Why am I using SquidGuard?
Having children in the house, I would like them to be able to browse the internet as safely as possible, and block as many offensive sites as possible. After a bit of looking around, I decided on the combination of squid (http://www.squid-cache.org) and SquidGuard (http://squidguard.org/index.html).
I’ve used squid before and it is really easy to set up and use. There are a huge number of options, but the default settings work well enough without doing too much. There are also lots of recipes available that other people have taken the time to write, so help is always at hand.
Again most (if not all) Linux distributions provide a ready packaged Squid distribution, so the amount of effort required to install it rally is minimal.
If you are running a small home network, then you only need to install this on one machine and tell every other machine to use it. This can be done automatically – more on this in another post.
To provide protection against unsuitable sites, I pair Squid with SquidGuard. The way this works is that Squid passes every link to every page requested to SquidGuard. SquidGuard examines this link and compares it to its database (more on this later) of unsuitable sites. If it finds a match it returns a replacement URL which Squid then returns to the user.
The first is to install Squid and check it works. Follow your distribution’s instructions to set it up.
Change your browser settings to tell it to use squid as its proxy ( you’ll need the machine address and port). Browse some pages to check it all works.
Install and test SquidGuard
The next step required is to install SquidGuard. If you are lucky then your distribution may have this packaged already for you.
If not head on over to http://squidguard.org/ and grab the download.
Again there are plenty of instructions about how to do this on the web (and the guide on the squidGuard itself shows how easy it is).
All that’s required to tell Squid to use squidGuard is the following line. This simply tells squid to run every URL through this.
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf
If you have installed from a package manager, then this may have been included for you.
How do we test squidGuard? Well, the obvious way is to try and browse an unsuitable site! If it’s blocked – it works! If you see it, it doesn’t.
Maintaining the lists
There are several sites which have lists of sites – both whitelists and blacklists. If you’ve installed squidGuard, you’ve probably entered a few sites to always allow (for example, some news sites), and some to always block (maybe games you don’t want your children to access).
The two sites I use are:
When you update the lists you want to keep your changes, so we need to combine the lists.
The quick and dirty script here downloads the blacklists and combines the lines into the existing databases and then alters the squidGuard configuration file to include and new lists. Here is the
update_blacklist file. Feel free to use/modify/criticise!