Je voudrais installé un comtrôle pour l'accés à internet de mon fils.
J'ai une sarge connectée en wifi.
j'ai donc installé squid et squidguard et chastety-list (par apt-get).
Mais je n'arrive pas bien à comprendre comment ca marche, de plus il
semble que chastety-list ne soit pas à jour du tout.
Quelqu'un aurait-il le détail exact pour une installation qui fonctionne ?
David Pailler
--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.net/?DebianFrench
Vous pouvez aussi ajouter le mot ``spam'' dans vos champs "From" et
"Reply-To:"
To UNSUBSCRIBE, email to debian-user-french-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
# OPTIONS WHICH AFFECT THE CACHE SIZE # -----------------------------------------------------------------------------
# auth_param digest program /usr/lib/squid/digest_auth_pw /usr/etc/digpass # # # # By default, the ntlm authentication scheme is not used unless a # program is specified. # # Note: If you're using Samba >= 3.0.2, please install the winbind # package and use the ntlm_auth helper from that package. # # auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp # # "children" numberofchildren # The number of authenticator processes to spawn (no default). If you # start too few Squid will have to wait for them to process a backlog # of credential verifications, slowing it down. When crendential # verifications are done via a (slow) network you are likely to need # #Suggested default: refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320
#Recommended minimum configuration: acl localnet src 192.168.0.0/255.255.255.0 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl mesmachines src 192.168.0.1-192.168.0.254 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT
# Only allow cachemgr access from localhost http_access allow all http_access allow mesmachines
http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # #http_access allow our_networks http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# #Allow ICP queries from everyone icp_access allow all
-- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs "From" et "Reply-To:"
To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact
François Boisson a écrit :
Le Sat, 17 Feb 2007 12:50:14 +0100
david_Pailler <david.pailler@ac-creteil.fr> a écrit:
# OPTIONS WHICH AFFECT THE CACHE SIZE
#
-----------------------------------------------------------------------------
# auth_param digest program /usr/lib/squid/digest_auth_pw
/usr/etc/digpass
#
#
#
# By default, the ntlm authentication scheme is not used unless a
# program is specified.
#
# Note: If you're using Samba >= 3.0.2, please install the winbind
# package and use the ntlm_auth helper from that package.
#
# auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
#
# "children" numberofchildren
# The number of authenticator processes to spawn (no default). If you
# start too few Squid will have to wait for them to process a backlog
# of credential verifications, slowing it down. When crendential
# verifications are done via a (slow) network you are likely to need
#
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Recommended minimum configuration:
acl localnet src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl mesmachines src 192.168.0.1-192.168.0.254
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow all
http_access allow mesmachines
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
#http_access allow our_networks
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
#
#Allow ICP queries from everyone
icp_access allow all
--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.net/?DebianFrench
Vous pouvez aussi ajouter le mot ``spam'' dans vos champs "From" et
"Reply-To:"
To UNSUBSCRIBE, email to debian-user-french-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
# OPTIONS WHICH AFFECT THE CACHE SIZE # -----------------------------------------------------------------------------
# auth_param digest program /usr/lib/squid/digest_auth_pw /usr/etc/digpass # # # # By default, the ntlm authentication scheme is not used unless a # program is specified. # # Note: If you're using Samba >= 3.0.2, please install the winbind # package and use the ntlm_auth helper from that package. # # auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp # # "children" numberofchildren # The number of authenticator processes to spawn (no default). If you # start too few Squid will have to wait for them to process a backlog # of credential verifications, slowing it down. When crendential # verifications are done via a (slow) network you are likely to need # #Suggested default: refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320
#Recommended minimum configuration: acl localnet src 192.168.0.0/255.255.255.0 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl mesmachines src 192.168.0.1-192.168.0.254 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT
# Only allow cachemgr access from localhost http_access allow all http_access allow mesmachines
http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # #http_access allow our_networks http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# #Allow ICP queries from everyone icp_access allow all
-- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs "From" et "Reply-To:"
To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact
