hostname -f
doit renvoyer un nom long (incluant un nom de domaine). Si ce n'est pas le cas, il faut modifier /etc/hosts
pour documenter le nom complet du système (exemple : arrakis.falcot.com
). N'hésitez pas à faire valider le nom officiel de l'ordinateur avec votre administrateur réseau afin de ne pas créer de conflits inutiles.
/etc/squid/squid.conf
configuration file and allowing machines from the local network to run queries through the proxy. The following example shows the modifications made by the Falcot Corp administrators:
Exemple 11.22. The /etc/squid/squid.conf
file (excerpts)
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # include /etc/squid/conf.d/* # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed acl our_networks src 192.168.1.0/24 192.168.2.0/24 http_access allow our_networks http_access allow localhost # And finally deny all other access to this proxy http_access deny all
squid
itself does not perform the filtering; this action is delegated to squidGuard
. The former must then be configured to interact with the latter. This involves adding the following directive to the /etc/squid/squid.conf
file:
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
/usr/lib/cgi-bin/squidGuard.cgi
CGI program also needs to be installed, using /usr/share/doc/squidguard/examples/squidGuard.cgi.gz
as a starting point. Required modifications to this script are the $proxy
and $proxymaster
variables (the name of the proxy and the administrator's contact email, respectively). The $image
and $redirect
variables should point to existing images representing the rejection of a query.
service squid reload
command. However, since the squidguard package does no filtering by default, it is the administrator's task to define the policy. This can be done by creating the /etc/squid/squidGuard.conf
file (using /etc/squidguard/squidGuard.conf.default
as template if required).
squidGuard
ou de l'une des listes de domaines ou d'URL qu'il mentionne, il est nécessaire de régénérer la base de données de travail. Cela s'effectue en exécutant la commande update-squidguard
. Le format du fichier de configuration est documenté sur le site web suivant :