[IPCOP 1.4.5] Aide ACL, suidGuard ou squid

Subject: [IPCOP 1.4.5] Aide ACL, suidGuard ou squid
From: "CeRberuS" <Cerebere@xxxxxxx>
Date: Mon, 11 Apr 2005 10:21:18 +0200
List-post: <mailto:aide-linux@lists.over-link.net>
List-subscribe: <mailto:sympa@lists.over-link.net?subject=subscribe%20aide-linux>
List-unsubscribe: <mailto:sympa@lists.over-link.net?subject=unsubscribe%20aide-linux>
References: <BE7310B2.C933%lasca@romarin.univ-aix.fr>
Reply-to: aide-linux@xxxxxxxxxxxxxxxxxx

Bonjour la liste, je vais essayer de vous exprimer mon problème. Je voudrais
que certaine IP de mon lan n'accède qu'a certain site, que l'on pourra
éditer, et que tous le reste soit rejeté. J'ai installé squidGuard GUI pour
ipcop 1.4.5, se qui me filtre déjà les sites tendancieux.

A priori j'ai cru comprendre qu'en faisais des ACL il serait possible de
créer ce dispositif.

J' ai eu pour idée de modifier le squidGuard.conf comme ceci :

dbhome /var/ipcop/proxy/blacklists
logdir /var/log/squidGuard
dest aggressive {
  domainlist     aggressive/domains
  urllist        aggressive/urls
  logfile        log/aggressive.log
}

dest violence {
  domainlist     violence/domains
  expressionlist violence/expressions
  urllist        violence/urls
  logfile        log/violence.log
}

dest agressif {
  domainlist     agressif/domains
  expressionlist agressif/expressions
  urllist        agressif/urls
  logfile        log/agressif.log
}

dest adult {
  domainlist     adult/domains
  expressionlist adult/expressions
  urllist        adult/urls
  logfile        log/adult.log
}

dest gambling {
  domainlist     gambling/domains
  urllist        gambling/urls
  logfile        log/gambling.log
}

dest redirector {
  domainlist     redirector/domains
  expressionlist redirector/expressions
  urllist        redirector/urls
  logfile        log/redirector.log
}

dest strong_redirector {
  domainlist     strong_redirector/domains
  expressionlist strong_redirector/expressions
  urllist        strong_redirector/urls
  logfile        log/strong_redirector.log
}

dest warez {
  domainlist     warez/domains
  expressionlist warez/expressions
  urllist        warez/urls
  logfile        log/warez.log
}

dest hacking {
  domainlist     hacking/domains
  urllist        hacking/urls
  logfile        log/hacking.log
}

dest strict_redirector {
  domainlist     strict_redirector/domains
  expressionlist strict_redirector/expressions
  urllist        strict_redirector/urls
  logfile        log/strict_redirector.log
}

dest tricheur {
  domainlist     tricheur/domains
  urllist        tricheur/urls
  logfile        log/tricheur.log
}

dest publicite {
  domainlist     publicite/domains
  expressionlist publicite/expressions
  urllist        publicite/urls
  logfile        log/publicite.log
  redirect http://x.x.x.x:81/images/null.gif
}

dest mobile-phone {
  domainlist     mobile-phone/domains
  logfile        log/mobile-phone.log
}

dest drogue {
  domainlist     drogue/domains
  urllist        drogue/urls
  logfile        log/drogue.log
}

dest webmail {
  domainlist     webmail/domains
  urllist        webmail/urls
  logfile        log/webmail.log
}

dest liste_bu {
  domainlist     liste_bu/domains
  urllist        liste_bu/urls
  logfile        log/liste_bu.log
}

dest radio {
  domainlist     radio/domains
  logfile        log/radio.log
}

dest forums {
  domainlist     forums/domains
  expressionlist forums/expressions
  urllist        forums/urls
  logfile        log/forums.log
}

dest audio-video {
  domainlist     audio-video/domains
  urllist             audio-video/urls
  logfile        log/audio-video.log
}

dest localblack { domainlist localblack
  logfile        log/localblack.log
}

dest localwhite { domainlist localwhite
  logfile             log/localwhite.log
}

dest allow {
   urllist             allow/list
}

src privilegedsource {  ip x.x.x.x/29 }
src bannedsource      {  ip  }
src lansource            {  ip x.x.x.x/24 }
src restricted             { ip x.x.x.x/27 }

acl {
        privilegedsource {
                pass all
                #redirect
http://x.x.x.x:81/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&ur
l=%u
        }

        bannedsource {
                pass none
                redirect
http://x.x.x.x:81/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&ur
l=%u
        }

        lansource {

                pass  localwhite liste_bu   !aggressive !violence !agressif
!adult !gambling !localblack !strong_redirector !warez !hacking
!strict_redirector !tricheur !publicite !mobile-phone !drogue !audio-video
all
                redirect
http://x.x.x.x:81/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&ur
l=%u
        }
        allow {
                pass allow none
                redirect
http://x.x.x.x:81/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&ur
l=%u
        }

        default {
                pass  localwhite liste_bu  none
                redirect
http://x.x.x.x:81/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&ur
l=%u
        }
}






Je relance squid pour qu'il recharge le fichier de squidGuard et la plus
personne n'a le net.

Si y a des âmes bienveillantes qui pourrais m'aider je vous serais bien
reconnaissant .

Cordialement ..

----------------------------------
Informations, désabonnement, règles, obligations sur la liste Aide-Linux :
http://lists.ze-linux.org/howto_ml.html
Liste Herbergee par Over-Link [http://www.over-link.net]

References:
- Re :[Mandrake 10] Prob Ecran
  - From: Patrick lasca

Prev by Date: RE: [DHCP ]sous sous redhat9
Next by Date: [IPCOP 1.4.5] Aide ACL, suidGuard ou squid
Previous by thread: Re :[Mandrake 10] Prob Ecran
Next by thread: [toutes distri] java et linux
Index(es):
- Date
- Thread

Aide Linux - Liste de diffusion Ze-Linux hebergée par