Installing and configuring the squidGuard web filter

Installing and configuring the squidGuard web filter


This page was originally hosted by the official SquidGuard maintainers, however since they refuse to add our referral link as a reputable blacklist provider, we will do it for them. This howto, well it has not been updated in many years, but I’ll modify and update it here, as the information may still be useful. The definitive place to fetch the blacklists is: Use the “DG/SG Compatible Standard Format”.

and now back to the “vintage” documentation….

With the passage of the Children’s Internet Protection Act, schools are required to filter access to the internet in order to be eligible for E-Rate funds. E-Rate can be a substantial amount of money. With tightening budgets, foregoing the E-Rate funds will not be an option in most cases.

Unfortunately, commerical web filtering software is very expensive.

This puts quite a burdon on under-funded schools. They need the E-Rate funds to help pay for internet access, but in turn must spend a significant amount of money on filtering software.

The good news is that there exists free content filtering software. Until recently, MESD had been using expensive commercial content filtering software. We are very pleased with the performance of SquidGuard, the schools we support report that they much prefer SquidGuard.

Official Site
The official squidGuard web site is located here:

First and foremost, you need to start off with a properly configured system that supports the Squid proxy server. Squid is licensed under the GNU General Public License which means that is free, both in the sense of free beer and free speach. Squid runs on a number of operating systems. Currently Linux, *BSD, Tru64, IRIX, Solaris, SCO, AIX, HP-UX, and NextStep are officially supported. MESD recommends Linux or OpenBSD. MESD uses the Immunix version of Linux. Most versions of *BSD and Linux include Squid.

If you are running Red Hat 7.2 server, you can download a squidGuard RPM here:

After installing this package, you can activate squidGuard by adding the following line to the squid configuration file (/etc/squid/squid.conf):

redirect_program /usr/sbin/squidGuard -c /etc/squid/squidGuard.conf

and restart squid:

/sbin/service squid restart
/sbin/chkconfig squid on

For full instructions on installing squidGuard, see the squidGuard website:

Configuring squidGuard is very straight-forward. The default location for the block lists is /usr/local/squidGuard/db/. Each category is located in a different directory. Currently, the categories available are ads, aggresive, audio-video, drugs, gambling, hacking, porn, violence, and warez. The configure file is /etc/squid/squidGuard.conf. Here is a sample configuration file:

dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log

dest gambling{
log gambling
domainlist gambling/dg-gambling.acl

dest porn{
log porn
domainlist porn/dg-porn.acl

acl {
default {
pass !gambling !porn all
redirect 302:

dbhome defines where the block list databases are located
logdir defines where to log blocked requests
dest defines a category
acl defines the access control lists.

This example configuration defines two categories, gambling and warez. The acl line says that the default action is to block (!=don’t pass) gambling and warez categories and to permit everything else. The redirect line says to send requests to blocked sites to, change this to fit your needs.

The default configuration file, /etc/squid/squidGuard.conf is much more extensive. See the squidGuard homepage, for all of the configuration options available.

The Red Hat 7.2 RPM is not configured to automatically download the blacklists every night, this can easily be done using cron and wget with a simple bash script. combines al of the blacklists they publish into a single file or individually, compressed or decompressed, and they are available from the following url.

Making changes to the blacklists is very easy. The squidGuard RPM is prefconfigured with two locally-modifable databases, /var/squidguard/blacklists/local-ok/ and /var/squidguard/blacklists/local-block/. Each database has two files: domains and urls. publishes domain based blacklists, NOT URLS. Regardless, if you want to block/unblock a whole web site, append the domain name to the domains file or you could just create your own custom acl by creating a new entry in your conf.

To easily whitelist a site, for example, if you want to make sure that web pages at CNN’s web site are never blocked, you can append to the end of /var/squidguard/blacklists/local-ok/domains. If you want to make sure that all of the pages at are blocked, append that to /var/squidguard/blacklists/local-block/domains. If there is just a specific portion of a website you want blocked, say, you can add “” to /var/squidguard/blacklists/local-block/urls.

Once you’ve made the modifications, you need to run a command or two for the changes to take. If you are using the pre-built RPM, you can run:


If you are not using the pre-built RPM, these commands should do the trick for you:

su squid -s /bin/sh -c “/usr/sbin/squidGuard -c /etc/squid/squidGuard.conf -C all”
/usr/bin/killall -HUP squid

Contact us for clarification on any others issues or questions regarding this topic, or for more information regarding Squidguard and domain blacklists by see our blog for more tutorials and resources on the subject.

Subscribe Today – Paypal or Credit Card Accepted.

Flat rate subscription. Select a membership option & subscribe.

Select Payment Option

  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 3 Year Membership Option now available.
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.

One Reply to “Installing and configuring the squidGuard web filter”

  1. [* Shield plugin marked this comment as “trash”. Reason: Failed GASP Bot Filter Test (checkbox) *]
    larry How can I block access to HTTPS youubte as you suggested? When I tried this it seemed to also block Google authentication, Google drive, etc.Using Pfsense 2.0.2, Squid and Squidguard.

Leave a Reply

Your email address will not be published. Required fields are marked *