Hallo Forum,
Ich habe eine kleines Verständniss Problem mit den ACLs, evtl kann mir jemand weiter helfen.
squid.conf
url_rewrite_program /usr/sbin/squidGuard -c /etc/squidGuard.conf
url_rewrite_children 5
#squid_ldap_auth
auth_param basic program /usr/sbin/squid_ldap_auth -b dc=server,dc=daheim -f uid=%s -h homer.server.daheim -p 389 -v 3
auth_param basic children 5
auth_param basic credentialsttl 4 hours
auth_param basic realm Proxy-Authentifizierung per LDAP
auth_param basic casesensitive off
# squid_ldap_group
external_acl_type ldapgroup %LOGIN /usr/sbin/squid_ldap_group -b dc=server,dc=daheim -f "(&(cn=%g)(memberUid=%u)(objectClass=posixGroup))" -h homer.server.daheim -v 3
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 8443 443 902 5307 3570 8001 10000 1494
acl CONNECT method CONNECT
acl ldapacl external ldapgroup proxygruppe
# squid_ldap_auth
acl proxyuser proxy_auth REQUIRED
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# http_access allow proxyuser
http_access allow ldapacl
http_access deny all
squidguard.conf
dest sex {
domainlist BL/sex/lingerie/domains
urllist BL/sex/lingerie/urls
# enable next line to log blocked urls
log sex-block.log
}
dest good {
domainlist custom/good/domains
}
dest bad {
domainlist custom/bad/domains
# enable next line to log blocked urls
log bad.log
}
acl {
default {
pass good !sex all
im LOG von squid sehe ich:
2008/08/08 11:42:52| The request GET http://www.porn.de/top.php is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:52| The request GET http://www.amateurelive.com/html/nav.php?pp=417000&wmid=773000707 is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:53| The request GET http://www.px24.com/main.asp?pp=417000&wmid=773000707 is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:53| The reply for GET http://www.porn.de/top.php is ALLOWED, because it matched 'all'
2008/08/08 11:42:53| The reply for GET http://www.amateurelive.com/html/nav.php?pp=417000&wmid=773000707 is ALLOWED, because it matched 'all'
also hebelt doch schon in der squid.conf meine squidGuard.conf aus wo ist da mein Denk fehler?
Ich habe eine kleines Verständniss Problem mit den ACLs, evtl kann mir jemand weiter helfen.
squid.conf
url_rewrite_program /usr/sbin/squidGuard -c /etc/squidGuard.conf
url_rewrite_children 5
#squid_ldap_auth
auth_param basic program /usr/sbin/squid_ldap_auth -b dc=server,dc=daheim -f uid=%s -h homer.server.daheim -p 389 -v 3
auth_param basic children 5
auth_param basic credentialsttl 4 hours
auth_param basic realm Proxy-Authentifizierung per LDAP
auth_param basic casesensitive off
# squid_ldap_group
external_acl_type ldapgroup %LOGIN /usr/sbin/squid_ldap_group -b dc=server,dc=daheim -f "(&(cn=%g)(memberUid=%u)(objectClass=posixGroup))" -h homer.server.daheim -v 3
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 8443 443 902 5307 3570 8001 10000 1494
acl CONNECT method CONNECT
acl ldapacl external ldapgroup proxygruppe
# squid_ldap_auth
acl proxyuser proxy_auth REQUIRED
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# http_access allow proxyuser
http_access allow ldapacl
http_access deny all
squidguard.conf
dest sex {
domainlist BL/sex/lingerie/domains
urllist BL/sex/lingerie/urls
# enable next line to log blocked urls
log sex-block.log
}
dest good {
domainlist custom/good/domains
}
dest bad {
domainlist custom/bad/domains
# enable next line to log blocked urls
log bad.log
}
acl {
default {
pass good !sex all
im LOG von squid sehe ich:
2008/08/08 11:42:52| The request GET http://www.porn.de/top.php is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:52| The request GET http://www.amateurelive.com/html/nav.php?pp=417000&wmid=773000707 is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:53| The request GET http://www.px24.com/main.asp?pp=417000&wmid=773000707 is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:53| The reply for GET http://www.porn.de/top.php is ALLOWED, because it matched 'all'
2008/08/08 11:42:53| The reply for GET http://www.amateurelive.com/html/nav.php?pp=417000&wmid=773000707 is ALLOWED, because it matched 'all'
also hebelt doch schon in der squid.conf meine squidGuard.conf aus wo ist da mein Denk fehler?