Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Still probs with DansGuardian and Squid2.4-Stable7
  • From: BLeonhardt@xxxxxxxxxxx
  • Date: Wed, 14 Aug 2002 08:57:43 +0200
  • Message-id: <OF34DD0647.525D7B42-ONC1256C15.002482DF-C1256C15.0025BF3C@xxxxxxxxxxx>
Hi,

after prevent connections directly to port 3128 for all other ip's (with
iptables) and configured DansGuardian to use 127.0.0.1 - I will get
following
message from Squid :

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.linux-it.net/index.php
The following error was encountered:
Forwarding Denied.
This cache will not forward your request because it is trying to enforce a
sibling relationship. Perhaps the client at 127.0.0.1 is a cache which has
been misconfigured.
Your cache administrator is bleonhardt@xxxxxxxxxxxx
Generated Wed, 14 Aug 2002 06:26:53 GMT by www-cache.analytek.de
(Squid/2.4.STABLE7)

----------------------
Have added the configuration-files-entries from squid , squidguard and
dansguardian , maybe anybody will see a "mssconfiguration" ...
Following Squid-Configuration :
http_port 3128
tcp_outgoing_address 192.168.x.x
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0

cache_peer 127.0.0.1 sibling 8080 7
cache_peer 192.168.1.8 parent 3128 7

cache_mem 32 MB

cache_swap_low 10
cache_swap_high 100

maximum_object_size 1024 KB
minimum_object_size 0 KB

ipcache_size 4096
ipcache_low 90
ipcache_high 95

fqdncache_size 1024

cache_dir ufs /var/squid/cache 100 16 256
cache_access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log /var/squid/logs/store.log

pid_filename /var/run/squid.pid

debug_options ALL,1

client_netmask 255.255.255.255

# SQUID-GUARD
redirect_program /usr/bin/squidGuard
redirect_children 5

authenticate_program /usr/sbin/pam_auth /etc/passwd
authenticate_children 5

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

reference_age 1 week

peer_connect_timeout 120 seconds
client_lifetime 1 day
half_closed_clients on
pconn_timeout 360 seconds

acl password proxy_auth REQUIRED

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 22 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost all # I will replace "all" if
everything is running :-)
http_access allow password

http_access deny CONNECT !SSL_ports

http_access deny manager
http_access deny test
http_access deny all

icp_access allow localhost all

miss_access allow localhost manager all

proxy_auth_realm Auth-Realm

cache_mgr bleonhardt@xxxxxxxxxxx

cache_effective_user squid
cache_effective_group nogroup

visible_hostname www-cache.analytek.de
announce_period 0 day
append_domain .analytek.de
forwarded_for on
log_icp_queries on
icp_hit_stale on
client_db on

never_direct allow all
ident_lookup_access allow all
log_fqdn on

--------------

Following SquidGuard - Rules :

logdir /var/squidGuard/logs
dbhome /var/squidGuard/db

src kids {
ip 192.168.x.x/24
}

src local {
ip 127.0.0.1/24
}

dest blacklist {
domainlist blacklist/domains
urllist blacklist/urls
}

kids {
pass !blacklist all
}

local {
pass !blacklist all
}

default {
pass none
redirect
http://192.168.1.13/cgi/blocked?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targe
}
}

--------

Following DansGuardian - Config :

reportinglevel = 3
htmltemplate = '/etc/dansguardian/template.html'
loglevel = 3
logexceptionhits = on
logfileformat = 1
filterip = 192.168.x.x
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://host-ip/cgi-bin/dansguardian.pl'
bannedphraselist = '/etc/dansguardian/bannedphraselist'
exceptionphraselist = '/etc/dansguardian/exceptionphraselist'
weightedphraselist = '/etc/dansguardian/weightedphraselist'
bannedsitelist = '/etc/dansguardian/bannedsitelist'
exceptionsitelist = '/etc/dansguardian/exceptionsitelist'
exceptionurllist = '/etc/dansguardian/exceptionurllist'
bannedurllist = '/etc/dansguardian/bannedurllist'
bannedregexpurllist = '/etc/dansguardian/bannedregexpurllist'
bannedextensionlist = '/etc/dansguardian/bannedextensionlist'
bannedmimetypelist = '/etc/dansguardian/bannedmimetypelist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
picsfile = '/etc/dansguardian/pics'
weightedphrasemode = 2
naughtynesslimit = 160
showweightedfound = on
reverseaddresslookups = on
createlistcachefiles = on
maxuploadsize = -1
usernameidmethodproxyauth = off
usernameidmethodntlm = off # **NOT IMPLEMENTED**
usernameidmethodident = off
forwardedfor = on
maxchildren = 120
logconnectionhandlingerrors = on

HOPE ANYBODY CAN HELP ME !

Regards / Gruß
Bruno




< Previous Next >
This Thread
  • No further messages