By John C. Rucker (Page 5 of 10)
Squid Logo
Well, before we can actually work on the content filter, we need to setup the program that DansGuardian relies on: Squid. Open /etc/squid/squid.conf for editing. Click on the "Find" button on the gedit toolbar, and search for http_port 3128. Change this to http_port 3128 transparent. Now go to the very end of the file and add the following line:
visible_hostname dgserver
Click on the "Find" button again and search for access_log. You'll see a large commented section of text. At the bottom of that section you'll see the default value of access_log /var/log/squid/access.log squid. Insert right below that access_log none. As you might guess, this disables the log of what the web pages Squid is processing. By turning this off we'll improve performance as well as preserve the privacy of your patrons. With the logging turned on (the default setting) there would be a record saved on your server of every web page that everyone going through the filter requests. You may save and close the file.
Well, that depends...do you want to let your patrons view Facebook pages? The version of Squid that ships with Ubuntu Hardy has no support for HTTP version 1.1, only version 1. Normally this shouldn't matter, since the HTTP spec says web sites using HTTP 1.1 should gracefully degrade and use HTTP 1 for clients who don't support the newer version. Unfortunately, a small number of web sites—like Facebook—don't play by the rules sometimes, and the result is your patrons will sometimes—though not every time—see a blank white screen when they log into Facebook. If you can live with this, go on to the next section. If you want Facebook to work all the time, read on...
Ubuntu Hardy has an older version of Squid, true, but we need to use Hardy because it's the latest Long-Term Support (LTS) release from Ubuntu. And we definitely want the LTS version so I don't have to redo this tutorial more often than every 2 years :-). So what we'll do is download a version of Squid that ships with Ubuntu 9.4 "Jaunty". That's not an LTS release, but the Jaunty packages will work in Hardy. The easiest way to do this upgrade is via the terminal, so launch it again: Applications -> Accessories -> Terminal. You'll need to download several files that also need to be updated, so we'll make a new folder to keep everything neat. Just copy the 5 commands below one at a time and paste them into your terminal window and press enter, entering your password as needed.
1) cd ~/ 2) mkdir squid_updates 3) cd squid_updates 4) wget http://mirror.mcs.anl.gov/pub/ubuntu/pool/main/f/findutils/findutils_4.4.0-2ubuntu4_i386.deb http://mirror.mcs.anl.gov/pub/ubuntu/pool/main/g/glibc/libc6_2.9-4ubuntu6_i386.deb http://mirror.mcs.anl.gov/pub/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2_i386.deb http://mirror.mcs.anl.gov/pub/ubuntu/pool/main/d/db/libdb4.7_4.7.25-6ubuntu1_i386.deb http://mirror.mcs.anl.gov/pub/ubuntu/pool/main/l/lsb/lsb-base_3.2-20ubuntu4_all.deb http://mirror.mcs.anl.gov/pub/ubuntu/pool/main/s/squid/squid-common_2.7.STABLE3-4.1ubuntu1_all.deb http://mirror.mcs.anl.gov/pub/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1_i386.deb 5) sudo dpkg -i *
You'll be asked to confirm a few things:
Press enter to answer "OK":
Press enter to answer "OK":
You may need to press the tab key here to highlight "OK" before you can press enter:
You may now close the terminal. Open /etc/squid/squid.conf for editing again and go all the way to the bottom of the file. Paste in the following two lines, then save and close the file.
# HTTP 1.1 Fix for Facebook, etc. server_http11 on
That's it. Now Facebook will consistently work for people—once we finish the rest of the tutorial.
Previous Page: Configuring DHCP Server and Shorewall
Next Page: Configuring DansGuardian