Proxy-Squid/squiGuard

[yokai]

Bonjours à tous,

Je suis actuellement sur un projet de mise en place de proxy squid avec filtrge squidGuard et authentification ncsa_auth.

J'ai configurer mon squid.conf, mon squidGuard.conf.

J'ai crée mes users dans /etc/squid3/users via -> htpasswd -b /etc/squid3/users UserName Mdp

Lorsque je renseigne mon Naviguateur Web, l'authentification fonctionne avec mes ID et Mdp préalablement créer.

Bizarement, ci je fait la commande : /usr/lib/squid3/ncsa_auth /etc/squid3/users -> cela ne me retourne rin pas de Ok ni de ERR, mais n'empèche pas mon authentification.

Ma problèmatique est que, lorsque je tente d'aller sur un site Web présent dans mes blacklists, j'y accède sans problème.

J'ai bien crée mes base .db via -> /usr/bin/squidGuard -c /etc/squid/squiGuard.conf -C all /var/lib/squidguard/db. Lorsque je vérifie les log, tous ce déroule bien.

J'ai bien mis les droit sur le répertoire des bases a mon utilisateur "proxy"

Je vous met a disposition mes fichiers de configurtion:

Squid.conf

#-------Authentification-------#Appel au programme d'authentification ncsa_auth pour gérer #l'authentification à partir du fichier usersauth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/users#Il y aura x (5) processus enfant démarrerauth_param basic children 5#Le nom de la boite de dialogue pour l'auth est Squid Proxy-caching web serverauth_param basic realm Squid proxy-caching web server#Limite d'authentificaton - durée de vie de la session '2heures'auth_param basic credentialsttl 2 minutes#Ont interdit (avant toutes autre filtrage) les cgi-bin et les commande.bat #dans les URLhierarchy_stoplist cgi-bin ?hierarchy_stoplist command.bat ?#Authentification requiseacl Users proxy_auth REQUIREDrefresh_pattern ^ftp:		1440	20%	10080refresh_pattern ^gopher:	1440	0%	1440refresh_pattern .		0	20%	4320#donne le chemin des erreurs en fr#error_directory ???#-------Access Control List (ACL)-------# Règles d'accèsacl manager proto cache_objectacl localhost src 127.0.0.1/32acl to_localhost dst 127.0.0.0/8acl SSL_ports port 443acl Safe_ports port 80		# httpacl Safe_ports port 8080acl Safe_ports port 21		# ftpacl Safe_ports port 443		# https#acl Safe_ports port 70		# gopher#acl Safe_ports port 210		# waisacl Safe_ports port 1025-65535	# unregistered ports#acl Safe_ports port 280		# http-mgmt#acl Safe_ports port 488		# gss-http#acl Safe_ports port 591		# filemaker#acl Safe_ports port 777		# multiling http#acl administrativeacl purge method PURGEacl CONNECT method CONNECT#acl LocalNet src 10.0.0.0/23#Authentification obligatoire pour accéder au Webhttp_access allow Users#Tous les autre accès web sont refusé#http_access deny all#Autorisation d'accès depuis l'exterieurhttp_access allow manager localhost#refus d'accès depuis l'exterieurhttp_access deny managerhttp_access deny !Safe_portshttp_access deny CONNECT !SSL_portshttp_access allow localhosthttp_access deny all# http_access allow LocalNet#icp_access allow allcache_mem 8 MBcache_dir ufs /var/spool/squid3 100 16 256  coredump_dir /var/spool/squid3access_log /var/log/squid3/access.log squidacl QUERY urlpath_regex cgi-bin \?cache deny QUERY#cFiltrage des URLs demander#Programme de redirectionredirect_program /usr/bin/squidGuard -c /etc/squid/squiGuard.conf#Nombre de Processus Fils maximum simultanésredirect_children 5#Autorisation d'accès ICP --- idem pour htcp#icp_access deny allicp_port 3130#url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf#url_rewrite_children 5#Port d'écoute #x.x.x.x etant l'adresse IP de mon Proxyhttp_port x.x.x.x:3128

#Chemin des Liste - BDD (Black and Write)dbhome /var/lib/squidguard/db#chemin des log squidGuardlogdir /var/log/squid#---------------- Plages Horaires - Times Rules ---------------# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sattime workhours {       weekly mtwhf 08:00 - 12:00       date *-*-01  14:00 - 18:00}#---------------- Sources Utilisateur - NCSA ---------------src fullaccess {user fullaccess}src direction {user	direction}src userdroit {user	userdroit}src userniv1 {user	userniv1}src userniv2 {user userniv2}#---------------- Classe de Destination ---------------dest adult {domainlist adult/domainsurllist adult/urls	#	expressionlist adutl/expressions	}dest agressif {domainlist agressif/domainsurllist agressif/urls		}dest agressive {domainlist aggressive/domainsurllist aggressive/urls#	expressionlist aggressive/expressions		}dest arjel {domainlist arjel/domains		}dest audio-video {domainlist audio-video/domainsurllist audio-video/urls		}dest bank {domainlist bank/domains}dest blog {domainlist blog/domainsurllist blog/urls		}dest celebrity {domainlist celebrity/domainsurllist celebrity/urls		}dest chat {domainlist chat/domainsurllist chat/urls		}dest cleaning {domainlist cleaning/domainsurllist cleaning/urls		}dest dangerous_material {domainlist dangerous_material/domainsurllist dangerous_material/urls		}dest dating {domainlist dating/domainsurllist dating/urls		}dest drogue {domainlist drogue/domainsurllist drogue/urls		}dest drugs {domainlist drugs/domainsurllist drugs/urls		}dest filehosting {domainlist filehosting/domainsurllist filehosting/urls		}dest forums {domainlist forums/domainsurllist forums/urls		#	expressionlist forums/expressions}dest gambling {domainlist gambling/domainsurllist gambling/urls		}dest games {domainlist games/domainsurllist games/urls		}dest hacking {domainlist hacking/domainsurllist hacking/urls		}dest malware {domainlist malware/domainsurllist malware/urls		#	expressionlist malware/expressions}dest manga {domainlist manga/domainsurllist manga/urls		}dest mixed_adult {domainlist mixed_adult/domainsurllist mixed_adult/urls		}dest phishing {domainlist phishing/domainsurllist phishing/urls		}dest porn {domainlist porn/domainsurllist porn/urls		#	expressionlist porn/expressions}dest proxy {domainlist proxy/domainsurllist proxy/urls		#	expressionlist proxy/expressions}dest publicite {domainlist publicite/domainsurllist publicite/urls		}dest radio {domainlist radio/domainsurllist radio/urls		}dest reaffected {domainlist reaffected/domainsurllist reaffected/urls		}dest redirector {domainlist redirector/domainsurllist redirector/urls		expressionlist redirector/expressions}dest remote-control {domainlist remote-control/domainsurllist remote-control/urls		}dest sect {domainlist sect/domainsurllist sect/urls		}dest sexual_education {domainlist sexual_education/domainsurllist sexual_education/urls		}dest shopping {domainlist shopping/domainsurllist shopping/urls		}dest social_networks {domainlist social_networks/domains}dest sports {domainlist sports/domains}dest tricheur {domainlist tricheur/domainsurllist tricheur/urls		}dest violence {domainlist warez/domainsurllist warez/urls#	expressionlist violence/expressions		}dest warez {domainlist warez/domainsurllist warez/urls		#	expressionlist warez/expressions}dest webmail {domainlist webmail/domainsurllist webmail/urls		}#---------------- ACL - Access List Controle ---------------#acl {#	fullaccess {#		pass all#	}#}acl {direction {	pass !adult !agressif !dangerous_material !dating !drogue !hacking !radio !redirector !sect !sexual_education !warez any	redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}acl'>http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}acl {userdroit {	pass !adult !agressif !arjel !audio-video !dangerous_material !dating !drogue !hacking !gambling !games !manga !phishing !radio !reaffected !social_networks !redirector !sect !sexual_education !tricheur !warez !webmail any 	redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}acl'>http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}acl {userniv1 {	pass !adult !agressif !arjel !audio-video !dangerous_material !dating !drogue !hacking !gambling !games !manga !phishing !radio !reaffected !social_networks !redirector !sect !sexual_education !tricheur !warez !webmail any	redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}acl'>http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}acl {userniv2 {	pass !adult !agressif !arjel !audio-video !dangerous_material !dating !drogue !hacking !gambling !games !manga !phishing !radio !reaffected !social_networks !redirector !sect !sexual_education !tricheur !warez !webmail any	redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}acl'>http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}acl { 	default {	pass none	redirect http://127.0.0.1/cgi-bin/squidGuard.cgi?cleintadd%a+clientident=%i+srcclass=%s+targerclass=%t+url=%u}}

Auriez vous une proposition ou un mode de résolution a mon problème?

[Aliendra]

Je sais pas si je peux t'aider mais, peux tu nous joindre une partie de ton fichier "access.log" lorsque tu te connecte sur un site de ta BlackList ... Et un extrait des logs systèmes !

Merci, Aliendra