# # CONFIG FILE FOR SQUIDGUARD # généré par le paquet se3-internet à partir d'un fichier type LCS # # ATTENTION, ce fichier devra probablement être modifié à la main pour s'adapter à votre config # et copié sur le proxy dans le répartoire /etc/squid # # ne pas oublier de reconstruire les bases : su proxy squidGuard -C all # squid -k reconfigure # #$Id: squidGuard.conf 3280 2008-10-12 20:40:29Z dbo $# dbhome /var/lib/squidguard/blacklists logdir /var/log/squid # # TIME RULES: # abbrev for weekdays: # s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat # autant de plages que nécessaire peuvent être définies (cours1...coursn) # si plus de 5, il faudra adapter la page /var/www/se3/se3-internet/connexions-individus.php # il faudra également ajouter les src correspondant et les acls # adapter les horaires ci-dessous au besoin time cours1 { weekly mtwhf 08:00 - 09:50 } time cours2 { weekly mtwhf 08:00 - 12:00 } time cours3 { weekly mtwhf 08:00 - 13:30 } time cours4 { weekly mtwhf 08:00 - 15:20 } time cours5 { weekly mtwhf 08:00 - 17:30 } time soir { weekly mtwhf 17:30 - 23:00 weekly * 06:00 - 08:00 weekly saturday 08:00 - 24:00 weekly sunday 08:00 - 23:00 } time pause { weekly mtwhf 09:50 - 10:10 weekly mtwhf 12:00 - 13:30 weekly mtwhf 15:20 - 15:40 weekly * 17:30 - 23:00 weekly * 06:00 - 08:00 weekly saturday 06:00 - 24:00 weekly sunday 06:00 - 23:00 } # # REWRITE RULES: # #rew dmz { # s@://admin/@://admin.foo.bar.no/@i # s@://foo.bar.no/@://www.foo.bar.no/@i #} # # SOURCE ADDRESSES: # # liste permettant de conserver des postes ou sous réseau non soumis au contrôle # src surf-bypass { # iplist ip_sources/surf-bypass # ip 172.16.1.0/24 # ip 172.16.100.123 } # ldap cache time in seconds ldapcachetime 60 src internet { # laisse passer tous les postes ayant les droits internet ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:interne*:tous)) } src internet-pause { # laisse passer tous les postes internet-pause durant les pauses ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:internet-pause:*)) } src internet-cours { # laisse passer tous les postes internet-cours sauf durant les pauses ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:internet-cours:*)) } src internet-soir { # laisse passer tous les postes internet-soir le soir ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:internet-soir:*)) } src internet-cours1 { # laisse passer tous les postes enregistrés pour le cours1 ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:interne*:cours1)) } src internet-cours2 { # laisse passer tous les postes enregistrés pour le cours2 ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:interne*:cours2)) } src internet-cours3 { # laisse passer tous les postes enregistrés pour le cours3 ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:interne*:cours3)) } src internet-cours4 { # laisse passer tous les postes enregistrés pour le cours4 ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:interne*:cours4)) } src internet-cours5 { # laisse passer tous les postes enregistrés pour le cours5 ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:interne*:cours5)) } src intranet { # filtre tous les postes ayant les droits intranet ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:intranet*)) } src aucun { # filtre tous les postes ayant les droits aucun (punis ou non configurés) ldapipsearch ldap://#LDAPIP#/#COMPUTERSRDN#,#BASEDN#?iphostnumber?sub?(&(&(objectclass=iphost)(iphostnumber=%s))(destinationIndicator=*:aucun:*)) } # utile dans le cas de l'utilisation d'un proxy ftp (frox) src proxy-ftp { ip #PROXYIP# } # # DESTINATION CLASSES: # # Liste blanche de sites accessibles meme en cas de restrictions. # très utile pour laisser des sites en accès libre (google, wikipedia,...) dest whitelists { # domainlist whitelists/domains # urllist whitelists/urls } # liste issu de LCS dest lcs { domainlist lcs/domains urllist lcs/urls } dest webmail { domainlist webmail/domains } dest forums { domainlist forums/domains urllist forums/urls } dest ads { domainlist ads/domains urllist ads/urls } dest aggressive { domainlist aggressive/domains urllist aggressive/urls } dest audio-video { domainlist audio-video/domains urllist audio-video/urls } dest drugs { domainlist drugs/domains urllist drugs/urls } dest gambling { domainlist gambling/domains urllist gambling/urls } dest hacking { domainlist hacking/domains urllist hacking/urls } dest mail { domainlist mail/domains } dest porn { domainlist porn/domains urllist porn/urls } dest proxy { domainlist proxy/domains urllist proxy/urls } dest violence { domainlist violence/domains urllist violence/urls } dest warez { domainlist warez/domains urllist warez/urls } acl { surf-bypass { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez redirect #REDIRECT# } proxy-ftp { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez redirect #REDIRECT# } internet-pause within pause { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } internet-soir within soir { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } internet-cours within pause { pass whitelists none redirect #REDIRECT# } else { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } internet-cours1 within cours1 { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } else { pass whitelists none redirect #REDIRECT# } internet-cours2 within cours2 { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } else { pass whitelists none redirect #REDIRECT# } internet-cours3 within cours3 { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } else { pass whitelists none redirect #REDIRECT# } internet-cours4 within cours4 { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } else { pass whitelists none redirect #REDIRECT# } internet-cours5 within cours5 { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } else { pass whitelists none redirect #REDIRECT# } internet { pass whitelists !lcs !ads !aggressive !audio-video !drugs !gambling !hacking !porn !violence !warez !in-addr redirect #REDIRECT# } intranet { pass whitelists none redirect #REDIRECT# } aucun { pass none redirect #SE3#/se3-internet/charte_internet.php } default { pass none redirect #SE3#/se3-internet/connexions_portables.php } }