Line 23: |
Line 23: |
| Squidguard Homepage: http://www.squidguard.org/ | | Squidguard Homepage: http://www.squidguard.org/ |
| | | |
− | SME SquidGuard Howto: [[SquidGuard]] | + | SME SquidGuard Howto: [[SquidGuard]] or [[WebFiltering]] |
| | | |
| ===ProxyPass=== | | ===ProxyPass=== |
Line 63: |
Line 63: |
| refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims | | refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims |
| | | |
− | # cache ubuntu updates | + | # cache ubuntu updates [check logs use COUNTRY SPECIFIC first line or generic below] |
− | refresh_pattern http://.*\.archive\.ubuntu\.com 0 80% 20160 reload-into-ims | + | refresh_pattern http://.*\.archive\.ubuntu\.com 0 80% 20160 reload-into-ims |
− | | + | refresh_pattern http://archive\.ubuntu\.com 0 80% 20160 reload-into-ims |
| + | |
| # add any site you want to cache below | | # add any site you want to cache below |
| | | |
Line 87: |
Line 88: |
| The number of second-level subdirectories to be created under each first-level cache directory; 256 Level-2 | | The number of second-level subdirectories to be created under each first-level cache directory; 256 Level-2 |
| | | |
| + | ====Content Encoding Error ==== |
| + | The problem here is squid that comes with SME Server 7.x is version 2.5 which has lack of HTTP/1.1 support. SME 8 has a later version of and solves this issue. See [[Bugzilla 6058]] |
| + | |
| + | As a workaround you will need to create a few custom-templates and use squid's acl rules. |
| + | |
| + | Create a file called 21BrokenHeader in the following directory (create if doesn't exist) |
| | | |
| + | /etc/e-smith/templates-custom/etc/squid/squid.conf |
| + | |
| + | Enter the following line in 21BrokenHeader |
| + | |
| + | acl broken dstdomain www.maplin.co.uk |
| + | |
| + | Save the file |
| + | |
| + | If it does not already exist create a file called 40http_access75AllowLocal in the following directory |
| + | |
| + | /etc/e-smith/templates-custom/etc/squid/squid.conf |
| + | |
| + | Enter the following line in 40http_access75AllowLocal |
| + | |
| + | header_access Accept-Encoding deny broken |
| + | |
| + | Save and quit, next expand the files: |
| + | |
| + | expand-template /etc/squid/squid.conf |
| + | |
| + | and restart the squid service: |
| + | |
| + | sv t /service/squid/ |
| + | |
| + | ====How do I block access to (Facebook|Twitter|whatever) that runs on https?==== |
| + | |
| + | Nowadays many sites work only using https protocol; we can't filter their content but we can block access to them |
| + | |
| + | From this post |
| + | * http://forums.contribs.org/index.php/topic,51474.msg261561.html#msg261561 |
| + | |
| + | Create the rigth path into /etc/e-smith/templates-custom/etc/squid/squid.conf |
| + | |
| + | mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf |
| + | |
| + | move into the new path |
| + | |
| + | cd /etc/e-smith/templates-custom/etc/squid/squid.conf |
| + | |
| + | create a new fragment 20ACL40bannedsites |
| + | |
| + | nano 20ACL40bannedsites |
| + | |
| + | it's content must be (for example, to block Facebook) |
| + | |
| + | acl bannedsites dstdomain .facebook.com |
| + | |
| + | Domains to be blocked can be many, just put them in the same line, separated by a space |
| + | Save and exit with Ctrl-X, Y |
| + | |
| + | create another fragment 40http_access15denyconnectBannedsites |
| + | |
| + | nano 40http_access15denyconnectBannedsites |
| + | |
| + | with this content |
| + | |
| + | http_access deny CONNECT bannedsites |
| + | |
| + | Save and exit with Ctrl-X, Y |
| + | |
| + | Now, invoke proxy-update event |
| + | |
| + | signal-event proxy-update |
| + | |
| + | Tested and working on SME8.X and SME9 |
| + | |
| + | ====Allow squid custom file descriptor limit==== |
| + | The new default limit is 4096, and a custom value can be set with: |
| + | |
| + | db configuration setprop squid MaxFileDesc 8192 |
| + | expand-template /etc/squid/squid.conf |
| + | sv t /service/squid |
| | | |
| ---- | | ---- |
| [[Category:Howto]] | | [[Category:Howto]] |
| + | [[Category:Administration]] |