Diese Website existiert nur weil wir Werbung mit AdSense ausliefern.
Bitte den AdBlocker daher auf dieser Website ausschalten! Danke.

squid+squidguard+ldap problem

Alles rund um das Internet, Internet-Anwendungen (E-Mail, Surfen, Cloud usw.) und das Einrichten von Netzwerken einschl. VPN unter Linux

Moderator: Moderatoren

Antworten
st3rnchen
Newbie
Newbie
Beiträge: 7
Registriert: 10. Apr 2007, 17:47

squid+squidguard+ldap problem

Beitrag von st3rnchen »

Hallo Forum,

Ich habe eine kleines Verständniss Problem mit den ACLs, evtl kann mir jemand weiter helfen.

squid.conf

url_rewrite_program /usr/sbin/squidGuard -c /etc/squidGuard.conf
url_rewrite_children 5


#squid_ldap_auth
auth_param basic program /usr/sbin/squid_ldap_auth -b dc=server,dc=daheim -f uid=%s -h homer.server.daheim -p 389 -v 3
auth_param basic children 5
auth_param basic credentialsttl 4 hours
auth_param basic realm Proxy-Authentifizierung per LDAP
auth_param basic casesensitive off

# squid_ldap_group
external_acl_type ldapgroup %LOGIN /usr/sbin/squid_ldap_group -b dc=server,dc=daheim -f "(&(cn=%g)(memberUid=%u)(objectClass=posixGroup))" -h homer.server.daheim -v 3

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 8443 443 902 5307 3570 8001 10000 1494
acl CONNECT method CONNECT
acl ldapacl external ldapgroup proxygruppe

# squid_ldap_auth
acl proxyuser proxy_auth REQUIRED

#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager


# http_access allow proxyuser
http_access allow ldapacl
http_access deny all

squidguard.conf

dest sex {
domainlist BL/sex/lingerie/domains
urllist BL/sex/lingerie/urls
# enable next line to log blocked urls
log sex-block.log
}

dest good {
domainlist custom/good/domains
}

dest bad {
domainlist custom/bad/domains
# enable next line to log blocked urls
log bad.log
}


acl {
default {
pass good !sex all

im LOG von squid sehe ich:
2008/08/08 11:42:52| The request GET http://www.porn.de/top.php is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:52| The request GET http://www.amateurelive.com/html/nav.ph ... =773000707 is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:53| The request GET http://www.px24.com/main.asp?pp=417000&wmid=773000707 is ALLOWED, because it matched 'ldapacl'
2008/08/08 11:42:53| The reply for GET http://www.porn.de/top.php is ALLOWED, because it matched 'all'
2008/08/08 11:42:53| The reply for GET http://www.amateurelive.com/html/nav.ph ... =773000707 is ALLOWED, because it matched 'all'

also hebelt doch schon in der squid.conf meine squidGuard.conf aus wo ist da mein Denk fehler?
Antworten