SquidGuard Manager was written to manage requests to have blocked websites whitelisted.
It was created to work in the following environment:
1. Squid used as an internet proxy server.
2. SquidGuard in use as the proxy filter.
3. An Apache web server at hand to serve the SquidGuard redirects.
4. All clients running Linux with the identd service running.
5. Firewall blocks all direct access to internet.
In addition to the network environment, a few particular circumstances led to the creation of SquidGuard Manager:
1. SquidGuard is configured to block EVERYTHING by default - only sites on the white list are accessible.
2. The Squid manager (me) isn't always available to the users.
3. Manually editing and updating SquidGuard access lists is a pain in the backside.
What SquidGuard Manager does:
1. It serves the "Blocked" notices with a link that can be used to request that the site be added to the whitelist.
2. It logs all requests to a database - the logged information includes the user name, the exact URL, and the date and time of the request.
3. If a site is already in the database, the Blocked page informs the users of the status and gives them a link to email the admin for enquiries.
4. It gives the Administrator an easy way to filter and sort the requests and to change the status of the sites.
5. It exports the site information to SquidGuard access lists, rebuilds the indexes, and forces SquidGuard to reload the updated lists.
What SquidGuard Manager does NOT do:
1. It does not install or configure squid, squidguard, apache, or a database server.
2. It does not change the squidguard ACLs.
What SquidGuard Manager requires for operation:
3. Apache (or other web server that can handle Python)
6. A database (I use Postgres because I had a server handy. Django can also use Oracle and MySQL - SQLLite is also supported and probably sufficient.)
7. The identd service on all clients.
8. You will also need cx_freeze to build a small executable.
How to setup SquidGuard Manager:
If SquidGuard Manager is of any interest to you, then I expect you have experience with all of the needed components and are capable of setting them up or you already have them available.
These instructions are therefore limited to getting all the pieces to play together.
1. If you will be using a database server, create the user and database using the appropriate tools. SquidGuard Manager will create the tables.
2. Install Django and follow the recommended steps for using it under your web server and for setting up your own site. You will want to link the squidguardmanager/media folder and the Django admin media folder to folders in your htdocs - the folder names need to be updated in settings.py
3. Configure squid to use and require ident - the squid documentation shows how.
4. Create a user group (SGAdmin) and add the squid user and the webserver user to it. Give the Squid user and the SGAdmin group read and write access to the squidguard db folder.
5. Edit sgreload.py and check the file paths. Edit the sgreload/installbin script and correct the paths and user names.
6. Use sgreload/buildbin and sgreload/installbin to make and install the sgreload program.
8. Edit settings.py and enter your database information, set your admin info and change the necessary paths - especially SquidGuarddb_DIR
9. Change your squidguard.conf file to use white,black,requested, and restricted.
10. SquidGuard Manager creates the new lists in the root of the squidguard db folder.
11. You can use other lists in addition to the SquidGuard Manager lists.
12. Your redirect url will look like this: http://webserver.address.net/squidguardmanager/blockedsite?user=%i&url=%u
13. Use your Django super user to create another user. Give the new user rights to edit exception requests and to reload the SquidGuard database.
14. After editing the exception requests, you MUST use the Rebuild SquidGuard database button to export, rebuild, and reload the updated access lists. A manual rebuild/reload of the squidguard databases is not sufficient.
There's probably a great many details I've forgotten to mention. If you have trouble, contact me at email@example.com