Changes

Jump to navigation Jump to search
2,791 bytes added ,  09:28, 13 August 2014
no edit summary
Line 61: Line 61:     
La liste des catégoies sont de simple fichier texte stocké dans /var/squidGuard/blacklists. Chaque catégories étant un dossier contenant chacun un fichier '''domains''' et '''urls'''.
 
La liste des catégoies sont de simple fichier texte stocké dans /var/squidGuard/blacklists. Chaque catégories étant un dossier contenant chacun un fichier '''domains''' et '''urls'''.
Chacuns de ces dossier peuvent être desactivé dans le Server-Manager, sauf si ils sont listé dans DisabledCategories prop. Vous pouvez voir les categories desactiver avec la commande :
+
Chacuns de ces dossiers peuvent être desactivés dans le Server-Manager, sauf si ils sont listé dans DisabledCategories prop. Vous pouvez voir les categories desactivées avec la commande :
    
  db configuration getprop squidguard DisabledCategories
 
  db configuration getprop squidguard DisabledCategories
Line 75: Line 75:     
=== Denied page ===
 
=== Denied page ===
 +
 +
With the default configuration, denied requests are redirected to https://hostname.domain.tld/squidGuard/cgi-bin/blocked.cgi with various parameters (like IP address, username, client group, category etc...). Username will be empty (only -), this is because squid authentication is disabled. If you enable squid authentication (with custom templates), you'll be able to log username. The downside is that you'll have to configure all your browsers to use squid as proxy, because authentication is not compatible with transparent proxying.
 +
 +
If you want to change the blocked page, you can. First, copy the default page to another name:
 +
 +
cp -a /usr/share/squidGuard/cgi-bin/blocked.cgi /usr/share/squidGuard/cgi-bin/custom.cgi
 +
 +
Now, you can edit this new file to your need. Then, just select it as the default blocked page:
 +
 +
db configuration setprop squidguard RedirectURL \
 +
http://hostname.systemname.com/squidGuard/cgi-bin/custom.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
 +
signal-event http-proxy-update
    
=== Logs MySQL ===
 
=== Logs MySQL ===
 +
 +
MySQL loging of clients requests is handled by a independent daemon called squid-db-logd. It monitors squid access log and squidGuard deny log in real time, parse it and put everything in the database called squid_log. In this database, the table access_log list all the access while the deny_log only list denied pages. This feature may need a lot of disk space. On a busy server, you can easily reach 3GB / month only for the database (and more for the dump when you backup your server). To limit the needed space, a cron job remove the oldest entries. The default config keeps one year of log. You can change this setting with (value is in day and default is 365)
 +
db configuration setprop squid-db-logd Retention 180
 +
 +
If you want to completely disable this feature, you can stop this daemon:
 +
db configuration setprop squid-db-logd status disabled
 +
sv d /service/squid-db-logd
 +
 +
Here are some example of queries you can run:
 +
 +
*Get the top 30 most visited domains
 +
echo "SELECT DOMAIN,COUNT(DOMAIN) AS occurances FROM access_log GROUP BY DOMAIN ORDER BY occurances DESC LIMIT 30;" | mysql squid_log
 +
 +
*Get the top 10 most used blocked categories
 +
echo "SELECT category,COUNT(category) AS occurances FROM deny_log GROUP BY category ORDER BY occurances DESC LIMIT 10;" | mysql squid_log
 +
 +
*get all the pages requested by the client 192.168.7.50 on Oct 12 2012 between 10pm and 11 pm, and export the result in /tmp/result.csv
 +
 +
echo "SELECT date_day,date_time,url,username INTO OUTFILE '/tmp/result.csv' FIELDS TERMINATED BY ','
 +
OPTIONALLY ENCLOSED BY '"' ESCAPED BY '\\' LINES TERMINATED BY '\n'
 +
FROM access_log WHERE client_ip='192.168.7.50' AND date_day='2012-10-08' AND date_time>'22:00:00' AND date_time<'23:00:00';" mysql squid_log
     
62

edits

Navigation menu