Join Log in
Score:0
Francisco avatar Server

How to block some categories with squidGuard at certain times of the day?

ca flag
Francisco

I have a non-transparent proxy server (squid on debian 11) implemented with basic authentication. The web filtering is done with the squidGuard, in it create two groups of users: usradmins and usinternet. The blacklist used is the shallalist. I try to block access to entertainment content at a certain time of the day, but I can't configure the squidGuard acl taking into account the time. I do not properly handle the within and outisde directives.

the idea is to block the 'ocio' category, during 'hrrsociales' to the 'usrinternet' group, and keepthe permanent block over the categories adv, weapons, sex, porn, etc., for everyone.

This is the squidGuard configuration:

    time hrrsociales {
    weekly mtwhf 00:00 - 08:00
    weekly mtwhf 12:00 - 23:59
    weekly as 00:00 - 23:59
}

src usradmins {
    userlist /etc/squid/usuarios/admins
    ip 192.168.0.0/24
}

src usrinternet {
    userlist /etc/squid/usuarios/internet
    ip 192.168.0.0/24
}

#
# DESTINATION CLASSES:
#
dest ocio {
    domainlist automobile/bikes/domains
    urllist automobile/bikes/urls
    domainlist automobile/boats/domains
    urllist automobile/boats/urls
    domainlist automobile/cars/domains
    urllist automobile/cars/urls
    domainlist automobile/planes/domains
    urllist automobile/planes/urls
    domainlist costtraps/domains
    urllist costtraps/urls
    domainlist finance/banking/domains
    urllist finance/banking/urls
    domainlist finance/insurance/domains
    urllist finance/insurance/urls
    domainlist finance/moneylending/domains
    urllist finance/moneylending/urls
    domainlist finance/other/domains
    urllist finance/other/urls
    domainlist finance/realestate/domains
    urllist finance/realestate/urls
    domainlist finance/trading/domains
    urllist finance/trading/urls
    domainlist forum/domains
    urllist forum/urls
    domainlist hobby/cooking/domains
    urllist hobby/cooking/urls
    domainlist hobby/games-misc/domains
    urllist hobby/games-misc/urls
    domainlist hobby/games-online/domains
    urllist hobby/games-online/urls
    domainlist hobby/pets/domains
    urllist hobby/pets/urls
    domainlist homestyle/domains
    urllist homestyle/urls
    domainlist models/domains
    urllist models/urls
    domainlist movies/domains
    urllist movies/urls
    domainlist music/domains
    urllist music/urls
    domainlist picta/domains
    domainlist podcasts/domains
    urllist podcasts/urls
    domainlist recreation/humor/domains
    urllist recreation/humor/urls
    domainlist recreation/martialarts/domains
    urllist recreation/martialarts/urls
    domainlist recreation/restaurants/domains
    urllist recreation/restaurants/urls
    domainlist recreation/sports/domains
    urllist recreation/sports/urls
    domainlist recreation/travel/domains
    urllist recreation/travel/urls
    domainlist recreation/wellness/domains
    urllist recreation/wellness/urls
    domainlist shopping/domains
    urllist shopping/urls
    domainlist socialnet/domains
    urllist socialnet/urls
    log ocio
}

dest adv {
    domainlist adv/domains
    urllist    adv/urls
    log block
    redirect http://192.168.0.1/proxyerrors/blank.gif
}

dest aggressive {
    domainlist aggressive/domains
    urllist    aggressive/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest alcohol {
    domainlist alcohol/domains
    urllist    alcohol/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest anonvpn {
    domainlist anonvpn/domains
    urllist    anonvpn/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest chat {
    domainlist chat/domains
    urllist chat/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest dating {
    domainlist dating/domains
    urllist    dating/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest downloads {
    domainlist downloads/domains
    urllist downloads/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest drugs {
    domainlist drugs/domains
    urllist    drugs/urls
    log block
}

dest dynamic {
    domainlist dynamic/domains
    urllist dynamic/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest education {
    domainlist education/schools/domains
    urllist education/schools/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest fortunetelling {
    domainlist fortunetelling/domains
    urllist fortunetelling/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest gamble {
    domainlist gamble/domains
    urllist gamble/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest government {
    domainlist government/domains
    urllist government/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest hacking {
    domainlist hacking/domains
    urllist hacking/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest hospitals {
    domainlist hospitals/domains
    urllist hospitals/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest imagehosting {
    domainlist imagehosting/domains
    urllist imagehosting/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest isp {
    domainlist isp/domains
    urllist isp/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest jobsearch {
    domainlist jobsearch/domains
    urllist jobsearch/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest library {
    domainlist library/domains
    urllist library/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest military {
    domainlist military/domains
    urllist military/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest news {
    domainlist news/domains
    urllist news/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest politics {
    domainlist politics/domains
    urllist politics/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest porn {
    domainlist porn/domains
    urllist porn/urls
    log porn
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest redirector {
    domainlist redirector/domains
    urllist redirector/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest religion {
    domainlist religion/domains
    urllist religion/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest remotecontrol {
    domainlist remotecontrol/domains
    urllist remotecontrol/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest ringtones {
    domainlist ringtones/domains
    urllist ringtones/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest science {
    domainlist science/astronomy/domains
    urllist science/astronomy/urls
    domainlist science/chemistry/domains
    urllist science/chemistry/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest searchengines {
    domainlist searchengines/domains
    urllist searchengines/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest sex {
    domainlist sex/education/domains
    urllist    sex/education/urls
    domainlist sex/lingerie/domains
    urllist    sex/lingerie/urls
    log porn
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest spyware {
    domainlist spyware/domains
    urllist spyware/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest tracker {
    domainlist tracker/domains
    urllist tracker/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest updatesites {
    domainlist updatesites/domains
    urllist updatesites/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest urlshortener {
    domainlist urlshortener/domains
    urllist urlshortener/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest violence {
    domainlist violence/domains
    urllist violence/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t&cond=socialnettimeout
}

dest warez {
    domainlist warez/domains
    urllist warez/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest weapons {
    domainlist weapons/domains
    urllist    weapons/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest webmail {
    domainlist webmail/domains
    urllist    webmail/urls
    log block
}

dest webphone {
    domainlist webphone/domains
    urllist    webphone/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
}

dest webradio {
    domainlist webradio/domains
    urllist webradio/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t&cond=socialnettimeout
}

dest webtv {
    domainlist webtv/domains
    urllist webtv/urls
    log block
    redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t&cond=socialnettimeout
}

#
# ACL RULES:
#

acl {
    usradmins within hrrsociales {
        pass anonvpn downloads dynamic forum hacking imagehosting isp jobsearch redirector urlshortener warez ocio all
        redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
    }
    else {
        pass anonvpn downloads dynamic education forum hacking imagehosting isp jobsearch hospitals government library news politics redirector science searchengines tracker urlshortener warez webmail webphone webtv ocio all
        redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t
    }
    
    usrinternet within hrrsociales {
        pass ocio all
        redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t&cond=socialnettimeout
    }
    
    default {
        pass !adv !aggressive !alcohol !anonvpn !downloads !dynamic !forum !hacking !imagehosting !isp !jobsearch !chat !drugs !fortunetelling !gamble !military !porn !remotecontrol !redirector !sex !spyware !updatesites !urlshortener !violence !warez !weapons !webradio !webphone !webtv !ocio all
        redirect http://192.168.0.1/proxyerrors/squidGuard.php?caddr=%a&cname=%n&user=%i&group=&s&url=%u&target=%t&cond=socialnettimeout
    }
}
75
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.