Страница 1 из 1

FreeBSD squid-3.5.5 + sams2-2.0.0_2 + rejik-3.2.11_1

Добавлено: Пн июн 15, 2015 17:40
Sindikat88
Камрады, приветствую!
Установлена связка из squid-3.5.5 + sams2-2.0.0_2 + rejik-3.2.11_1
Проблема в следующем, при принудительной блокировке в Самсе пользователь не блокируется. Так же не блокируется URL.
Немного о себе:

Код: Выделить всё

FreeBSD free 10.1-RELEASE-p10 FreeBSD 10.1-RELEASE-p10 #0: Wed May 13 06:54:13 UTC 2015     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
Конфиг сквида:

Код: Выделить всё

auth_param ntlm program /usr/local/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20

auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl authusers proxy_auth REQUIRED
http_access allow authusers

http_port 3128


refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

# TAG: acl
acl Sams2Time1 time MTWHFAS 23:00-23:59
acl Sams2Template2 proxy_auth biliy.sergey

# TAG: url_rewrite_access
acl Sams2Proxy dst 192.168.0.7
url_rewrite_access deny Sams2Proxy

# TAG: url_rewrite_program
redirect_program /usr/local/rejik3/redirector /usr/local/rejik3/redirector.conf
# TAG: url_rewrite_children
url_rewrite_children 5

# TAG: delay_pools

# TAG: delay_class

# TAG: delay_access

#  TAG: access_log

#  TAG: cache_log

#  TAG: pid_filename

#  TAG: netdb_filename

# TAG: delay_parameters

# TAG: http_access
# Setup Sams2 HTTP Access here
http_access allow Sams2Template2
# TAG: http_access2

# TAG: icp_access

#
http_access deny all
Конфиг самса

Код: Выделить всё

;
; This is config file for sams2
; A line started with ; or # is a comment
;

; Database engine
; To use an engine it must be enabled during configuration
DB_ENGINE=MySQL
;DB_ENGINE=PostgreSQL
;DB_ENGINE=unixODBC

; Hostname where database is runing
; This parameter is not neccesary for unixODBC engine
DB_SERVER=localhost

; Database name
SAMS_DB=sams2db

;
ODBC=0
PDO=0
; Source as defined in odbc.ini
; This parameter is not neccesary for engine other than unixODBC
ODBCSOURCE=sams_mysql

; Username for database connection
DB_USER=user

; Password for database connection
DB_PASSWORD=pass

SQUIDCACHEFILE=access.log
SQUIDROOTDIR=/usr/local/etc/squid
SQUIDLOGDIR=/var/log/squid
SQUIDCACHEDIR=/var/squid/cache

WBINFOPATH=/usr/local
SAMSPATH=/usr/local
SQUIDPATH=/usr/local/sbin
SQUIDGUARDLOGPATH=/var/log
SQUIDGUARDDBPATH=/var/db/squidguard
RECODECOMMAND=iconv -f KOI8-R -t 866 %finp > %fout
REJIKPATH=/usr/local/rejik3
SHUTDOWNCOMMAND=shutdown -h now

; Proxy id
; Identificator of proxy, starting from 1
CACHENUM=1
Конфиг Режика

Код: Выделить всё

error_log /usr/local/rejik3/redirector.err
change_log /usr/local/rejik3/redirector.log
make-cache /usr/local/rejik3/make-cache


<BANNER>
ban_dir /usr/local/rejik3/banlists/banners
url http://127.0.0.1/ban/1x1.gif

<PORNO>
ban_dir  /usr/local/rejik3/banlists/porno
url http://127.0.0.1/ban/porno.html

<MP3>
ban_dir /usr/local/rejik3/banlists/mp3
url http://127.0.0.1/ban/mp3.html

<JS>
ban_dir /usr/local/rejik3/banlists/js
url http://127.0.0.1/ban/js.js
redirector.err

Код: Выделить всё

2015-06-15 16:25:56 [864] Run make-cache (3.2.11)
2015-06-15 16:25:56 [864] Make-cache finished
2015-06-15 16:25:56 [864] Load 658 rules from /usr/local/rejik3/banlists/banners/urls.cache
2015-06-15 16:25:56 [864] Load 8 pattern from BANNER pcre
2015-06-15 16:25:56 [864] Load 22283 rules from /usr/local/rejik3/banlists/porno/urls.cache
2015-06-15 16:25:56 [864] Load 5 pattern from MP3 pcre
2015-06-15 16:25:56 [864] Load 1 rules from /usr/local/rejik3/banlists/js/urls.cache
2015-06-15 16:25:56 [864] Redirector start and working (3.2.11)
2015-06-15 16:26:03 [986] Run make-cache (3.2.11)
2015-06-15 16:26:03 [987] Waiting for make-cache finished
2015-06-15 16:26:03 [986] Make-cache finished
2015-06-15 16:26:03 [986] Load 658 rules from /usr/local/rejik3/banlists/banners/urls.cache
2015-06-15 16:26:03 [986] Load 8 pattern from BANNER pcre
2015-06-15 16:26:03 [986] Load 22283 rules from /usr/local/rejik3/banlists/porno/urls.cache
2015-06-15 16:26:03 [989] Run make-cache (3.2.11)
2015-06-15 16:26:03 [986] Load 5 pattern from MP3 pcre
2015-06-15 16:26:03 [986] Load 1 rules from /usr/local/rejik3/banlists/js/urls.cache
2015-06-15 16:26:03 [986] Redirector start and working (3.2.11)
2015-06-15 16:26:03 [988] Waiting for make-cache finished
2015-06-15 16:26:03 [989] Make-cache finished
2015-06-15 16:26:03 [989] Load 658 rules from /usr/local/rejik3/banlists/banners/urls.cache
2015-06-15 16:26:03 [989] Load 8 pattern from BANNER pcre
2015-06-15 16:26:03 [989] Load 22283 rules from /usr/local/rejik3/banlists/porno/urls.cache
2015-06-15 16:26:03 [989] Load 5 pattern from MP3 pcre
2015-06-15 16:26:03 [989] Load 1 rules from /usr/local/rejik3/banlists/js/urls.cache
2015-06-15 16:26:03 [989] Redirector start and working (3.2.11)
2015-06-15 16:26:04 [987] Make-cache finished detected, continue
2015-06-15 16:26:04 [987] Load 658 rules from /usr/local/rejik3/banlists/banners/urls.cache
2015-06-15 16:26:04 [987] Load 8 pattern from BANNER pcre
2015-06-15 16:26:04 [987] Load 22283 rules from /usr/local/rejik3/banlists/porno/urls.cache
2015-06-15 16:26:04 [987] Load 5 pattern from MP3 pcre
2015-06-15 16:26:04 [987] Load 1 rules from /usr/local/rejik3/banlists/js/urls.cache
2015-06-15 16:26:04 [987] Redirector start and working (3.2.11)
2015-06-15 16:26:04 [988] Make-cache finished detected, continue
2015-06-15 16:26:04 [988] Load 658 rules from /usr/local/rejik3/banlists/banners/urls.cache
2015-06-15 16:26:04 [988] Load 8 pattern from BANNER pcre
2015-06-15 16:26:04 [988] Load 22283 rules from /usr/local/rejik3/banlists/porno/urls.cache
2015-06-15 16:26:04 [988] Load 5 pattern from MP3 pcre
2015-06-15 16:26:04 [988] Load 1 rules from /usr/local/rejik3/banlists/js/urls.cache
2015-06-15 16:26:04 [988] Redirector start and working (3.2.11)
лог редиректора

Код: Выделить всё

2015-06-15 16:08:59 BANNER: 192.168.1.25  biliy.sergey counter.yadro.ru:443 (urls rule: yadro.ru)
2015-06-15 16:08:59 PORNO: 192.168.1.25  biliy.sergey bar.love.mail.ru:443 (urls rule: love.mail.ru)
2015-06-15 16:09:00 BANNER: 192.168.1.25  biliy.sergey bs.yandex.ru:443 (urls rule: bs.yandex.ru)
2015-06-15 16:14:39 BANNER: 192.168.1.25  biliy.sergey counter.yadro.ru:443 (urls rule: yadro.ru)
2015-06-15 16:14:39 BANNER: 192.168.1.25  biliy.sergey ad.adriver.ru:443 (urls rule: adriver.ru)
2015-06-15 16:14:39 BANNER: 192.168.1.25  biliy.sergey bs.yandex.ru:443 (urls rule: bs.yandex.ru)
2015-06-15 16:14:39 PORNO: 192.168.1.25  biliy.sergey bar.love.mail.ru:443 (urls rule: love.mail.ru)
2015-06-15 16:16:36 BANNER: 192.168.1.25  biliy.sergey counter.yadro.ru:443 (urls rule: yadro.ru)
2015-06-15 16:16:36 BANNER: 192.168.1.25  biliy.sergey ad.adriver.ru:443 (urls rule: adriver.ru)
2015-06-15 16:16:37 PORNO: 192.168.1.25  biliy.sergey bar.love.mail.ru:443 (urls rule: love.mail.ru)
2015-06-15 16:16:37 BANNER: 192.168.1.25  biliy.sergey bs.yandex.ru:443 (urls rule: bs.yandex.ru)
2015-06-15 16:21:36 PORNO: 192.168.1.25  biliy.sergey bar.love.mail.ru:443 (urls rule: love.mail.ru)
2015-06-15 16:26:03 BANNER: 192.168.1.25  biliy.sergey counter.yadro.ru:443 (urls rule: yadro.ru)
2015-06-15 16:26:04 PORNO: 192.168.1.25  biliy.sergey bar.love.mail.ru:443 (urls rule: love.mail.ru)
2015-06-15 16:26:04 BANNER: 192.168.1.25  biliy.sergey bs.yandex.ru:443 (urls rule: bs.yandex.ru)
2015-06-15 16:31:04 PORNO: 192.168.1.25  biliy.sergey bar.love.mail.ru:443 (urls rule: love.mail.ru)
2015-06-15 16:36:04 PORNO: 192.168.1.25  biliy.sergey bar.love.mail.ru:443 (urls rule: love.mail.ru)
Камрады, подскажите, где я ошибся?
На старом шлюзе у меня таких проблем не было (там был сквид 2.7)

Re: FreeBSD squid-3.5.5 + sams2-2.0.0_2 + rejik-3.2.11_1

Добавлено: Вт июн 16, 2015 8:58
Slava
Самс добавляется секции в конфиг режика, у Вас я таких секций не вижу, может у самса нет прав?
В любом случае, чтобы режик что-то заблокировал, у него должна быть секция в конфиге и набор правил для этой секции.
Если дополнительно блокируете пользователя, то его логин должен появится где-то в файлах режика.

Re: FreeBSD squid-3.5.5 + sams2-2.0.0_2 + rejik-3.2.11_1

Добавлено: Вт июн 16, 2015 10:50
Sindikat88
А никто не может воспроизвести команду самса на блокирование пользователя?

Re: FreeBSD squid-3.5.5 + sams2-2.0.0_2 + rejik-3.2.11_1

Добавлено: Ср июн 17, 2015 10:50
Sindikat88
После отката на версия 1.0.5 все заработало