squidguard

pdk
configure SquidGuard URL redirector

SourceDoctor

sourcedoctor

958 downloads

958 latest version

5.0 quality score

Version information

  • 0.3.0 (latest)
released Jul 25th 2020
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.6.1 < 6.0.0
  • Debian, Ubuntu

Start using this module

Documentation

sourcedoctor/squidguard — version 0.3.0 Jul 25th 2020

Puppet module for SquidGuard

Build Status

Description

Puppet module for configuring squidGuard URL Rewrite.

Supported distributions

  • Debian
  • Ubuntu

Dependencies

  • Squid Proxy Cache

To get all Features and rules check SquidGuard Homepage

Basic Settings

Extended Settings

Usage

The set up a simple squidguard configuration with pass through all requests

class { 'squidguard': }
squidguard::acl { 'default':
  ruleset => ['pass all'],
}

would result in squidguard.conf

acl {
    default {
        pass all
    }
}

Define a Source Rule squidguard::src

squidguard::src { 'grownups':
   ip     => ['1.2.3.4/24',
              '2.3.4.10-2.3.4.100'],
   domain => ['example.org',
              'example.com'],
   user   => ['user1', 'user2', 'user3'],
}

would result in squidguard.conf

src grownups {
    ip     1.2.3.4/24
    ip     2.3.4.10-2.3.4.100
    domain example.org
    domain example.com
    user   user1 user2 user3
}

Define a Destination Rule squidguard::dest

squidguard::dest { 'blocked':
   domainlist => ['blocked/domains',
                  'otherblocked/domains'],
   urllist    => ['blocked/urllist',
                 'customblocked/urls'],
}

would result in squidguard.conf

dest blocked {
    domainlist blocked/domains
    domainlist otherblocked/domains
    urllist    blocked/urllist
    urllist    customblocked/urls
}

Define a Time Rule squidguard::time

squidguard::time { 'leisure-time':
    weekly => ['* 00:00-08:00 17:00-24:00   # night and evening',
               'fridays 16:00-17:00     # weekend'],
    date   => ['*.01.01             # New Year's Day',
               '*.05.01             # Labour Day',
               '*.05.17             # National Day',
               '*.12.24 12:00-24:00     # Christmas Eve',
               '*.12.25             # Christmas Day',
               '*.12.26             # Boxing Day',
               '1999.03.31 12:00.24:00      # Ash Wednesday',
               '1999.04.01-1999.04.05       # Easter',
               '2000.04.19 12:00.24:00      # Ash Wednesday y2000',
               '2000.04.20-2000.04.24       # Easter y2000'],
}

would result in squidguard.conf

time leisure-time {
    weekly * 00:00-08:00 17:00-24:00    # night and evening
    weekly fridays 16:00-17:00      # weekend
    date    *.01.01             # New Year's Day
    date    *.05.01             # Labour Day
    date    *.05.17             # National Day
    date    *.12.24 12:00-24:00     # Christmas Eve
    date    *.12.25             # Christmas Day
    date    *.12.26             # Boxing Day
    date    1999.03.31 12:00.24:00      # Ash Wednesday
    date    1999.04.01-1999.04.05       # Easter
    date    2000.04.19 12:00.24:00      # Ash Wednesday y2000
    date    2000.04.20-2000.04.24       # Easter y2000
}

Define a more complex acl Rule squidguard::acl

squidguard::acl { 'grownups within leisure-time':
    ruleset => ['pass all               # don't censor peoples leisure-time'],
}
squidguard::acl { 'else':
    ruleset => ['pass !in-addr !porn all        # restrict access during business hours'],
}
squidguard::acl { 'kids':
    ruleset => ['pass !porn all         # protect the kids 24h anyway'],
}
squidguard::acl {'default':
    ruleset => ['pass none              # reject unknown clients',
                'redirect http://info.foo.bar/cgi/blocked?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u'],
}

would result in squidguard.conf

acl {
    grownups within leisure-time {
        pass all                # don't censor peoples leisure-time
    }
    else {
        pass !in-addr !porn all     # restrict access during business hours
    }

    kids {
        pass !porn all          # protect the kids 24h anyway
    }

    default {
        pass none               # reject unknown clients
        redirect http://info.foo.bar/cgi/blocked?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
    }
}