Squid / SquidGuard Issue

chrisl at xp.etowns.net chrisl at xp.etowns.net
Mon Sep 11 17:16:41 UTC 2006 

We have implemented Squid with Squidguard and had it successfully 
running with the black lists from

http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz

We had run across a blacklist at:

http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz

This list blocks quite a few more sites and was more of what we wanted 
to use, so we implemented it.

When starting squid with the new blacklists, the squidguard processes go 
nuts and start creating numerous BDB***** files in the /var/tmp 
directory. It will keep creating these files until the disk is full. I 
even attached a 8gb drive to /var/tmp in case it was a space issue and 
it too was filled up with these files. This behavior does not occur with 
the initial blacklists we used.

There were 300+ plus BDB* files in the directory when it ran out of space.

-rw------- 1 proxy proxy 27328512 2006-09-11 06:25 BDB01117
-rw------- 1 proxy proxy 27328512 2006-09-11 06:25 BDB01118
-rw------- 1 proxy proxy 27328512 2006-09-11 06:25 BDB01119
-rw------- 1 proxy proxy 27328512 2006-09-11 06:25 BDB01120
-rw------- 1 proxy proxy 27328512 2006-09-11 06:27 BDB01180
-rw------- 1 proxy proxy 27328512 2006-09-11 06:28 BDB01181
-rw------- 1 proxy proxy 27328512 2006-09-11 06:28 BDB01182
-rw------- 1 proxy proxy 27328512 2006-09-11 06:28 BDB01183
-rw------- 1 proxy proxy 27328512 2006-09-11 06:28 BDB01184
-rw------- 1 proxy proxy 27328512 2006-09-11 06:30 BDB01208
-rw------- 1 proxy proxy 27328512 2006-09-11 06:30 BDB01209
-rw------- 1 proxy proxy 27328512 2006-09-11 06:30 BDB01210
-rw------- 1 proxy proxy 27328512 2006-09-11 06:30 BDB01211
-rw------- 1 proxy proxy 27328512 2006-09-11 06:30 BDB01212

The contents of the files are urls and address of items in the blacklists.

My squidguard.conf files is as follows

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard/db
logdir /var/log/squid

#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

time workhours {
    weekly mtwhf 08:00 - 16:30
    date *-*-01  08:00 - 16:30
}

#
# REWRITE RULES:
#

#rew dmz {
#    s@://admin/@://admin.foo.bar.no/@i
#    s@://foo.bar.no/@://www.foo.bar.no/@i
#}

#
# SOURCE ADDRESSES:
#

#src admin {
#    ip        1.2.3.4 1.2.3.5
#    user        root foo bar
#    within         workhours
#}

#src foo-clients {
#    ip        172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
#}

#src bar-clients {
#    ip        172.16.4.0/26
#}

#
# DESTINATION CLASSES:
#

source mynetwork.net {
    ip        192.168.50.0/24
    ip        192.168.32.0/24
    ip        192.168.18.0/24
    ip        192.168.12.0/24
    ip        192.168.16.0/24
    ip        192.168.8.0/24
    ip        192.168.20.0/24
}

destination bl_ads {
    domainlist    blacklists/ads/domains
    urllist        blacklists/ads/urls
}

destination bl_aggressive {
    domainlist    blacklists/aggressive/domains
    urllist        blacklists/aggressive/urls
}

destination bl_audio-video {
    domainlist    blacklists/audio-video/domains
    urllist        blacklists/audio-video/urls
}

destination bl_drugs {
    domainlist    blacklists/drugs/domains
    urllist        blacklists/drugs/urls
}

destination bl_gambling {
    domainlist    blacklists/gambling/domains
    urllist        blacklists/gambling/urls
}

destination bl_hacking {
    domainlist    blacklists/hacking/domains
    urllist        blacklists/hacking/urls
}

destination bl_mail {
    domainlist    blacklists/mail/domains
}

destination bl_porn {
    domainlist    blacklists/porn/domains
    urllist        blacklists/porn/urls
}

destination bl_proxy {
    domainlist    blacklists/proxy/domains
    urllist        blacklists/proxy/urls
}

destination bl_redirector {
    domainlist    blacklists/redirector/domains
    urllist        blacklists/redirector/urls
}

destination bl_spyware {
    domainlist    blacklists/spyware/domains
    urllist        blacklists/spyware/urls
}

destination bl_violence {
    domainlist    blacklists/violence/domains
    urllist        blacklists/violence/urls
    expressionlist    blacklists/violence/expressions
}

destination bl_warez {
    domainlist    blacklists/warez/domains
    urllist        blacklists/warez/urls
}

#destination adult {
#    domainlist    adult.destdomainlist
#}

dest good {
}

dest local {
}

#dest adult {
#    domainlist    adult/domains
#    urllist        adult/urls
#    expressionlist    adult/expressions
#    redirect     
http://admin.foo.bar.no/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
#}


acl {
    goxroads.net {
        pass !bl_porn !bl_warez !bl_violence !bl_proxy !bl_hacking 
!bl_gambling !bl_drugs !bl_audio-video !bl_aggressive !bl_ads !adult
        redirect http://prx2.goxroads.net:8080
    }

#    admin {
#        pass     any
#    }

#    foo-clients within workhours {
#        pass     good !in-addr !adult any
#    } else {
#        pass any
#    }

#    bar-clients {
#        pass    local none
#    }

    default {
        pass     local none
#        rewrite     dmz
#        redirect 
http://admin.foo.bar.no/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
    }
}

More information about the ubuntu-users mailing list