[tproxy] Squid, TPROXY and SquidGuard
Balazs Scheidler
bazsi at balabit.hu
Mon Aug 9 17:29:40 CEST 2010
On Sun, 2010-08-08 at 22:10 +0000, Mamadou Touré wrote:
> hi all i'm about to implement a transparent content filtering using
> squid tproxy and squidGuard.
> I've tried this:
> squid.conf:
> ++++++++++++++++++++++++++++++++++++++++++++
>
> http_port 3129 tproxy
> redirect_program /usr/local/bin/squidGuard -c
> /usr/local/squidGuard/squidGuard.conf -d redirect_children 10
>
> +++++++++++++++++++++++++++++++++++++++++++++++++
>
> my squidGuard.conf
> +++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> .....
> dest porn {
> domainlist porn/domains
> urllist porn/urls
> expressionlist porn/expressions
> redirect http://localhost/denied.bl }
>
> acl {
> winxp_1 {
> pass !porn any
> }
> default {
> pass any
> }
> }
> ......
> +++++++++++++++++++++++++++++++++++++++++++++++++++
>
> HTTP traffic are redirect with:
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 3129
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
> I think that My traffic passthrougth squid.
> Because my LAN machine can browse Internet.
> But the contents are not filtered because the user can access porn site.
> Also access are not logged in access.log.
> Does some one already implement such config ?
> Can someone help me?
> regards.
do you also have a policy routing rule that redirects mark 1 traffic to
the localhost?
--
Bazsi
More information about the tproxy
mailing list