[URLFilter(squidGuard)] | ||||||
|| | ||||||
(INTERNET) | ------- | -------[PROXY(squid)]------- | ----- | [ContentsFilter(DansGuardian)] | ----- | (USER) |
|| | ||||||
[AntiVirus(clamdscan)] |
$ sudo aptitude install squid3 squidGuard
http_port 8080localnetの設定を環境に合わせて編集する。。
acl localnet src xxx.xxx.xxx.xxx/xxlocalのドメイン名のサーバを追加し、直接接続に指定。
acl direct-servers dstdomain xxx.xxx.jp always_direct allow direct-serverslocalhostへの接続も直接接続に指定。
always_direct allow to_localhostlogfileのローテートを30日分にする
logfile_rotate 30IPv4での接続を優先にする(インターネッットにIPv6接続していない場合)
dns_v4_first onclientのIPアドレスを付加して送信させない(不要な情報を送信しない)
forwarded_for offsquidGuardを設定する。
url_rewrite_program /usr/bin/squidGuard url_rewrite_children 5 url_rewrite_access deny to_localhost
$ sudo /usr/bin/squidGuard -C all $ cd /var/lib/squidguard/ $ sudo chown -R proxy.proxy db
dbhome /var/lib/squidguard/db logdir /var/log/squid src admins { ip 192.168.x.zz } src user { ip 192.168.x.yy } dest myguard { domainlist myguard/domains } dest garaparo { domainlist garaparo/domains urllist garaparo/urls } dest dating { domainlist dating/domains urllist dating/urls } dest drugs { domainlist drugs/domains urllist drugs/urls } dest porn { domainlist porn/domains urllist porn/urls } dest spyware { domainlist spyware/domains urllist spyware/urls } dest violence { domainlist violence/domains urllist violence/urls } dest warez { domainlist warez/domains urllist warez/urls } dest suspect { domainlist suspect/domains urllist suspect/urls } dest adult { domainlist adult/domains urllist adult/urls } dest kidstimewasting { domainlist kidstimewasting/domains urllist kidstimewasting/urls } dest phishing { domainlist phishing/domains urllist phishing/urls } dest virusinfected { domainlist virusinfected/domains urllist virusinfected/urls } acl { user { pass garaparo !myguard !dating !drugs !porn !spyware !violence !warez !suspect !adult !kidstimewasting !phishing !virusinfected all redirect http://127.0.0.1/guard/squidGuard.cgi?clientaddr=%a+clientname=%n+clientuser=%i+clientgroup=%s+targetgroup=%t+url=%u } admins { pass !myguard !dating !drugs !spyware !violence !warez !suspect !kidstimewasting !phishing !virusinfected all redirect http://127.0.0.1/guard/squidGuard.cgi?clientaddr=%a+clientname=%n+clientuser=%i+clientgroup=%s+targetgroup=%t+url=%u } default { pass !myguard !dating !drugs !porn !spyware !violence !warez !suspect !adult !kidstimewasting !phishing !virusinfected all redirect http://127.0.0.1/guard/squidGuard.cgi?clientaddr=%a+clientname=%n+clientuser=%i+clientgroup=%s+targetgroup=%t+url=%u } }
$ sudo aptitude install dansguardian
# UNCONFIGURED - Please remove this line after configuration language = 'japanese' loglocation = '/var/log/dansguardian/access.log'dansguardianのlistenするIP(全IPから受ける設定はblank)とportを設定する。
filterip = filterport = 3128proxyサーバのIPとportを設定する。
proxyip = 127.0.0.1 proxyport = 8080アクセスDENY時の表示するURLの設定と、AntiVirus Scannerの設定ファイルを記述。
accessdeniedaddress = 'http://127.0.0.1/cgi-bin/dansguardian.pl' contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'DaemonのPIDファイルの指定と、USERおよびGROUPの指定。
pidfilename = '/var/run/dansguardian.pid' daemonuser = 'clamav' daemongroup = 'clamav'
$ sudo chown clamav.clamav /var/log/dansguardian
# 50 is for young children, 100 for old children, 160 for young adults. naughtynesslimit = 200
<a href="mailto:webmaster@xxx.xxx.jp">webmaster@xxx.xxx.jp</a>
#.gz # Gziped file #.zip # Windows compressed file
#application/gzip #application/x-gzip #application/zip