SquidGuard: how to import blocklist?

We will show how to import and insert a blocklist into Squidguard. This way, we can use different blocklists available on the Internet for our blocking rules. In addition, blocklists contain categories that divide domains and URLs that can be blocked.

Consequently, using blocklists makes the task of the network administrator easier.

List of the Squid and SquidGuard tutorial:

Lesson 1: Squid Proxy Installation and Configuration

Lesson 2: Squid Proxy: Filter clients by IP and MAC

Lesson 3: Squid: User Authentication

Lesson 4: SquidGuard : Installation and Configuration

Lesson 5: SquidGuard : how to import blocklist

Blocklists make the work of the network administrator easier due to saving search time for domains that must be blocked. This way, a network administrator can download a blocklist containing specific domains and use them on their network.

This post will show how to download the Blocklist for SquidGuard. Next, we will unzip the blocklist and copy it to the Squidguard database directory.

Also, we will show the blocklist of the Shallalist category structure. Afterward, we will add a block using a category from the blocklist.

We will then update the Squidguard database for the changes made. After that, we will run tests and discuss the proposed solution.

Table Of Contents

Install squid & squidGuard
Download Blocklist
Copy blocklist to squidguard
Blocking by category
- Example of squidGuard.conf
Update the database
Tests
- squidGuard.conf

Install squid & squidGuard

To install squid and squidguard we can access the previous post HERE.

Alternatively, we have the video HERE.

Download Blocklist

To download the blocklist, we can access the site: http://www.squidguard.org/blacklists.html . Next, let’s choose one of the blocklists. In this example, let’s use Shalla. So let’s click on Shalla.

Within the Shalla website, we will access the Download section. After that, we’ll download the blocklist to a location on our computer. Note that the blocklist file is zipped.

Unzip shallalist.tar.gz

Now let’s unzip the file we downloaded. It is noteworthy that it is important to check where the blocklist file was downloaded. So, to unzip we will use the command presented below:

tar -xvzf shallalist.tar.gz

Check the categories

Let us check the categories that make up the blocklist that we unpacked. This way, we can check the different categories and analyze the domains and URLs that make up each category.

It is worth emphasizing the importance of dedicating time to analyzing these categories. In addition, if necessary, we can add or remove domains and URLs from the categories.

As an example, let’s go to a music category and check the domains that are listed. After that we will check a specific domain. Commands used as an example are listed below.

cd BL

ls

cd music

ls

cat domains | grep last

Copy blocklist to squidguard

The next step will be to copy the blocklist to the squidguard database directory. So let’s copy the BL directory to /var/lib/squidguard/db/. In this way, we are copying the BL directory, which contains the blocklist, to the squidguard database specific directory.

We are using the command below as super user “sudo” and also with the option “-R”. In this way, weremosll make a recursive copy of the blocklist diretórios directory and its subdirectories.

sudo cp -R BL /var/lib/squidguard/db/

Blocking by category

Now let’s add a block using one of the categories from the imported blocklist. To do this, let’s edit the squidGuard.conf file and add a target-based rule. So, let’s call this rule “dest music ” and inside it well use the domainlist pointing to the blocklist directory, which is “BL/music/domains”.

Remember that this directory is within/var/lib/squidguard/db/. Therefore, as the beginning of the configuration file we already indicated that we will work with the database located in /var/lib/squidguard/db/.

sudo nano /etc/squidguard/squidGuard.conf

Let’s add the “dest music ” rule before the ACLs . In this rule we are saying that we will use the domains and urls that make up the music category of the imported blocklist.

dest music{   

domainlist BL/music/domains   

urllist BL/music/urls   

}

Now let’s add a condition to the default ACL. Thus, we add the condition “pass !block !music”. Consequently, this condition makes all traffic pass except what is blocked in the block rule and music rule. The block rule was created in the previous post about squidguard HERE. However, the music rule was created now in this post.

default {   

pass !block !music   

redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u  

 }

Example of squidGuard.conf

Update the database

After the new rules are added, we will update the squidguard database. However, we need to give access permission for squid in the/var/lib/squidguard/db/ folder. So, lets use the command below.

sudo chown proxy:proxy -R /var/lib/squidguard/db/

Now, let’s use the command below to update the squidguard database.

sudo squidGuard -b -d -C all

Then, we will again give permission for the squid to access the data from the database. This is because after the update, new files with extension “.db” were generated. Consequently, we need to ensure that squid has access to these files. So let’s use the command below.

sudo chown proxy:proxy -R /var/lib/squidguard/db/

Once all the configuration and database update is done, let’s restart squid. In this way, by restarting the squid, we will ensure that the changes are applied.

sudo service squid restart

Tests

As a test, we can try to access some of the domains present in the music category of blocklist . In the video below the test was done for the last.fm website.

squidGuard.conf

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard/db
logdir /var/log/squidguard

dest music{
	domainlist BL/music/domains
	urllist BL/music/urls
	}

dest block {
	domainlist dalbert/block_domain
	urllist dalbert/block_url
}
# ACL RULES:
#

acl {
	#admin {
	#	pass	 any
	#}

	#foo-clients within workhours {
	#	pass	 good !in-addr !porn any
	#} else {
	#	pass any
	#}

	#bar-clients {
	#	pass	local none
	#}

	default {
		pass !block !music
		redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
	}
}

The video with the entire setup tutorial is below:

See More:

Proxy Squid: User Authentication

SquidGuard : Installation and Configuration

Squid Proxy: Filter clients by IP and MAC

Squid Proxy for linux Installation and Configuration

Snort PfSense : Detect DoS Attack

Juliana Mascarenhas

Data Scientist and Master in Computer Modeling by LNCC.
Computer Engineer

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". O cookie é definido pelo consentimento do cookie GDPR para registrar o consentimento do usuário para os cookies na categoria "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". Este cookie é definido pelo plug-in GDPR Cookie Consent. Os cookies são usados para armazenar o consentimento do usuário para os cookies na categoria "Necessary",
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. O cookie é definido pelo plug-in GDPR Cookie Consent e é usado para armazenar se o usuário consentiu ou não com o uso de cookies. Ele não armazena nenhum dado pessoal.

Cookie	Duration	Description
_tccl_visit	30 minutes	This cookie is set by the web hosting provider GoDaddy. This is a persistent cookie used for monitoring the website usage performance.
_tccl_visitor	1 year	This cookie is set by the web hosting provider GoDaddy. This is a persistent cookie used for monitoring the website usage performance.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_199766752_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
FCCDCF	12 hours	No description available.
GoogleAdServingTest	session	No description