Configure squidGuard on Linux for Content Filtering

SquidGuard is a content filter that utilizes black lists to block access to undesirable websites. It utilizes a local list of domain names and URLs, and it does not analyze the actual content. SquidGuard works with the proxy and caching service Squid to implement content filtering.

advertisement

Note: this is a legacy article that is no longer being maintained and may be stale or inaccurate. However, if you have a question or comment about it, please submit it below.

SquidGuard is a content filter that utilizes lists of urls and domains plus expressions to block access to undesirable websites. It does not analyze the actual content. SquidGuard works with the proxy and caching service Squid to implement content filtering.

For our configuration, we utilize Shalla's Blacklists as our list database.

Installation

If you haven't done so already, please install and configure Squid first. Note that on Ubuntu, installing squidGuard will also install squid as a dependency. Next, at a terminal prompt, enter the following command to install squidGuard:

	$ sudo apt-get install squidguard

Determine squidGuard version:

	$ squidGuard -v
	
	SquidGuard: 1.4 Berkeley DB 5.1.25: (January 28, 2011)

Important Files and Folders

File/Folder Purpose
/etc/squid/squidGuard.conf Configuration file
/var/lib/squidguard/db Database of domains and URLs
/var/log/squid/squidGuard.log Log file

Change the default configuration by editing /etc/squid/squidGuard.conf to suit your needs. An example is provided below based on our reference network and makes use of Shalla's Blacklists.

Configuration

Install Shalla's Blacklist

After installing squidGuard, we install Shalla's Blacklists: First, download the blacklist into our Downloads directory:

	$ cd ~/Downloads
	$ wget http://www.shallalist.de/Downloads/shallalist.tar.gz

Uncompress and unpack the database with the tar command given below.

	$ tar xvzf shallalist.tar.gz

This will create a BL directory below your Downloads directory. Take a few minutes to examine the contents of this directory tree. You'll see that each directory beneath BL either contains additional sub directories or two files: domains and urls. After you feel comfortable with this BL database (tree structure), move it to the destination folder:

	$ sudo cp -r BL /var/lib/squidguard/db/ 

Open squidGuard.conf using your favorite editor. It should be located in /etc/squid/squidGuard.conf. We divide the configuration into three steps:

  1. Environment Configuration
  2. Category Definition
  3. Access Control Lists (acl)

Environment Configuration

We define two environment variables: dbhome and logdir. dbhome specifies the root location of the database.

	dbhome /var/lib/squidguard/db/BL
	logdir /var/log/squid

Category Definition

Our choice of categories is driven by what we inherit from Shalla's Blacklists. Each category definition comprises a domain list, url list, and optional expression list. An example category is provided below. The complete configuration file is included below.

dest porn {
        domainlist porn/domains
        urllist porn/urls
        expressionlist porn/expressions
        }

Access Control Lists

The access control list (acl) specifies the categories that we wish to block or pass followed by a redirect statement. For our configuration, we specify that the user is redirected to a page served up by the web server running on the local host.

acl {
        default {
                pass white !ads !aggr !chat !dating !drugs !dynamic !forum !gambling !hacking !porn !redirector !custom !sexeducation !sexlingerie !social !spyware !urlshortener !violence all
                redirect http://192.168.1.1/block.html
        }
 }

Help us improve this article by adding your comment or question:

email addresses are neither displayed nor shared