[WBEL-users] RE: [GLUG-chat] Re: squid proxy
marcusv
marcusv@siemagblanes.co.za
Mon, 21 Jun 2004 08:46:14 +0200
Hi there Brett.
Sorry
OS = WhiteBox Enterprise Linux 3.0
Squid-2.5.STABLE-3.3E
Squidguard-1.2.0-2
Ok This is what I have in my squid.conf.
For some reason it did not like the parameters that you gave me.
http_port 3128
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
auth_param basic program /etc/webmin/squid/squid-auth.pl
/etc/webmin/squid/users
auth_param basic realm SIEMAG INTERNET FIREWALL
acl SIEMAG proxy_auth REQUIRED
http_access allow SIEMAG
snmp_port 3401
snmp_access deny all
http_access allow manager localhost
http_access deny manager
This seems to work fine.
And I get prompted for username and passwd.
I also managed to download the blacklist from squidguard over the
weekend, this is the directory structure.
squidGuard.conf = dbhome /usr/share/squidGuard/db
/usr/share/squidGuard/db [In this directory]
Warez
Violence
Ads
Etc....
Is this correct as I can still browse these pages.....
What am I doing wrong.
Your assistance in this would be greatly appreciated.
Regards
Marcus Van Wyk.
-----Original Message-----
From: Brett Geer (DHL) [mailto:brett.geer@dhl.com]
Sent: Saturday, June 19, 2004 6:48 PM
To: marcusv
Subject: Re: [GLUG-chat] Re: squid proxy
OK, I have 2x 2.1 boxes and a 3.0 license, I can setup a machine at the
orifice to test this. the configs I gave you worked happily on RH 7.1
brett
----- Original Message -----
From: "marcusv" <marcusv@siemagblanes.co.za>
To: "'Brett Geer DHL-ZA'" <brett.geer@dhl.com>
Sent: Friday, June 18, 2004 3:40 PM
Subject: RE: [GLUG-chat] Re: squid proxy
> Just to let you know that this is from WhiteBox Enterprise Level
> [RedHat Enterprise Level 3.0] Still not up yet, but will give you the
> version on Monday.
>
> -----Original Message-----
> From: Brett Geer DHL-ZA [mailto:brett.geer@dhl.com]
> Sent: Friday, June 18, 2004 12:10 PM
> To: marcusv
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> bizarre, that syntax is correct for 2.4, works happily at a number of
> sites
>
> brett
>
> -----Original Message-----
> From: marcusv [mailto:marcusv@siemagblanes.co.za]
> Sent: Friday, June 18, 2004 12:02 PM
> To: 'Brett Geer DHL-ZA'
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> Sorry Brett Had to shut down for a while will let you no as soon as
> it's up again. But /usr/lib/squid/pam_auth does exsist.
>
>
>
> -----Original Message-----
> From: Brett Geer DHL-ZA [mailto:brett.geer@dhl.com]
> Sent: Friday, June 18, 2004 11:05 AM
> To: marcusv
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> wert version of squid?
>
> does that pam_auth app exist at the specified path?
>
> brett
>
> -----Original Message-----
> From: marcusv [mailto:marcusv@siemagblanes.co.za]
> Sent: Friday, June 18, 2004 10:58 AM
> To: 'Brett Geer DHL-ZA'
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> OK Did this.
> And this is the error that I get now.
>
> #########################################
> [root@mail2 pam.d]# service squid restart
> 'topping squid: 2004/06/18 10:48:18| parseConfigFile: line 2794
> unrecognized: 'authenticate_program /usr/lib/squid/pam_auth
> '004/06/18 10:48:18| parseConfigFile: line 2795 unrecognized:
> 'authenticate_children 5 '004/06/18 10:48:18| parseConfigFile: line
> 2796 unrecognized: 'proxy_auth_realm Squid proxy-caching web server
> ' because no authentication schemes are fully configured.h ACL 'acl
> password proxy_auth REQUIRED
> 2004/06/18 10:48:18| aclParseAclLine: IGNORING invalid ACL: acl
password
> proxy_auth REQUIRED
> 2004/06/18 10:48:18| squid.conf line 2801: http_access allow local_net
> password
> 2004/06/18 10:48:18| aclParseAccessLine: ACL name 'password' not
found.
> . [ OK ]
> Starting squid: . [ OK ]
> [root@mail2 pam.d]#
> #########################################
>
>
> -----Original Message-----
> From: Brett Geer DHL-ZA [mailto:brett.geer@dhl.com]
> Sent: Friday, June 18, 2004 10:50 AM
> To: marcusv
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> cp it to /etc/pam.d, make sure it has the same perms as the rest of
> them in there do
>
> brett
>
> -----Original Message-----
> From: marcusv [mailto:marcusv@siemagblanes.co.za]
> Sent: Friday, June 18, 2004 10:41 AM
> To: 'Brett Geer DHL-ZA'
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> Hi there Brett.
>
> I see in your zip file you have a pam.d dir with a file called squid
> what do I do with this file. Where do I move it to.
>
> Contents:
> Auth required /lib/sec... Etc...
>
> -----Original Message-----
> From: Brett Geer DHL-ZA [mailto:brett.geer@dhl.com]
> Sent: Friday, June 18, 2004 8:41 AM
> To: marcusv
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> Yo,
>
> attached files for pam, squid, squidg, you will need to chmod 4750
> the auth binary for this to work.
>
> The DB files you can download from squidgaurd's website
>
> brett
>
> -----Original Message-----
> From: marcusv [mailto:marcusv@siemagblanes.co.za]
> Sent: Friday, June 18, 2004 8:39 AM
> To: 'Brett Geer DHL-ZA'
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> Sorry not to sure I understand.
> >Do you have the URL database?
>
> -----Original Message-----
> From: Brett Geer DHL-ZA [mailto:brett.geer@dhl.com]
> Sent: Friday, June 18, 2004 8:31 AM
> To: marcusv
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> indeed, squidguard.conf is the sg config, lemme go scratch up a config
> and sanitize it. Do you have the URL database?
>
> brett
>
> -----Original Message-----
> From: marcusv [mailto:marcusv@siemagblanes.co.za]
> Sent: Thursday, June 17, 2004 4:12 PM
> To: 'Brett Geer DHL-ZA'
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> Done..
>
> I dll the rpm off redhat EL 3.0 site as I am running Whitebox.
>
> I see after the rpm -i, I now have a squidgruard.conf file in
> /etc/squid
>
>
> -----Original Message-----
> From: Brett Geer DHL-ZA [mailto:brett.geer@dhl.com]
> Sent: Thursday, June 17, 2004 4:07 PM
> To: marcusv
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> go to the squidguard page. is good. sort of.
>
> I recommend you rpm -i it and lemme know, I'll dredge out a proxy conf
> I have with it in for you
>
> brett
>
> -----Original Message-----
> From: marcusv [mailto:marcusv@siemagblanes.co.za]
> Sent: Thursday, June 17, 2004 3:53 PM
> To: 'Brett Geer DHL-ZA'
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> OK I have now downloaded the squidguard .rpm
>
> Where to now.
>
> Do you know of a good how-to.
>
> Regards
>
>
> -----Original Message-----
> From: Brett Geer DHL-ZA [mailto:brett.geer@dhl.com]
> Sent: Thursday, June 17, 2004 3:29 PM
> To: marcusv
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> um no, you need to use a filter, I recommend squidgaurd, if you can
> install it by yourself without drinking a lot, you will have achieved
> guru status.
>
> If not, shout and I'll send you a sample config, but yea, it can be
> done
>
> brett
>
> -----Original Message-----
> From: marcusv [mailto:marcusv@siemagblanes.co.za]
> Sent: Thursday, June 17, 2004 3:16 PM
> To: brett.geer@dhl.com
> Subject: RE: [GLUG-chat] Re: squid proxy
>
>
> OK thanx for the help got this working.
>
> Just another question.
>
> I would like to block certain staff member from viewing certain
> websites can I block those websites. How would this be done?
>
> PS* Extreme newbie here, so I'm learning on the fly.
> Is it just a file I include in the squid.conf file and what is the
> syntax for the included file.
>
> Regards
> Marcus Van Wyk.
>
>
> -----Original Message-----
> From: glug-chat-bounce@linux.org.za
> [mailto:glug-chat-bounce@linux.org.za] On Behalf Of Brett Geer DHL-ZA
> Sent: Thursday, June 17, 2004 3:11 PM
> To: marcusv@siemagblanes.co.za; glug-chat@linux.org.za
> Subject: [GLUG-chat] Re: squid proxy
>
>
> Yo,
>
> right, change the http_access deny to:
>
> http_access deny all
>
> put that at the end of the acl's. Usually I just put my
> customisation at the end.
>
> Right, getting back to your authentication story, yes, squid can do
> that, in /etc/pam.d/squid is the things you need to enable, then in
> the squid.conf you need to enable the password helper and change your
> ACL's accordingly.
>
> brett
>
> -----Original Message-----
> From: glug-chat-bounce@linux.org.za
> [mailto:glug-chat-bounce@linux.org.za]On Behalf Of marcusv
> Sent: Thursday, June 17, 2004 11:49 AM
> To: glug-chat@linux.org.za
> Subject: [GLUG-chat] squid proxy
>
>
> Hi there List.
>
> I'm now trying to setup squid proxy server.
>
> A How-To says that I should add these lines to squid.conf
>
> acl allowed_clients src 10.128.15.166
> http_access allow allowed_clients
> http_access deny !allowed_clients
>
> But this is the error that I get.
> ERROR
> The requested URL could not be retrieved
> ----------------------------------------------------------------------
> --
> --------
> While trying to retrieve the URL: http://www.yahoo.com
> The following error was encountered:
> Access Denied.
> Access control configuration prevents your request from being allowed
at
> this time. Please contact your service provider if you feel this is
> incorrect. Your cache administrator is root.
>
------------------------------------------------------------------------
> --------
> Generated Thu, 17 Jun 2004 09:41:15 GMT by server.whateverdomain.co.za
> (squid/2.5.STABLE3)
>
> Question. is it possible to setup a authentication program to check
> username and password. If so how can this be done. And can it be in
> conjunction with the users found in /etc/passwd file.
>
> Any Pointer / Advice would be appreciated.
> Regards
> Marcus. [Error to follow.]
>
>
> ---
> To unsubscribe: send the line "unsubscribe glug-chat" in the subject
> of a mail to "glug-chat-request@linux.org.za". Problems? Email
> "glug-chat-admins@linux.org.za". Archives are at
> http://www.linux.org.za/Lists-Archives/
>
>
> ---
> To unsubscribe: send the line "unsubscribe glug-chat" in the subject
> of a mail to "glug-chat-request@linux.org.za". Problems? Email
> "glug-chat-admins@linux.org.za". Archives are at
> http://www.linux.org.za/Lists-Archives/
>
>
>
>
>
>
>
>
>
>