Pb affichage image avec Squid + SquidGuard

[debianovice]

Bonjour,

J’ai un léger souci d’affichage d’image avec squid + squidguard sur ma debian.

J'ai crée une redirection sur www.bigard.com lorsque ***spam***.com est lancé. La redirection à proprement dite fonctionne bien mais les images n'apparaissent pas. (que ce soit sur IE ou FF 2.0).

Lorsque je déplace la souris sur un lien, j'obtiens www.***spam***.com/jmb.php au lieu de www.bigard.com/jmb.php

Si je lance www.bigard.com, pas de souci, toutes les images apparaissent.



Voici mes fichiers de configurations :

Squid.conf :

Code: Tout sélectionner

#   welcome to squiD 2
#   ------------------
#Default:
http_port 3128

#  TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?

#  TAG: no_cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MBM

maximum_object_size_in_memory 8 KB

cache_dir ufs /var/spool/squid 1024 16 256

# hosts_file /etc/hosts
hosts_file /etc/hosts

refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320

# ACCESS CONTROLS

#ajout perso
acl Localnet src 10.0.0.0/24

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563   # https, snews
acl SSL_ports port 873      # rsync
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443 563   # https, snews
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http
acl Safe_ports port 631      # cups
acl Safe_ports port 873      # rsync
acl Safe_ports port 901      # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

#ajout perso
http_access allow Localnet

http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

http_reply_access allow all

icp_access allow all

coredump_dir /var/spool/squid

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

# affichage des pages d'erreur en francais
error_directory /usr/share/squid/errors/French

SquidGuard.conf:

Code: Tout sélectionner

# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard/db
logdir /var/log/squid

# Source adresses
src limite {
   #liste des machines qui se connecteront avec droits limites
   ip 10.0.0.0/24
}

# DESTINATION CLASSES:

dest good {
}

dest local {
}

dest adult {
   domainlist   adult/domains
   urllist   adult/urls
#   redirect    http://www.google.com
}

dest agressif {
   domainlist   agressif/domains
   urllist   agressif/urls
#   redirect   http://www.google.com
}

dest audio-video {
   domainlist   audio-video/domains
   urllist   audio-video/urls
#   redirect   http://www.google.com
}

dest cleaning {
   domainlist   cleaning/domains
   urllist   cleaning/urls
#   redirect   http://www.google.com
}

dest dangerous_material {
   domainlist   dangerous_material/domains
   urllist   dangerous_material/urls
#   redirect   http://www.google.com
}

dest drogue {
   domainlist   drogue/domains
   urllist   drogue/urls
#   redirect   http://www.google.com
}

dest forums {
   domainlist   forums/domains
   urllist   forums/urls
#   redirect   http://www.google.com
}

dest gambling {
   domainlist   gambling/domains
   urllist   gambling/urls
#   redirect   http://www.google.com
}

dest games {
   domainlist   games/domains
   urllist   games/urls
#   redirect   http://www.google.com
}

dest hacking {
   domainlist   hacking/domains
   urllist   hacking/urls
#   redirect   http://www.google.com
}

dest publicite {
   domainlist   publicite/domains
   urllist   publicite/urls
#   redirect   http://www.google.com
}

dest radio {
   domainlist   radio/domains
   urllist   radio/urls
#   redirect   http://www.google.com
}

dest redirector {
   domainlist   redirector/domains
   urllist   redirector/urls
#   redirect   http://www.google.com
}

dest sexual_education {
   domainlist   sexual_education/domains
   urllist   sexual_education/urls
#   redirect   http://www.google.com
}

dest strict_redirector {
   domainlist   strict_redirector/domains
   urllist   strict_redirector/urls
#   redirect   http://www.google.com
}

dest strong_redirector {
   domainlist   strong_redirector/domains
   urllist   strong_redirector/urls
#   redirect   http://www.google.com
}

dest tricheur {
   domainlist   tricheur/domains
   urllist   tricheur/urls
#   redirect   http://www.google.com
}

dest warez {
   domainlist   warez/domains
   urllist   warez/urls
#   redirect   http://www.google.com
}
dest webmail {
   domainlist   webmail/domains
   urllist   webmail/urls
#   redirect   http://www.google.com
}

# ACLs
acl {
   limite {
   pass !adult !agressif !audio-video !cleaning !dangerous_material !drogue !forums !gambling !games !hacking !publicite !radio !redirector !sexual_education !strict_redirector !strong_redirector !tricheur !warez !webmail
   redirect http://www.bigard.com
   }

   default {
      pass    local none
#      rewrite    dmz
#      redirect http://admin.foo.bar.no/cgi-bin/squidGuard.cgi?clientaddr=%a+clientname=%n+clientident=%i+srcclass=%s+targetclass=%t+url=%u
   }
}

Voici les logs:
cache.log:

Code: Tout sélectionner

2006/12/20 10:58:31| Preparing for shutdown after 113 requests
2006/12/20 10:58:31| Waiting 30 seconds for active connections to finish
2006/12/20 10:58:31| FD 18 Closing HTTP connection
2006/12/20 10:59:02| Shutting down...
2006/12/20 10:59:02| FD 19 Closing ICP connection
2006/12/20 10:59:02| Closing unlinkd pipe on FD 16
2006/12/20 10:59:02| storeDirWriteCleanLogs: Starting...
2006/12/20 10:59:03|   Finished.  Wrote 2355 entries.
2006/12/20 10:59:03|   Took 0.0 seconds (305883.9 entries/sec).
CPU Usage: 0.868 seconds = 0.434 user + 0.434 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
   total space in arena:    2508 KB
   Ordinary blocks:         2479 KB     21 blks
   Small blocks:               0 KB      0 blks
   Holding blocks:           204 KB      1 blks
   Free Small blocks:          0 KB
   Free Ordinary blocks:      28 KB
   Total in use:            2683 KB 107%
   Total free:                28 KB 1%
2006/12/20 10:59:03| Squid Cache (Version 2.5.STABLE9): Exiting normally.
2006/12/20 10:59:05| Starting Squid Cache version 2.5.STABLE9 for i386-debian-linux-gnu...
2006/12/20 10:59:05| Process ID 3190
2006/12/20 10:59:05| With 1024 file descriptors available
2006/12/20 10:59:05| DNS Socket created at 0.0.0.0, port 1029, FD 6
2006/12/20 10:59:05| Adding nameserver xxx.xxx.xxx.xxx from /etc/resolv.conf
2006/12/20 10:59:05| Adding nameserver xxx.xxx.xxx.xxx from /etc/resolv.conf
2006/12/20 10:59:05| helperOpenServers: Starting 5 'squidGuard' processes
2006/12/20 10:59:05| User-Agent logging is disabled.
2006/12/20 10:59:05| Referer logging is disabled.
2006/12/20 10:59:05| Unlinkd pipe opened on FD 16
2006/12/20 10:59:05| Swap maxSize 1048576 KB, estimated 80659 objects
2006/12/20 10:59:05| Target number of buckets: 4032
2006/12/20 10:59:05| Using 8192 Store buckets
2006/12/20 10:59:05| Max Mem  size: 8192 KB
2006/12/20 10:59:05| Max Swap size: 1048576 KB
2006/12/20 10:59:05| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2006/12/20 10:59:05| Rebuilding storage in /var/spool/squid (CLEAN)
2006/12/20 10:59:05| Using Least Load store dir selection
2006/12/20 10:59:05| Set Current Directory to /var/spool/squid
2006/12/20 10:59:05| Loaded Icons.
2006/12/20 10:59:05| Accepting HTTP connections at 0.0.0.0, port 3128, FD 18.
2006/12/20 10:59:05| Accepting ICP messages at 0.0.0.0, port 3130, FD 19.
2006/12/20 10:59:05| HTCP Disabled.
2006/12/20 10:59:05| WCCP Disabled.
2006/12/20 10:59:05| Ready to serve requests.
2006/12/20 10:59:05| Done reading /var/spool/squid swaplog (2355 entries)
2006/12/20 10:59:05| Finished rebuilding storage from disk.
2006/12/20 10:59:05|      2355 Entries scanned
2006/12/20 10:59:05|         0 Invalid entries.
2006/12/20 10:59:05|         0 With invalid flags.
2006/12/20 10:59:05|      2355 Objects loaded.
2006/12/20 10:59:05|         0 Objects expired.
2006/12/20 10:59:05|         0 Objects cancelled.
2006/12/20 10:59:05|         0 Duplicate URLs purged.
2006/12/20 10:59:05|         0 Swapfile clashes avoided.
2006/12/20 10:59:05|   Took 0.6 seconds (4084.3 objects/sec).
2006/12/20 10:59:05| Beginning Validation Procedure
2006/12/20 10:59:05|   Completed Validation Procedure
2006/12/20 10:59:05|   Validated 2355 Entries
2006/12/20 10:59:05|   store_swap_size = 23448k
2006/12/20 10:59:06| storeLateRelease: released 0 objects

Extrait de SquidGuard.log:

Code: Tout sélectionner

2006-12-20 10:59:03 [3119] squidGuard stopped (1166608743.276)
2006-12-20 10:59:05 [3192] destblock good missing active content, set inactive
2006-12-20 10:59:05 [3192] destblock local missing active content, set inactive
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/adult/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/adult/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/adult/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/adult/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/agressif/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/agressif/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/agressif/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/agressif/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/audio-video/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/audio-video/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/audio-video/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/audio-video/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/cleaning/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/cleaning/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/cleaning/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/cleaning/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/dangerous_material/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/dangerous_material/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/dangerous_material/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/dangerous_material/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/drogue/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/drogue/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/drogue/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/drogue/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/forums/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/forums/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/forums/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/forums/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/gambling/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/gambling/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/gambling/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/gambling/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/games/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/games/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/games/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/games/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/hacking/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/hacking/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/hacking/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/hacking/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/publicite/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/publicite/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/publicite/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/publicite/urls.db
2006-12-20 10:59:05 [3192] init domainlist /var/lib/squidguard/db/radio/domains
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/radio/domains.db
2006-12-20 10:59:05 [3192] init urllist /var/lib/squidguard/db/radio/urls
2006-12-20 10:59:05 [3192] loading dbfile /var/lib/squidguard/db/radio/urls.db
2006-12-20 10:59:05 [3196] squidGuard 1.2.0 started (1166608745.509)
2006-12-20 10:59:05 [3196] squidGuard ready for requests (1166608745.559)

Access.log:

Code: Tout sélectionner

1166609326.062     12 10.0.0.12 TCP_HIT/200 16074 GET http://www.***spam***.com/dates_paris.jpg - NONE/- text/html
1166609326.064     16 10.0.0.12 TCP_HIT/200 16074 GET http://www.***spam***.com/index_r6_c2.jpg - NONE/- text/html

Store.log:

Code: Tout sélectionner

1166610078.090 RELEASE -1 FFFFFFFF 9DFC8DAC65A183842E1A94F2B7616D5D  304 1166610115        -1 1167128515 unknown -1/0 GET http://jigsaw.w3.org/css-validator/images/vcss
1166610086.586 RELEASE -1 FFFFFFFF 55DDC2EFA88A38C3D47B78947B1D9A0D  304 1166020443 1106079794 1166538843 image/gif -1/0 GET http://jigsaw.w3.org/css-validator/images/vcss
1166610095.714 RELEASE -1 FFFFFFFF 616E761856289214E16C78017CC541D7  503 1166610095         0 1166610095 text/html 1270/1507 GET http://www.jmb.php/
1166610249.511 RELEASE -1 FFFFFFFF 75D485CB8CC64CB27DD008F70064481B  304 1166020443 1106079794 1166538843 image/gif -1/0 GET http://jigsaw.w3.org/css-validator/images/vcss
1166610294.441 RELEASE -1 FFFFFFFF 14053B0B311CB347ABA450618009FA33  200 1166610331        -1        -1 text/html -1/2999 GET http://www.bigard.com/
1166610294.919 RELEASE -1 FFFFFFFF B27828822CA67BDE04F95A0FC0A441C8  304 1166610331        -1        -1 unknown -1/0 GET http://www.bigard.com/bus_tournee.jpg
1166610294.939 RELEASE -1 FFFFFFFF 4F7E1BCAEBF9E0ADB64E70410FC3D263  304 1166610331        -1        -1 unknown -1/0 GET http://www.bigard.com/index_r3_c4.jpg
1166610294.955 RELEASE -1 FFFFFFFF 6F693A22BF9C39DC91F54A034D11CCE5  304 1166610331        -1        -1 unknown -1/0 GET http://www.bigard.com/index_r5_c1.jpg
1166610295.295 RELEASE -1 FFFFFFFF 6D6DAA2290380E96038C959E58BE348A  304 1166610331        -1        -1 unknown -1/0 GET http://www.bigard.com/index_r6_c1.jpg
1166610295.339 RELEASE -1 FFFFFFFF 9DA694CF71FAE7EC267BEC84009315BB  304 1166610331        -1        -1 unknown -1/0 GET http://www.bigard.com/index_r6_c2.jpg
1166610295.342 RELEASE -1 FFFFFFFF 72F02929C8FC4E873D3821BC1C841138  304 1166610331        -1        -1 unknown -1/0 GET http://www.bigard.com/index_r6_c3.jpg
1166610295.347 RELEASE -1 FFFFFFFF A41E854AB855C252B041F1C6ABB84114  304 1166610331        -1        -1 unknown -1/0 GET http://www.bigard.com/affiche292x382.jpg
1166610295.507 RELEASE -1 FFFFFFFF 5D7150DDA49BA58F141F5D78FB10FE1F  304 1166610332        -1        -1 unknown -1/0 GET http://www.bigard.com/dates_paris.jpg

Qu'ai-je oublié dans les fichiers de configurations pour afficher les images lors des redirections?

Infos: -webmin n’est pas installé
-aucune interface graphique a été utilisé pour configurer squid et squidguard
-j’ai déjà parcouru google avant de venir poster !


Merci d'avance

[limax]

Je n'ai pas regardé en profondeur (je regarderai plustard) tes fichiers de configuration mais as tu bien mis squid sous l'utilisateur proxy?

# chown -R proxy.proxy /etc/squid/ /var/log/squid/ /var/spool/squid/ /usr/lib/squid/ /usr/sbin/squid /var/lib/squidguard/

ca ne peut pas marcher sinon.

terminer par un # squidGuard -C all ; /etc/init.d/squid reload

[debianovice]

Malheureusement Limax, j'avais déjà fait cette commande avant de poster mon message initial.

[limax]

reessaye alors # chown -R proxy.proxy /var/lib/squidguard/*
je suis certain que c'est une bétise comme ca.


Il faut regarder si le problème vient de squid ou squidgard. Remet le fichier d'origine de /etc/squid/squidGuard.conf et regarde si squid fonctionne.

Tu l'as prend où la blacklist ? moi jutilise celle ci ftp://ftp.univ-tlse1.fr/pub/reseau/cach ... sts.tar.gz

[limax]

# Source adresses
src limite {
#liste des machines qui se connecteront avec droits limites
ip 10.0.0.0/24
}

c'est pas plustôt un truc comme ca: ip 10.0.0.0-10.0.0.24

[debianovice]

Je prends la même blacklist que toi.

J'ai effectué les modifs pour les sources limite et ça n'a aucun incidence. :-(

Et je n'ai pas encore essayé de mettre le squidGuard.conf d'origine. (je le ferais demain).

Merci de te pencher sur mon problème.