Install SquidGuard with Squid proxy server : Complete guide

In our previous tutorials, we have learned how to install & use Squid Proxy server. Also we have published some other articles regarding squid proxy server, links to which are mentioned below;

1- SARG ( Squid Analysis Report Generator )- Installation & Configuration

2- How to setup SQUID AUTHENTICATION

3- Squid Transparent proxy server : How to configure

4- Some pretty useful SQUID tips & tricks

In this tutorial, we will learn to install Squidguard along with squid proxy server on our CentOS machines.

SquidGuard is a free and open-source application, which is basically used as a URL redirectore software, which we can use to managing access to websites. Squidguard uses blacklists to control access to websites & define the website to which URL has to be redirected. We have option to create a custom blacklist or can use one of many available on the internet. SquidGuard can be installed on Linux as well Unix. 

 

Pre-requisites

Package to install SquidGuard are not available with default Centos/RHEL repos, we need to enable the EPEL repository on our system to install squidguard. Install EPEL repository the following command, applicable to you,

RHEL/CentOS 7

# rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm

RHEL/CentOS 6 (64 Bit)

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

RHEL/CentOS 6 (32 Bit)

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

 

Install  SquidGuard

We first need to install squid on our system. If you have not done it already, install squid with the following command,

# yum install squid

Now install squidguard with the following command,

# yum install squidGuard

Note:- Mind the uppercase ‘G’ in squidGuard.

So we now squid with squidguard installed on our server. Now let’s complete the configuration,

 

Configuring Squidguard

We will firstly create a folder for keeping a blaclikst named ‘test’ in folder ‘/var/squidGurad/test’.

# mkdir -p /var/squidGuard/test

In the folder test, we will create two files, one by the name ‘domains’ & other by the name ‘urls’ with the list on domains and URLs we want to redirect/block,

# cd /var/squidGuard/test

# vi domains

facebook.com

twitter.com

youtube.com

# vi urls

www.facebook.com

www.twitter.com

www.youtube.com

We have our blacklist ready to use. We will now configure the squidGuard & will create ACL for the blacklist. Open the squidguard configuration file & make the following entries,

# vi /etc/squid/squidGuard.conf

dbhome /var/squidGuard/db

logdir /var/log/squidGuard

dest deny {

                 domainlist test/domains

                 urllist test/urls

                 }

acl {

             default {

                           pass !test all

                           redirect https://google.com

                          }

}

Above file has some default configurations, you can either delete the contents of the file or can backup the file to another location or by another name. We will now make a change to squid configuration file as well. We will mention the URL rediretion setting to squid configuration file,

# vi /etc/squid/squid.conf

& add the following line to the bottom of the file,

url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

Save the file & exit. Next we need to make sure that all the squidguard related files & folders have ownership for user squid,

# chown -R squid:squid /var/squidGuard

# chown -R squid:squid /var/log/squidGuard

# chown squid:squid /etc/squid/squidGuard.conf

We are now ready to create the db files for the blacklist, execute the following command to complete the action,

# squidGuard -b -d -C all

Once complete, either restart the squid server or reconfigure it with the following command,

# squid -k reconfigure

That’s it guys, we now have our fully operational SquidGuard with squid proxy server. All we have to do is to make the proxy settings in the client machine & we can utilize the squidGuard redirection capablities.

 

Configuring a Blacklist

If you are trying to use a blacklist downloaded from internet like Shalla’s Blacklist, you can follow the example below. First download the blacklist,

# wget http://www.shallalist.de/Downloads/shallalist.tar.gz

& extract the blacklist,

# tar -xvzf shallist.tar.gz -C /var/squidGuard/

Now there will be several folders (based on the URL category ) in the folder, choose the categories that you need to block & create the ACL for that in squidGuard.conf. For example,

dbhome /var/squidGuard/db

logdir /var/log/squidGuard

dest downloads {

                           domainlist downloads/domains

                           urllist downloads/urls

                          }

acl {

         default {

                        pass !downloads all

                        redirect https://google.com

                      }

}

Update the squidguard DB & reconfigure the squid server,

# squidGuard -b -d -C all

# squid -k reconfigure

With this we end our tutorial on how to install SquidGuard & use it with squid proxy server. Please feel free to send in any question or queries you have using the comment box below.

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Donate us some of your hard earned money:

Linux TechLab is thankful for your continued support.

Shusain

Passionate about Linux & open source. Loves to learn, read & write about Linux as well as new technologies.

You may also like...

2 Responses

  1. David says:

    SARG and squidGuard were both really nice in their day, but they’re both basically dead software. SquidAnalyzer and ufdbGuard fill those roles now. SquidAnalyzer is a lot fancier (and it uses a lot less inodes!) than SARG and has a lot more functionality. ufdbGuard was born as a fork of squidGuard so it can still use squidGuard rules, which is helpful.

  2. raj gurung says:

    Hi,
    Tried above but no luck. Also, what will be squid.conf file configuration? Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *