WebFilter

From SME Server
Revision as of 23:04, 15 October 2012 by VIP-ire (talk | contribs) (Created page with "{{Languages}} === Maintainer === Daniel B.<br/> [http://www.firewall-services.com Firewall Services]<br> mailto:daniel@firewall-services.com === Description ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
Geographylogo.png Languages: 

English  • français



Maintainer

Daniel B.
Firewall Services
mailto:daniel@firewall-services.com


Description

This contrib brings 3 new features for squid proxy, and provides a simple panel to control most of it:

  • URL Filtering (with [squidguard squidGuard])

Several categories of domain names and URLs are downloaded from the University of Toulouse and updated every night (you can get more informations on these lists [http://dsi.ut-capitole.fr/blacklists/ here), it french). You can then just choose which catagories you want to block. You can enter a list of ip addresses which won't be filtered, and a local blacklist and whitelist.

When enabled, all web trafic will be scanned before being sent to the client

  • log every requests in a MySQL database

Every request passing through squid is logged in a database, making it easier to analyze squid logs. There's no frontend for this, but you can use your favorite mysql client to see which domains are the most visited, which user eats all your bandwidth, etc...

This contrib can replace dansguardian if you have simple filtering requirement. It's really easy to configure, but is also less powerfull. Dansguardian is a real content scanner (it analyze the content of the pages while squidguard only look at the URLs for example.

Requirements

  • SME Server 8 (not tested and not supported on SME 7)
  • You need to configure both Epel and Fws repositories

Screenshots

Installation

To install the contrib, simply run the following command: 

yum --enablerepo=epel --enablerepo=fws install smeserver-webfilter
signal-event http-proxy-update

You can then access the new panel in the server-manager. The first time you access it, you might have an empty category list. Just click the save button at the bottom of the page, wait a few minutes and try again (the list is empty because categories hasn't been downloaded yet). Now, you should be able to enable URL and AV filtering, and choose which categories you want to block. The next settings modification might take a long time (several minutes, you may also have a imeout error displayed). This is expected and id because squidGuard database needs to be compiled. After this, settings change should be fast.

Customize category lists

Category lists are simple text files in /var/lib/squidGuard/blacklists. Each category is a directory, adn each directory may have a file names domains and another named urls. Each directory in /var/lib/squidGuard/blacklists will be displayed in the panel of the server-manager, except if it's listed in the DisabledCategories prop. You can see which categories are disabled with: 

db configuration getprop squidguard DisabledCategories

This lets you ignore some useless category, and make the panel for simple. The default config update all the categories each night. This is done in the cron job /etc/cron.daily/squidGuard, which calls /etc/e-smith/events/actions/squidguard-update-databases. If you don't want to auto update those lists, you can disable this feature: db configuration setprop squidguard AutoUpdate disabled Then, you'll be able to manage the list the way you want. Remember you need to recompile squidGuard databases if you modify files in a list.

Retrieved from "https://wiki.koozali.org/index.php?title=WebFilter&oldid=16617"