Squid not communicating with Squidguard

[LolyPutyFemDog]

Hello everybody.
I am currently working on a project which is creating a proxy server with Squid on CentOS 6. We also want to redirect unwanted URL using SquidGuard. Currently we have had Squid working perfectly fine, and we installed SquidGuard. Using commands like

Code: Select all

echo "http://www.banquepopulaire.fr 50.50.11.11/ - - GET" | squidGuard -c /etc/squid/squidGuard.conf -d

have shown that SquidGuard is working fine (the output clearly tells us the redirection have been made), however once we're reaching this URL from the browser, no redirection takes place. We searched the web and the forums, but it seems no one had the same problem.

Here is the squidGuard.conf file :

Code: Select all

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/squidGuard/db
logdir /var/log/squidGuard

#
# SOURCE ADDRESSES:
#

src admin {
        ip              50.50.11.178
}

# DESTINATION CLASSES:

dest adult {
        domainlist      blacklists/porn/domains
        urllist blacklists/porn/urls
        expressionlist  blacklists/porn/expressions
        redirect        http://admin.foo.bar.de/cgi/blocked?clientaddr=%a+clientname=%n+clientuser=%i+clientgroup=%s+targetgroup=%t+url=%u
  }

dest bank {
        domainlist blacklists/bank/domains #L'emplacement du fichier bloquant les domaines
        urllist blacklists/bank/urls #L'emplacement du fichier bloquant les urls
        redirect htttp://youtube.com
        }

acl {
        default {
                pass !bank !adult all
                redirect http://www.google.fr
        }
}

And here is the squid.conf file :

Code: Select all

http_port 8080
visible_hostname YVTL511021

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#Authentification
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/users
auth_param basic children 10
auth_param basic realm Connection au Squid sur Proxy X
auth_param basic credentialsttl 3 hours

#acl vl311 proxy_auth REQUIRED
acl vl311 src 50.50.11.0/24
http_access allow vl311

http_access allow all
# And finally deny all other access to this proxy
#http_access deny all


#url_rewrite_program /root/file.py
url_rewrite_access allow vl311
url_rewrite_bypass off
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 1
redirect_program squidGuard -c /etc/squid/squidGuard.conf


debug_options ALL,1 29,1

Using the last line, debug_options, i managed to find some strange behavior in squid's cache.log file :

Code: Select all

2015-02-10 13:43:29 [26773] init domainlist /var/squidGuard/db/blacklists/porn/domains
2015-02-10 13:43:29 [26773] /var/squidGuard/db/blacklists/porn/domains: Permission denied
2015-02-10 13:43:29 [26773] Going into emergency mode
2015/02/10 13:43:29| Accepting  HTTP connections at [::]:8080, FD 32.
2015/02/10 13:43:29| HTCP Disabled.
2015/02/10 13:43:29| Loaded Icons.
2015/02/10 13:43:29| Ready to serve requests.
2015/02/10 13:46:19| WARNING: All redirector processes are busy.
2015/02/10 13:46:19| WARNING: 1 pending requests queued
2015/02/10 13:46:19| Consider increasing the number of redirector processes in your config file.

Even though we used the

Code: Select all

chown -R squid:squid /var/squidGuard/

command to give Squid the rights. Plus, you'd notice the "WARNING" messages about the requests have different timestamps : they occured when we reached a URL squidGuard was supposed to redirect, but did not happen again when we tried a different URL or even the same URL later. Changing the the numbers of url_rewrite_children didn't seemed to affect the frequency of those messages.

I didn't managed to understand what was wrong with those files or the rights given to squid, so I thought maybe i could use your help.
Thank you in advance.

[LolyPutyFemDog]

Alright i got what was wrong. When I recompiled squidGuard's database, he was creating new files called xxx.db, and I didn't change the owners of those files, which are the files who are used to filter URLs. The answer i got so far was to run a chown command after each database compilation.
I hope this can help someone else one day.