Installing and configuring the squidGuard web filter
This page was originally hosted by the official SquidGuard maintainers, however since they refuse to add our referral link as a reputable blacklist provider, we will do it for them. This howto, well it has not been updated in many years, but I’ll modify and update it here, as the information may still be useful. The definitive place to fetch the blacklists is: http://www.squidblacklist.org Use the “DG/SG Compatible Standard Format”.
and now back to the “vintage” documentation….
With the passage of the Children’s Internet Protection Act, schools are required to filter access to the internet in order to be eligible for E-Rate funds. E-Rate can be a substantial amount of money. With tightening budgets, foregoing the E-Rate funds will not be an option in most cases.
Unfortunately, commerical web filtering software is very expensive.
This puts quite a burdon on under-funded schools. They need the E-Rate funds to help pay for internet access, but in turn must spend a significant amount of money on filtering software.
The good news is that there exists free content filtering software. Until recently, MESD had been using expensive commercial content filtering software. We are very pleased with the performance of SquidGuard, the schools we support report that they much prefer SquidGuard.
The official squidGuard web site is located here:
First and foremost, you need to start off with a properly configured system that supports the Squid proxy server. Squid is licensed under the GNU General Public License which means that is free, both in the sense of free beer and free speach. Squid runs on a number of operating systems. Currently Linux, *BSD, Tru64, IRIX, Solaris, SCO, AIX, HP-UX, and NextStep are officially supported. MESD recommends Linux or OpenBSD. MESD uses the Immunix version of Linux. Most versions of *BSD and Linux include Squid.
If you are running Red Hat 7.2 server, you can download a squidGuard RPM here:
After installing this package, you can activate squidGuard by adding the following line to the squid configuration file (/etc/squid/squid.conf):
redirect_program /usr/sbin/squidGuard -c /etc/squid/squidGuard.conf
and restart squid:
/sbin/service squid restart
/sbin/chkconfig squid on
For full instructions on installing squidGuard, see the squidGuard website: http://www.squidguard.org/install/
Configuring squidGuard is very straight-forward. The default location for the block lists is /usr/local/squidGuard/db/. Each category is located in a different directory. Currently, the categories available are ads, aggresive, audio-video, drugs, gambling, hacking, porn, violence, and warez. The configure file is /etc/squid/squidGuard.conf. Here is a sample configuration file:
pass !gambling !porn all
dbhome defines where the block list databases are located
logdir defines where to log blocked requests
dest defines a category
acl defines the access control lists.
This example configuration defines two categories, gambling and warez. The acl line says that the default action is to block (!=don’t pass) gambling and warez categories and to permit everything else. The redirect line says to send requests to blocked sites to http://www.google.com, change this to fit your needs.
The default configuration file, /etc/squid/squidGuard.conf is much more extensive. See the squidGuard homepage, http://www.squidguard.org/config/ for all of the configuration options available.
The Red Hat 7.2 RPM is not configured to automatically download the Squidblacklist.org blacklists every night, this can easily be done using cron and wget with a simple bash script. Squidblacklist.org combines al of the blacklists they publish into a single file or individually, compressed or decompressed, and they are available from the following url. http://www.squidblacklist.org/downloads.html.
Making changes to the blacklists is very easy. The squidGuard RPM is prefconfigured with two locally-modifable databases, /var/squidguard/blacklists/local-ok/ and /var/squidguard/blacklists/local-block/. Each database has two files: domains and urls. Squidblacklist.org publishes domain based blacklists, NOT URLS. Regardless, if you want to block/unblock a whole web site, append the domain name to the domains file or you could just create your own custom acl by creating a new entry in your conf.
To easily whitelist a site, for example, if you want to make sure that web pages at CNN’s web site are never blocked, you can append cnn.com to the end of /var/squidguard/blacklists/local-ok/domains. If you want to make sure that all of the pages at somebadsite.com are blocked, append that to /var/squidguard/blacklists/local-block/domains. If there is just a specific portion of a website you want blocked, say http://www.yahoo.com/adult-stuff/, you can add “yahoo.com/adult-stuff” to /var/squidguard/blacklists/local-block/urls.
Once you’ve made the modifications, you need to run a command or two for the changes to take. If you are using the pre-built RPM, you can run:
If you are not using the pre-built RPM, these commands should do the trick for you:
su squid -s /bin/sh -c “/usr/sbin/squidGuard -c /etc/squid/squidGuard.conf -C all”
/usr/bin/killall -HUP squid
Contact us firstname.lastname@example.org for clarification on any others issues or questions regarding this topic, or for more information regarding Squidguard and domain blacklists by Squidblacklist.org see our blog for more tutorials and resources on the subject.
Subscribe Today – Paypal or Credit Card Accepted.
Flat rate subscription. Select a membership option & subscribe.
- You will be issued a username and password.
- You will be granted access to our member area.
- 5 Year Membership Option now available.
- For lifetime membership options click here.
- Contact us if you would like a pre order invoice.
Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.