Videocache is no longer in development.
videocache and squid working but squidGuard not blocking
by Anonymous on 16 Jan 2009I've configure videocache on fedora core 9 with the newest rpm packages , it's work perfectly, than i configure zapchain to make videocache and squidGuard working together in squid (as describe in videocache hacks), than problem occurs videocache working but squidGuard stop blocking forbidden site but from system process squidGuard is loaded as usual.
Than I make some modification on videocache configuration on squid.conf, i've comment out all except :
url_rewrite_program /usr/local/bin/zapchain "/usr/bin/squidGuard -c /etc/squid/squidGuard.conf" "/usr/bin/python2.5 /usr/share/videocache/videocache.py"
than squidGuard start blocking site again but videocache not caching video. can you please help me to find the error ?
Adzanny - Indonesia
4 Answers
by bellera on
16 Jan 2009
Hello!
Do you see squidGuard & videocache processes looking with ps command?
ps -aux | grep squidGuard
ps -aux | grep videocache
If yes, they are working together.
Are your squidGuard making any redirection for denied pages? Example (squidGuard.conf):
default {
pass none
redirect http://localwebserver/denied_form.html
log squidGuard.log.filter
}
If not, perhaps you need to do it. I have a squidGuard.conf similar to above example.
I think you must ensure that the second redirector (videocache) will receive a different URL from the first redirector (squidGuard). It can be anything, an empty page or a denied form page for your users.
Try this question and comment to us the results, please.
Regards,
Josep Pujadas
by Anonymous on
17 Jan 2009
Yes, I check with ps command both squidGuard and videocache is running, but squidGuard still not bloking forbiden site. Maybe you can help me to find error in my config file ?
squid.conf
#-----------------------------------------
#PORT
#-----------------------------------------
http_port 3128 transparent
#-----------------------------------------
#PROXY
#-----------------------------------------
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \\?
no_cache deny QUERY
#-----------------------------------------
# ADMINISTRATIVE PARAMETERS
#-----------------------------------------
cache_mgr adzanny
visible_hostname 192.168.1.1
cache_effective_user squid
cache_effective_group squid
#-----------------------------------------
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#-----------------------------------------
cache_dir ufs /mnt/data/squid 40000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
client_netmask 255.255.255.255
unlinkd_program /usr/lib/squid/unlinkd
cache_mem 16 MB
cache_swap_low 75%
cache_swap_high 85%
minimum_object_size 0 KB
maximum_object_size 50 MB
maximum_object_size_in_memory 32 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDFS
log_fqdn off
buffered_logs off
#-----------------------------------------
#SQUID AUTHENTICATION
#-----------------------------------------
auth_param basic children 5
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#-----------------------------------------
# OPTIONS FOR TUNING THE CACHE
#-----------------------------------------
refresh_pattern /.gif 10080 100% 43200
refresh_pattern /.jpg 10080 100% 43200
refresh_pattern /.jpeg 10080 100% 43200
refresh_pattern /.png 10080 100% 43200
refresh_pattern /.ico 10090 100% 43200
refresh_pattern ^http://www.friendster.com/.* 720 100% 10080
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 10080
refresh_pattern ^http://*.yahoo.*/.* 720 100% 7200
refresh_pattern ^http://*.google.com/.* 720 100% 10080
refresh_pattern ^http://kaskus.us*/.* 720 100% 28800
refresh_pattern ^http://*.blogsome.com/.* 720 80% 10080
refresh_pattern ^http://*.wordpress.com/.* 720 80% 10080
refresh_pattern ^http://detik.com/.* 720 90% 2880
refresh_pattern ^http://google.co.id/.* 720 90% 2880
refresh_pattern ^http://okezone.com/.* 720 90% 2880
refresh_pattern ^ftp: 14400 90% 43200
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 50% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
range_offset_limit 0 KB
#-----------------------------------------
# TIMEOUTS
#-----------------------------------------
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 10 minutes
connect_timeout 360 seconds
read_timeout 15 minutes
request_timeout 360 seconds
pconn_timeout 120 seconds
ident_timeout 10 seconds
client_lifetime 1 day
half_closed_clients off
shutdown_lifetime 30 seconds
announce_period 7 day
#-----------------------------------------
# ACCESS CONTROLS
#-----------------------------------------
acl SSL_ports port 443 563 21 6667 563 5432
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl manager proto cache_object
acl ftp proto FTP
acl localhost src 127.0.0.1/32
acl FREE src 192.168.1.0/24
acl ENGINEERING src 192.168.2.3-192.168.2.253
acl HRDGA src 192.168.3.0/24
acl INTERNET src 192.168.4.0/24
acl LAN src 192.168.0.0/16
acl ADMIN src 192.168.2.1/32 192.168.2.2/32
acl SERVER src 192.168.1.1/32
acl ncsa_users proxy_auth REQUIRED
acl CONNECT method CONNECT
always_direct allow localhost
always_direct allow ADMIN
http_access allow manager SERVER
http_access allow manager localhost
http_access deny manager
http_access allow ftp
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ADMIN
http_access allow LAN
http_access deny all
# DELAY POOL PARAMETERS
acl limitfile url_regex -i \\.exe
acl limitfile url_regex -i \\.mp3
acl limitfile url_regex -i \\.vqf
acl limitfile url_regex -i \\.gz
acl limitfile url_regex -i \\.rpm
acl limitfile url_regex -i \\\\.zip
acl limitfile url_regex -i \\.rar
acl limitfile url_regex -i \\.avi
acl limitfile url_regex -i \\.mpeg
acl limitfile url_regex -i \\.mpe
acl limitfile url_regex -i \\.mpg
acl limitfile url_regex -i \\.wmv
acl limitfile url_regex -i \\.divx
acl limitfile url_regex -i \\.mov
acl limitfile url_regex -i \\.asf
acl limitfile url_regex -i \\.rm
acl limitfile url_regex -i \\.rmvb
acl limitfile url_regex -i \\.qt
acl limitfile url_regex -i \\.ram
acl limitfile url_regex -i \\.iso
acl limitfile url_regex -i \\.raw
acl limitfile url_regex -i \\.wav
acl limitfile url_regex -i \\.flv
acl limitfile url_regex -i \\.tgz
acl limitfile url_regex -i \\.bz
acl limitfile url_regex -i \\.bz2
acl limitfile url_regex -i \\.cab
acl limitfile url_regex -i \\.avm
acl limitfile url_regex -i \\.dat
acl limitfile url_regex -i \\.pdf
acl limitfile url_regex -i \\.3gp
acl limitfile url_regex -i \\.flv
acl limitfile url_regex -i \\.swf
acl limitfile url_regex -i ^ftp:
delay_pools 2
#Limit limitfile
delay_class 1 2
delay_parameters 1 20000/20000 8000/64000
delay_access 1 deny ADMIN
delay_access 1 allow ENGINEERING HRDGA
delay_access 1 allow limitfile
delay_access 1 deny all
#Unlimit internet
delay_class 2 2
delay_parameters 2 -1/-1 -1/-1
delay_access 2 allow LAN
delay_access 2 deny all
# --BEGIN-- videocache config for squid
url_rewrite_program /usr/local/bin/zapchain "/usr/bin/squidGuard -c /etc/squid/squidGuard.conf" "/usr/bin/python2.5 /usr/share/videocache/videocache.py"
acl videocache_allow_url url_regex -i \\.youtube\\.com\\/get_video
acl videocache_allow_url url_regex -i \\.cache[a-z0-9]?[a-z0-9]?[a-z0-9]?\\.googlevideo\\.com\\/videoplayback
acl videocache_allow_url url_regex -i \\.cache[a-z0-9]?[a-z0-9]?[a-z0-9]?\\.googlevideo\\.com\\/get_video
acl videocache_allow_url url_regex -i proxy\\-[0-9][0-9]\\.dailymotion\\.com\\/
acl videocache_allow_url url_regex -i [a-z0-9][0-9a-z][0-9a-z]?[0-9a-z]?[0-9a-z]?\\.xtube\\.com\\/(.*)flv
acl videocache_allow_url url_regex -i bitcast\\.vimeo\\.com\\/vimeo\\/videos\\/
acl videocache_allow_url url_regex -i va\\.wrzuta\\.pl\\/wa[0-9][0-9][0-9][0-9]?
acl videocache_allow_url url_regex -i \\.files\\.youporn\\.com\\/(.*)\\/flv\\/
acl videocache_allow_url url_regex -i \\.msn\\.com\\.edgesuite\\.net\\/(.*)\\.flv
acl videocache_allow_dom dstdomain v.mccont.com vp.video.google.com dl.redtube.com
acl videocache_deny_url url_regex -i http:\\/\\/[a-z][a-z]\\.youtube\\.com http:\\/\\/www\\.youtube\\.com
url_rewrite_access deny videocache_deny_url
url_rewrite_access allow videocache_allow_url
url_rewrite_access allow videocache_allow_dom
#redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 5
url_rewrite_children 5
redirect_children 5
redirector_bypass on
# --END-- videocache config for squid
squidGuard.conf
#
# CONFIG FILE FOR SQUIDGUARD
#
dbhome /var/squidGuard/blacklists/blacklists
logdir /var/log/squid
#
# SOURCE ADDRESSES:
#
src client {
ip 192.168.3.0/24
ip 192.168.2.3-192.168.2.254
}
src admin {
ip 192.168.2.1/255.255.255.255
ip 192.168.2.2/255.255.255.255
}
src server {
ip 192.168.1.1/255.255.255.255
ip 10.0.0.2/255.255.255.255
}
time afterwork {
weekly * 00:01-07:59 12:00-13:00 16:01-23:59 # Jam istirahat kerja
weekly saturdays 14:00-15:30 # Hari Sabtu
weekly sundays 00:00-24:00 # Hari Minggu
date *.08.17 # Hari Kemerdekaan
date *.12.25 # Martujes
date *.01.01 # Tahun baru
date 2008.12.29 # Tahun Baru Hijriah
}
#
# DESTINATION CLASSES:
#
dest adult_1 {
domainlist porn_eng_1/domains
urllist porn_eng_1/urls
expressionlist porn_eng_1/expressions
log pornaccess_adult_1
}
dest adult_2 {
domainlist porn_eng_2/domains
urllist porn_eng_2/urls
log pornaccess_adult_2
}
dest adult_3 {
domainlist porn_eng_3/domains
urllist porn_eng_3/urls
log pornaccess_adult_3
}
dest adult_indo {
urllist porn_indo/ads
domainlist porn_indo/domains
log pornaccess_indo
}
#dest ads {
# domainlist ads/domains
# urllist ads/urls
#}
dest proxy {
domainlist proxy/domains
urllist proxy/urls
log pornaccess_proxy
}
dest whitelist {
domainlist whitelist/domains
urllist whitelist/urls
expressionlist whitelist/expressions
}
dest openblok {
domainlist openblok/domains
}
dest openadmin {
domainlist openadmin/domains
}
rewrite google {
s@(google.co.id/search.*q=.*)@\\1\\&safe=active@i
s@(google.co.id/images.*q=.*)@\\1\\&safe=active@i
s@(google.co.id/groups.*q=.*)@\\1\\&safe=active@i
s@(google.co.id/news.*q=.*)@\\1\\&safe=active@i
s@(google.com/search.*q=.*)@\\1\\&safe=active@i
s@(google.com/images.*q=.*)@\\1\\&safe=active@i
s@(google.com/groups.*q=.*)@\\1\\&safe=active@i
s@(google.com/news.*q=.*)@\\1\\&safe=active@i
# log google
}
acl {
client within afterwork {
rewrite google
pass whitelist openblok !adult_1 !adult_2 !adult_3 !adult_indo !proxy all
redirect http://192.168.1.1/blok.html?caddr=%a&cname=%n&user=%i&group=%s&url=%u&target=%t&urix=%p
}
else {
rewrite google
pass whitelist !openblok !adult_1 !adult_2 !adult_3 !adult_indo !proxy all
redirect http://192.168.1.1/blok.html?caddr=%a&cname=%n&user=%i&group=%s&url=%u&target=%t&urix=%p
}
admin {
rewrite google
pass whitelist openblok openadmin !adult_1 !adult_2 !adult_3 !adult_indo !proxy all
redirect http://192.168.1.1/blok.html?caddr=%a&cname=%n&user=%i&group=%s&url=%u&target=%t&urix=%p
}
#server {
#pass all
#}
default {
pass none
redirect http://192.168.1.1/nonregister.html
}
}
videocache.conf
[main]
# file : /etc/videocache.conf
enable_video_cache = 1
cache_host = 192.168.1.1
proxy = http://192.168.1.1:3128/
proxy_username =
proxy_password =
base_dir = /mnt/data/videocache/
temp_dir = tmp
max_parallel_downloads = 30
logdir = /var/log/videocache/
max_logfile_size = 10
max_logfile_backups = 10
rpc_host = 127.0.0.1
rpc_port = 9100
enable_youtube_cache = 1
youtube_cache_dir = youtube
youtube_cache_size = 0
max_youtube_video_size = 0
min_youtube_video_size = 0
enable_metacafe_cache = 1
metacafe_cache_dir = metacafe
metacafe_cache_size = 0
max_metacafe_video_size = 0
min_metacafe_video_size = 0
enable_dailymotion_cache = 1
dailymotion_cache_dir = dailymotion
dailymotion_cache_size = 0
max_dailymotion_video_size = 0.
min_dailymotion_video_size = 0
enable_google_cache = 1
google_cache_dir = google
google_cache_size = 0
max_google_video_size = 0
min_google_video_size = 0
enable_redtube_cache = 0
redtube_cache_dir = redtube
redtube_cache_size = 0
max_redtube_video_size = 0
min_redtube_video_size = 0
enable_xtube_cache = 0
xtube_cache_dir = xtube
xtube_cache_size = 0
max_xtube_video_size = 0
min_xtube_video_size = 0
enable_vimeo_cache = 1
vimeo_cache_dir = vimeo
vimeo_cache_size = 0
max_vimeo_video_size = 0
min_vimeo_video_size = 0
enable_wrzuta_cache = 1
wrzuta_cache_dir = wrzuta
wrzuta_cache_size = 0
max_wrzuta_video_size = 0
min_wrzuta_video_size = 0
enable_youporn_cache = 0
youporn_cache_dir = youporn
youporn_cache_size = 0
max_youporn_video_size = 0
min_youporn_video_size = 0
enable_soapbox_cache = 1
soapbox_cache_dir = soapbox
soapbox_cache_size = 0
max_soapbox_video_size = 0
min_soapbox_video_size = 0
by bellera on
17 Jan 2009
Hello a new time!
Comment (for testing) all your
acl videocache_allow_url
acl videocache_deny_url
lines at squid.conf. You don't need it, and probably they origine your problem.
You don't need it. All URLs must be passed to zapchain (and zapchain passes to squidGuard and videocache).
Please, say the results for your test ...
Regards,
Josep Pujadas
by Anonymous on
19 Jan 2009
At last it works, I comment all acl's and url_rewrite for videocache at squid.conf, and there are some mistake in squidGuard.conf
#server {
#pass all
#}
should be
server {
pass all
}
then
I delete all videocache cache
/usr/sbin/update-vc
squid -k reconfigure
That's All
Thanks Bellera