
    urllist    blacklists/agressif/urls
}

dest astrology {
# Sites d'Astrologie
    log    astrology
    domainlist    blacklists/astrology/domains
    urllist    blacklists/astrology/urls
}

dest audio-video {
# Sites Audio-Video
    log    audio-video
    domainlist    blacklists.origine-paquet/audio-video/domains
    urllist    blacklists.origine-paquet/audio-video/urls
}

dest audio-video2 {
# Sites Audio-Video
    log    audio-video
    domainlist    blacklists/audio-video/domains
    urllist    blacklists/audio-video/urls
}

dest blog {
# Site de Blogs
    log    blog
    domainlist    blacklists/blog/domains
    urllist    blacklists/blog/urls
}

dest celebrity {
# Sites de Célébrités
    log    celebrity
    domainlist    blacklists/celebrity/domains
    urllist    blacklists/celebrity/urls
}

dest chat {
# Sites de Chat
    log    chat
    domainlist    blacklists/chat/domains
    urllist    blacklists/chat/urls
}

dest child {
# Sites d'Enfants
    log    child
    domainlist    blacklists/child/domains
    urllist    blacklists/child/urls
}

dest cleaning {
# Sites de Désinfection et de Mise à Jour d'Ordinateurs
    log    cleaning
    domainlist    blacklists/cleaning/domains
    urllist    blacklists/cleaning/urls
}

dest dangerous_material {
# Sites de Matériels Dangereux
    log    dangerous_material
    domainlist    blacklists/dangerous_material/domains
    urllist    blacklists/dangerous_material/urls
}

dest dating {
# Sites de Rencontres
    log    dating
    domainlist    blacklists/dating/domains
    urllist    blacklists/dating/urls
}

dest drogue {
# Sites de Drogues
    log    drogue
    domainlist    blacklists/drogue/domains
    urllist    blacklists/drogue/urls
}

dest drugs {
# Sites de Drogues
    log    drugs
    domainlist    blacklists.origine-paquet/drugs/domains
    urllist    blacklists.origine-paquet/drugs/urls
}

dest filehosting {
# Sites de Partage de Fichiers
    log    filehosting
    domainlist    blacklists/filehosting/domains
    urllist    blacklists/filehosting/urls
}

dest financial {
# Sites de Finances et Bourses
    log    financial
    domainlist    blacklists/financial/domains
    urllist    blacklists/financial/urls
}

dest forums {
# Sites de Forums
    log    forums
    domainlist    blacklists/forums/domains
    urllist    blacklists/forums/urls
}

dest gambling {
# Sites de Jeu en Ligne, Casinos
    log    gambling
    domainlist    blacklists.origine-paquet/gambling/domains
    urllist    blacklists.origine-paquet/gambling/urls
}

dest gambling2 {
# Sites de Jeu en Ligne, Casinos
    log    gambling
    domainlist    blacklists/gambling/domains
    urllist    blacklists/gambling/urls
}

dest games {
# Sites de Jeux
    log    games
    domainlist    blacklists/games/domains
    urllist    blacklists/games/urls
}

dest hacking {
# Sites de Piratage
    log    hacking
    domainlist    blacklists.origine-paquet/hacking/domains
    urllist    blacklists.origine-paquet/hacking/urls
}

dest hacking2 {
# Sites de Piratage
    log    hacking
    domainlist    blacklists/hacking/domains
    urllist    blacklists/hacking/urls
}

dest liste_bu {
# Sites Educatifs filtrés Univ Toulouse
    log    liste_bu
    domainlist    blacklists/liste_bu/domains
    urllist    blacklists/liste_bu/urls
}

dest mail {
# Sites de Forums
    log    mail
    domainlist    blacklists.origine-paquet/mail/domains
}

dest malware {
# Sites de Malwares
    log    malware
    domainlist    blacklists/malware/domains
    urllist    blacklists/malware/urls
    expressionlist    blacklists/malware/expressions
}

dest manga {
# Sites de Mangas
    log    manga
    domainlist    blacklists/manga/domains
    urllist    blacklists/manga/urls
}

dest marketingware {
# Sites de Marketing
    log    marketingware
    domainlist    blacklists/marketingware/domains
    urllist    blacklists/marketingware/urls
}

dest mixed_adult {
# Sites d'Adultes
    log    mixed_adult
    domainlist    blacklists/mixed_adult/domains
    urllist    blacklists/mixed_adult/urls
}

dest mobile-phone {
# Sites pour les Mobiles
    log    mobile-phone
    domainlist    blacklists/mobile-phone/domains
    urllist    blacklists/mobile-phone/urls
}

dest phishing {
# Sites de Phishing, Arnaques Bancaires
    log    phishing
    domainlist    blacklists/phishing/domains
    urllist    blacklists/phishing/urls
}

dest porn {
# Sites adultes erotisme -> pornographie
    log    porn
    domainlist    blacklists.origine-paquet/porn/domains
    urllist    blacklists.origine-paquet/porn/urls
#    expressionlist    blacklists.origine-paquet/expression/expressions
}

dest press {
# Sites de Presses
    log    press
    domainlist    blacklists/press/domains
    urllist    blacklists/press/urls
}

dest proxy {
# Sites de Redirection
    log    proxy
    domainlist    blacklists.origine-paquet/proxy/domains
    urllist    blacklists.origine-paquet/proxy/urls
}

dest publicite {
# Sites Publicitaires
    log    publicite
    domainlist    blacklists/publicite/domains
    urllist    blacklists/publicite/urls
    expressionlist    blacklists/publicite/expressions
}

dest radio {
# Sites de Radios
    log    radio
    domainlist    blacklists/radio/domains
    urllist    blacklists/radio/urls
}

dest reaffected {
# Sites de ???
    log    reaffected
    domainlist    blacklists/reaffected/domains
    urllist    blacklists/reaffected/urls
}

dest redirector {
# Sites de Redirection
    log    redirector
    domainlist    blacklists.origine-paquet/redirector/domains
    urllist    blacklists.origine-paquet/redirector/urls
}

dest redirector2 {
# Sites de Redirection
    log    redirector
    domainlist    blacklists/redirector/domains
    urllist    blacklists/redirector/urls
    expressionlist    blacklists/redirector/u2
}

dest remote-control {
# Sites de Controles à Distance
    log    remote-control
    domainlist    blacklists/remote-control/domains
    urllist    blacklists/remote-control/urls
}

dest sect {
# Sites de Sectes
    log    sect
    domainlist    blacklists/sect/domains
    urllist    blacklists/sect/urls
}

dest sexual_education {
# Sites d'Education Sexuelle
    log    sexual_education
    domainlist    blacklists/sexual_education/domains
    urllist    blacklists/sexual_education/urls
}

dest shopping {
# Sites de Shopping en Ligne
    log    shopping
    domainlist    blacklists/shopping/domains
    urllist    blacklists/shopping/urls
}

dest spyware {
# Sites de Logiciels Espions
    log    spyware
    domainlist    blacklists.origine-paquet/spyware/domains
    urllist    blacklists.origine-paquet/spyware/urls
}

dest strict_redirector {
# Sites de Redirection avec Moteurs de Recherche
    log    strict_redirector
    domainlist    blacklists/strict_redirector/domains
    urllist    blacklists/strict_redirector/urls
    expressionlist    blacklists/strict_redirector/expressions
}

dest strong_redirector {
# Sites de Redirection avec Moteurs de Recherche bloqués sur Certains Termes
    log    strong_redirector
    domainlist    blacklists/strong_redirector/domains
    urllist    blacklists/strong_redirector/urls
    expressionlist    blacklists/strong_redirector/expressions
}

dest suspect {
# Sites de ????
    log    suspect
    domainlist    blacklists.origine-paquet/suspect/domains
    urllist    blacklists.origine-paquet/suspect/urls
}

dest tricheur {
# Sites de Triche
    log    tricheur
    domainlist    blacklists/tricheur/domains
    urllist    blacklists/tricheur/urls
}

dest violence {
# Sites de Violence
    log    violence
    domainlist    blacklists.origine-paquet/violence/domains
    urllist    blacklists.origine-paquet/violence/urls
}

dest warez {
# Sites de Logiciels Pirates
    log    warez
    domainlist    blacklists.origine-paquet/warez/domains
    urllist    blacklists.origine-paquet/warez/urls
}

dest warez2 {
# Sites de Logiciels Pirates
    log    warez
    domainlist    blacklists/warez/domains
    urllist    blacklists/warez/urls
}

dest webmail {
# Sites de WebMail
    log    webmail
    domainlist    blacklists/webmail/domains
    urllist    blacklists/webmail/urls
}

rewrite google {
    s@(google.com/search.*q=.*)@\1\&safe=active@i
    s@(google.com/images.*q=.*)@\1\&safe=active@i
    s@(google.com/groups.*q=.*)@\1\&safe=active@i
    s@(google.com/news.*q=.*)@\1\&safe=active@i
}

acl {
    admin {
        pass    any
    }

    Roots {
        pass    any
        redirect    302:http://portFB2.fredouille.org/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
    }

    users {
        pass !ads adult !aggressive !agressif !astrology !audio-video !audio-video2 !blog !celebrity !chat child !cleaning !dangerous_material !dating !drogue !drugs !filehosting !financial forums !gambling !gambling2 !games !hacking !hacking2 liste_bu mail !malware !manga !marketingware !mixed_adult !mobile-phone !phishing porn !press !proxy !publicite !radio !reaffected !redirector !redirector2 !remote-control !sect !sexual_education !shopping !spyware !strict_redirector !strong_redirector !suspect !tricheur !violence !warez !warez2 any
        redirect    302:http://portFB2.fredouille.org/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
#        redirect    302:http://portFB2.fredouille.org/cgi-bin/squidGuard-simple.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetclass=%t&url=%u
    }

    gamins within horaires-gamins {
        pass !ads !adult !aggressive !agressif !astrology !audio-video !audio-video2 !blog !celebrity !chat child !cleaning !dangerous_material !dating !drogue !drugs !filehosting !financial !forums !gambling !gambling2 !games !hacking !hacking2 liste_bu !mail !malware !manga !marketingware !mixed_adult !mobile-phone !phishing !porn !press !proxy !publicite !radio !reaffected !redirector !redirector2 !remote-control !sect !sexual_education !shopping !spyware !strict_redirector !strong_redirector !suspect !tricheur !violence !warez !warez2 any
        redirect    302:http://portFB2.fredouille.org/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
    } else {
        pass none
        redirect    302:http://portFB2.fredouille.org/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
    }

    default {
#        rewrite    dmz
        pass    none
        redirect    302:http://portFB2.fredouille.org/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
    }
}

Puis j'ai fais un #squidGuard -C all pour mettre à jour les db de squidGuard et j'ai fais un #chown squid:squid /var/squidGuard/* afin que squid puisse utiliser toutes les bases disponibles.

J'ai vérifié ceci en faisant un #su -c "echo 'http://www.example.com 192.168.0.224/ - - GET' | squidGuard -c /etc/squid/squidGuard.conf -d".

Le souci est que lorsque j'utilise un client configuré pour utiliser squid+squidGuard, certaines adresses présentes dans les blacklists ne sont pas forcément interdites.

Concrêtement j'ai l'impression que squidGuard filtre bien ses blacklists livrées avec le paquet mais n'utilise pas celles que j'ai rajouté manuellement.

Vous auriez une idée de ce que je fais mal ???