Welcome, Guest. Please login or register.
April 16, 2014, 16:27:57 PM
Home Help Search Calendar Login Register
Show unread posts since last visit.
News: Let Pardus-Anka become #1: Pardus-Anka Bug ReportPardus-Anka World Google+ | The Pardus wiki  | Visit Pardus-Anka official website  | Register as forum member?  Email the moderator!

+  Pardus Worldforum
|-+  Assistance
| |-+  Software
| | |-+  Dansguardian and Squid in Pardus 2011 32-bit for parental control
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Dansguardian and Squid in Pardus 2011 32-bit for parental control  (Read 2808 times)
tippekanu
Newbie
*
Posts: 8


View Profile
« on: May 29, 2011, 02:32:10 AM »

Hi,

I would like to set up Squid and Dansguardian in Pardus 2011 32-bit.

I cannot get Squid to start properly. There are different squid.conf files to
choose from. I used squid.conf.dansguardian and renamed it squid.conf.
When I start Squid from the command line I get this:

2011/05/28 17:06:53| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'.
2011/05/28 17:06:53| SECURITY NOTICE: Overriding config setting. Using 'all' instead.
2011/05/28 17:06:53| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2011/05/28 17:06:53| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2011/05/28 17:06:53| WARNING: You should probably remove '::/0' from the ACL named 'all'
2011/05/28 17:06:53| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2011/05/28 17:06:53| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2011/05/28 17:06:53| WARNING: For now we will assume you meant to write /32
2011/05/28 17:06:53| cache_cf.cc(363) parseOneConfigFile: squid.conf:61 unrecognized: 'broken_vary_encoding'

My squid.conf file looks like this:

# Pardus Linux transparent Squid proxy configuration for Dansguardian

http_port 127.0.0.1:3128 transparent

visible_hostname pardus-proxy

icp_port 0

cache_mem 128 MB
maximum_object_size_in_memory 4 MB
cache_dir aufs /var/cache/squid 256 16 256

access_log /var/log/squid/access.log squid

coredump_dir /var/cache/squid

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443      # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http
acl Safe_ports port 901      # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access allow purge localhost
http_access deny purge

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost
http_access deny all

icp_access allow localhost
icp_access deny all

miss_access allow localhost
miss_access deny all

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

##############################

Can anyone recommend changes to this file?

Thank you Smiley
« Last Edit: June 02, 2011, 02:11:35 AM by tippekanu » Logged
rmb
Newbie
*
Posts: 1


View Profile
« Reply #1 on: May 31, 2011, 15:17:16 PM »

I commented out some code, and then Squid seemed to work:
Code:
acl all src 0.0.0.0/0.0.0.0
to
Code:
#acl all src 0.0.0.0/0.0.0.0
then
Code:
acl localhost src 127.0.0.1/255.255.255.255
to
Code:
acl localhost src 127.0.0.1 #255.255.255.255
(notice the comment before 255.255.255.255),
and finally
Code:
broken_vary_encoding allow apache
to
Code:
#broken_vary_encoding allow apache

However, I still am having trouble making Squid completely transparent and having it work persistently across any and all browsers.

Hope this helps.
Logged
John A
Guest
« Reply #2 on: May 31, 2011, 18:13:13 PM »

A find a request for Dansguardian here:
http://bugs.pardus.org.tr/show_bug.cgi?id=8174
Logged
tippekanu
Newbie
*
Posts: 8


View Profile
« Reply #3 on: June 04, 2011, 17:57:54 PM »

@rmb

I changed:

acl all src 0.0.0.0/0.0.0.0

to:

acl all src all

and

I commented out:

#broken_vary_encoding allow apache

and it seems to work fine in Firefox for now.

I am not sure what the security implications of commenting this out is.
Any recommendations?

I noticed that entering "service" at the command line does not show dansguardian running,
but in System Monitor dansguardian is running. Dansguardian does work, and if I
type dansguardian at the command line, it tells me it is already running.

Thanks


« Last Edit: June 04, 2011, 18:16:51 PM by tippekanu » Logged
atolboo
Pardus Guru
****
Posts: 2317



View Profile
« Reply #4 on: June 04, 2011, 22:45:47 PM »

This topic has "parental control" in the title.
Maybe kchildlock available from 2. Additional (non-official) package source: pardususer.de can be of any help
Logged
tippekanu
Newbie
*
Posts: 8


View Profile
« Reply #5 on: June 06, 2011, 01:51:04 AM »

Thank you atolboo.

I checked out kchildlock - it looks to be a fairly simple time-restriction utility.

Dansguardian works very well. It has the ability to limit times a user can
log in, but also filters web content based on phrases, addresses, subject
categories, and many other parameters.
Logged
John A
Guest
« Reply #6 on: June 06, 2011, 12:52:02 PM »

You could write a request for it. Often a good way to get new things implemented in Pardus:
http://bugs.pardus.org.tr/
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!