Squid with Dansguardian problem.

From: "Semih Gokalp" <semihgokalp@xxxxxxxxx>
Date: Wed, 14 Nov 2007 11:55:50 +0200

I am sorry for asking question to debian list about dansguardian.
I am using dansguardian + squid3 + clamav but i have a problem.

I have two NIC and eth1:192.168.0.0/24(inside) and eth0:
192.168.1.0/24(outside)

1)I configured Dansguardianlike below:

filterip =192.168.0.1
filterport = 8080
proxyip = 127.0.0.1 (Same server)
proxyport = 3128

usernameidmethodproxyauth = on ( i tried "off" but not worked)
usernameidmethodntlm = off # **NOT IMPLEMENTED**
usernameidmethodident = off

2)And configured squid like below:

http_port 3128 transparent

cache_dir ufs /media/httpcache/squid3 512 16 256
access_log /media/httpcache/log/squid3/access.log

acl all src 0.0.0.0/0.0.0.0
acl yerel src 192.168.0.0/24
acl manager proto cache_object
acl localhost src 127.0.0.0/8
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow yerel

http_reply_access allow all

icp_access allow all

3)and configured iptables like this:

iptables -t nat -A PREROUTING -p tcp -i $INTIF -s 192.168.0.0/24 --dport 80
-j REDIRECT --to-port 8080

but when i try enter to any website,web browser print this:

--------
ERROR
The requested URL could not be retrieved

The fallowing error was encountered:

Invalid URL

-Missing or incorrect access protocol (Should be http:// or smilar)
-Missing hostname
-Illegal double-escape in the URL-Path
-Illegal character in hostname;underscores are not allowed
---------------

But when i use only squid(REDIRECT 3128),i have not a problem.

Why dont work squid with dansguardian ?

If you help me,i will be happy.

--
Semih Gokalp

Follow-Ups:
- Re: Squid with Dansguardian problem.
  - From: Mihira Fernando

Prev by Date: Re: Convert .OGG to .MPEG or .SWF
Next by Date: Re: Suggest core2duo motherboard for debian.
Previous by thread: need help with BIND9
Next by thread: Re: Squid with Dansguardian problem.
Index(es):
- Date
- Thread

Relevant Pages

RE: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?
... You want to DENY ALL, ... all ports and IPs, and then grant access to the ones you need. ... creating ACL after ACL. ... known bad IPs ...
(Security-Basics)
Re: CISCO ACLs.. Are there lists already out there to protect me from trojans and known bad sites?
... You want to DENY ALL, ... > all ports and IPs, and then grant access to the ones you need. ... > creating ACL after ACL. ...
(Security-Basics)
Re: [Full-disclosure] RE: Example firewall script
... > of every ACL. ... > DENY ANY ANY at the end of their ACL's ... > should have a deny statement at the end, ... situations where large numbers of disparate hosts ...
(Full-Disclosure)
Transparent Proxy using Squid and PF
... I need a little help on setting up transparent proxy with Squid and PF in FreeBSD 5.4-RELEASE. ... rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128 ... acl QUERY urlpath_regex cgi-bin \? ... no_cache deny QUERY ...
(freebsd-questions)
Re: deny access
... > is the correct syntax, but the information he didn't get was: ... > line ACL to block one host would effectively block all hosts. ... > If there are no ACLs now, make it a two liner, the deny line, and: ...
(Security-Basics)