Pb affichage image avec Squid + SquidGuard

cyberfrk · Février 20, 2016, 3:24pm

Bonjour,

J’ai un léger souci d’affichage d’image avec squid + squidguard sur ma debian.

J’ai crée une redirection sur bigard.com lorsque sex.com est lancé. La redirection à proprement dite fonctionne bien mais les images n’apparaissent pas. (que ce soit sur IE ou FF 2.0).

Lorsque je déplace la souris sur un lien, j’obtiens bigard.com/jmb.php

Si je lance bigard.com, pas de souci, toutes les images apparaissent.

Voici mes fichiers de configurations :

Squid.conf :

[code]# welcome to squiD 2

------------------

#Default:
http_port 3128

TAG: hierarchy_stoplist

hierarchy_stoplist cgi-bin ?

TAG: no_cache

acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_mem 8 MBM

maximum_object_size_in_memory 8 KB

cache_dir ufs /var/spool/squid 1024 16 256

hosts_file /etc/hosts

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

ACCESS CONTROLS

#ajout perso
acl Localnet src 10.0.0.0/24

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

Only allow cachemgr access from localhost

http_access allow manager localhost
http_access deny manager

Only allow purge requests from localhost

http_access allow purge localhost
http_access deny purge

Deny requests to unknown ports

http_access deny !Safe_ports

Deny CONNECT to other than SSL ports

http_access deny CONNECT !SSL_ports

#ajout perso
http_access allow Localnet

http_access allow localhost

And finally deny all other access to this proxy

http_access deny all

http_reply_access allow all

icp_access allow all

coredump_dir /var/spool/squid

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

affichage des pages d’erreur en francais

error_directory /usr/share/squid/errors/French[/code]
SquidGuard.conf:

[code]# CONFIG FILE FOR SQUIDGUARD

dbhome /var/lib/squidguard/db
logdir /var/log/squid

Source adresses

src limite {
#liste des machines qui se connecteront avec droits limites
ip 10.0.0.0/24
}

DESTINATION CLASSES:

}
dest webmail {
domainlist webmail/domains
urllist webmail/urls

redirect http://www.google.com

}

ACLs

acl {
limite {
pass !adult !agressif !audio-video !cleaning !dangerous_material !drogue !forums !gambling !games !hacking !publicite !radio !redirector !sexual_education !strict_redirector !strong_redirector !tricheur !warez !webmail
redirect http://www.bigard.com
}

default {
	pass	 local none

rewrite dmz

redirect http://admin.foo.bar.no/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u

}[/code]
Voici les logs:
cache.log:

2006/12/20 10:58:31| Preparing for shutdown after 113 requests 2006/12/20 10:58:31| Waiting 30 seconds for active connections to finish 2006/12/20 10:58:31| FD 18 Closing HTTP connection 2006/12/20 10:59:02| Shutting down... 2006/12/20 10:59:02| FD 19 Closing ICP connection 2006/12/20 10:59:02| Closing unlinkd pipe on FD 16 2006/12/20 10:59:02| storeDirWriteCleanLogs: Starting... 2006/12/20 10:59:03| Finished. Wrote 2355 entries. 2006/12/20 10:59:03| Took 0.0 seconds (305883.9 entries/sec). CPU Usage: 0.868 seconds = 0.434 user + 0.434 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena: 2508 KB Ordinary blocks: 2479 KB 21 blks Small blocks: 0 KB 0 blks Holding blocks: 204 KB 1 blks Free Small blocks: 0 KB Free Ordinary blocks: 28 KB Total in use: 2683 KB 107% Total free: 28 KB 1% 2006/12/20 10:59:03| Squid Cache (Version 2.5.STABLE9): Exiting normally. 2006/12/20 10:59:05| Starting Squid Cache version 2.5.STABLE9 for i386-debian-linux-gnu... 2006/12/20 10:59:05| Process ID 3190 2006/12/20 10:59:05| With 1024 file descriptors available 2006/12/20 10:59:05| DNS Socket created at 0.0.0.0, port 1029, FD 6 2006/12/20 10:59:05| Adding nameserver xxx.xxx.xxx.xxx from /etc/resolv.conf 2006/12/20 10:59:05| Adding nameserver xxx.xxx.xxx.xxx from /etc/resolv.conf 2006/12/20 10:59:05| helperOpenServers: Starting 5 'squidGuard' processes 2006/12/20 10:59:05| User-Agent logging is disabled. 2006/12/20 10:59:05| Referer logging is disabled. 2006/12/20 10:59:05| Unlinkd pipe opened on FD 16 2006/12/20 10:59:05| Swap maxSize 1048576 KB, estimated 80659 objects 2006/12/20 10:59:05| Target number of buckets: 4032 2006/12/20 10:59:05| Using 8192 Store buckets 2006/12/20 10:59:05| Max Mem size: 8192 KB 2006/12/20 10:59:05| Max Swap size: 1048576 KB 2006/12/20 10:59:05| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2006/12/20 10:59:05| Rebuilding storage in /var/spool/squid (CLEAN) 2006/12/20 10:59:05| Using Least Load store dir selection 2006/12/20 10:59:05| Set Current Directory to /var/spool/squid 2006/12/20 10:59:05| Loaded Icons. 2006/12/20 10:59:05| Accepting HTTP connections at 0.0.0.0, port 3128, FD 18. 2006/12/20 10:59:05| Accepting ICP messages at 0.0.0.0, port 3130, FD 19. 2006/12/20 10:59:05| HTCP Disabled. 2006/12/20 10:59:05| WCCP Disabled. 2006/12/20 10:59:05| Ready to serve requests. 2006/12/20 10:59:05| Done reading /var/spool/squid swaplog (2355 entries) 2006/12/20 10:59:05| Finished rebuilding storage from disk. 2006/12/20 10:59:05| 2355 Entries scanned 2006/12/20 10:59:05| 0 Invalid entries. 2006/12/20 10:59:05| 0 With invalid flags. 2006/12/20 10:59:05| 2355 Objects loaded. 2006/12/20 10:59:05| 0 Objects expired. 2006/12/20 10:59:05| 0 Objects cancelled. 2006/12/20 10:59:05| 0 Duplicate URLs purged. 2006/12/20 10:59:05| 0 Swapfile clashes avoided. 2006/12/20 10:59:05| Took 0.6 seconds (4084.3 objects/sec). 2006/12/20 10:59:05| Beginning Validation Procedure 2006/12/20 10:59:05| Completed Validation Procedure 2006/12/20 10:59:05| Validated 2355 Entries 2006/12/20 10:59:05| store_swap_size = 23448k 2006/12/20 10:59:06| storeLateRelease: released 0 objects
Extrait de SquidGuard.log:

2006-12-20 10:59:03 [3119] squidGuard stopped (1166608743.276) 2006-12-20 10:59:05 [3192] destblock good missing active content, set inactive 2006-12-20 10:59:05 [3192] destblock local missing active content, set inactive 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/adult/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/adult/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/adult/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/adult/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/agressif/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/agressif/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/agressif/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/agressif/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/audio-video/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/audio-video/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/audio-video/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/audio-video/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/cleaning/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/cleaning/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/cleaning/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/cleaning/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/dangerous_material/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/dangerous_material/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/dangerous_material/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/dangerous_material/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/drogue/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/drogue/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/drogue/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/drogue/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/forums/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/forums/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/forums/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/forums/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/gambling/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/gambling/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/gambling/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/gambling/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/games/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/games/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/games/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/games/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/hacking/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/hacking/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/hacking/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/hacking/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/publicite/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/publicite/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/publicite/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/publicite/urls.db 2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/radio/domains 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/radio/domains.db 2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/radio/urls 2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/radio/urls.db 2006-12-20 10:59:05 [3196] squidGuard 1.2.0 started (1166608745.509) 2006-12-20 10:59:05 [3196] squidGuard ready for requests (1166608745.559)
Access.log:

1166609326.062 12 10.0.0.12 TCP_HIT/200 16074 GET http://www.sex.com/dates_paris.jpg - NONE/- text/html 1166609326.064 16 10.0.0.12 TCP_HIT/200 16074 GET http://www.sex.com/index_r6_c2.jpg - NONE/- text/html
Store.log:

1166610078.090 RELEASE -1 FFFFFFFF 9DFC8DAC65A183842E1A94F2B7616D5D 304 1166610115 -1 1167128515 unknown -1/0 GET http://jigsaw.w3.org/css-validator/images/vcss 1166610086.586 RELEASE -1 FFFFFFFF 55DDC2EFA88A38C3D47B78947B1D9A0D 304 1166020443 1106079794 1166538843 image/gif -1/0 GET http://jigsaw.w3.org/css-validator/images/vcss 1166610095.714 RELEASE -1 FFFFFFFF 616E761856289214E16C78017CC541D7 503 1166610095 0 1166610095 text/html 1270/1507 GET http://www.jmb.php/ 1166610249.511 RELEASE -1 FFFFFFFF 75D485CB8CC64CB27DD008F70064481B 304 1166020443 1106079794 1166538843 image/gif -1/0 GET http://jigsaw.w3.org/css-validator/images/vcss 1166610294.441 RELEASE -1 FFFFFFFF 14053B0B311CB347ABA450618009FA33 200 1166610331 -1 -1 text/html -1/2999 GET http://www.bigard.com/ 1166610294.919 RELEASE -1 FFFFFFFF B27828822CA67BDE04F95A0FC0A441C8 304 1166610331 -1 -1 unknown -1/0 GET http://www.bigard.com/bus_tournee.jpg 1166610294.939 RELEASE -1 FFFFFFFF 4F7E1BCAEBF9E0ADB64E70410FC3D263 304 1166610331 -1 -1 unknown -1/0 GET http://www.bigard.com/index_r3_c4.jpg 1166610294.955 RELEASE -1 FFFFFFFF 6F693A22BF9C39DC91F54A034D11CCE5 304 1166610331 -1 -1 unknown -1/0 GET http://www.bigard.com/index_r5_c1.jpg 1166610295.295 RELEASE -1 FFFFFFFF 6D6DAA2290380E96038C959E58BE348A 304 1166610331 -1 -1 unknown -1/0 GET http://www.bigard.com/index_r6_c1.jpg 1166610295.339 RELEASE -1 FFFFFFFF 9DA694CF71FAE7EC267BEC84009315BB 304 1166610331 -1 -1 unknown -1/0 GET http://www.bigard.com/index_r6_c2.jpg 1166610295.342 RELEASE -1 FFFFFFFF 72F02929C8FC4E873D3821BC1C841138 304 1166610331 -1 -1 unknown -1/0 GET http://www.bigard.com/index_r6_c3.jpg 1166610295.347 RELEASE -1 FFFFFFFF A41E854AB855C252B041F1C6ABB84114 304 1166610331 -1 -1 unknown -1/0 GET http://www.bigard.com/affiche292x382.jpg 1166610295.507 RELEASE -1 FFFFFFFF 5D7150DDA49BA58F141F5D78FB10FE1F 304 1166610332 -1 -1 unknown -1/0 GET http://www.bigard.com/dates_paris.jpg
Qu’ai-je oublié dans les fichiers de configurations pour afficher les images lors des redirections?

Infos: -webmin n’est pas installé
-aucune interface graphique a été utilisé pour configurer squid et squidguard
-j’ai déjà parcouru google avant de venir poster !

Merci d’avance

mattotop · Février 20, 2016, 3:24pm

la page de bigard contient des liens relatifs, et je ne sais pas trop entre squid et squidguard lequel peut bien faire l’erreur de réecrire les url des images en utilisant l’adresse du lien d’origine, donc.
Mais squidguard n’est pas fait pour réecrire les adresse mais pour les filtrer.
Pour ce que tu veux, j’écrirais plutot un redirecteur squid (çun redirecteur simple comme ça, a s’ecrit en 10minutes):
squid-cache.org/Doc/FAQ/FAQ-15.html

cyberfrk · Février 20, 2016, 3:24pm

Le problème ne se pose pas que sur debian.org.

La mise en page est le contenu est totalement différent si je met, moi même, debian.org dans la barre d’adresse!

Mystère, quand tu nous tiens…

mattotop · Février 20, 2016, 3:24pm

Fais un redirecteur, te dis je: à part pour remplacer une URL par une page de déni, squidguard n’est pas fait pour réecrire des adresses.
Un redirecteur est un script qui prend quatre arguments (URL ip-address/fqdn ident method) et renvoie une url. Tu peux même le faire en shell si nécessaire.
Te casses pas la tête à déboguer squidguard. (même si le bug et rigolo).