HOME Downloads Documentation Development Blacklists Contributions Contact

  squidGuard - The Redirect Rule

  1. Basics

    In order to work properly you must tell squidGuard which URL it shall deliver back to squid when the requested site is part of the blocked destinations.
    The redirect rule must be placed with the acl tags. It is possible to have multiple redirect rules but within the same policy (i.e. definition of source rules).
    Example for one redirect rules in a configuration:

    One redirect rule in the configuration:
    acl {
        default {
           pass !porn all
           redirect http://www.foo.bar/blocked.html

    This example assumes that the same policy applies for all proxy users.

    Example for multiple redirect rules in a configuration:

    Multiple redirect rules in the configuration:
    acl {
        group1 within workhours {
           pass !tracker !adv !spyware !hacking !porn all
           redirect http://www.foo.bar/allblocked.html
        default {
           pass !porn all
           redirect http://www.foo.bar/defaultblocked.html

    In this example two policies are defined. The latter is the same as in the first example and applies to all proxy user that do not fall into the policy defined by "group1". If you user is recognized as part of "group1" (be it by authentication, by IP address or time definition) the page http://www.foo.bar/allblocked.html will be displayed if a requested page has been found part of one of the blocked destinations (in our example tracker, adv, spyware, hacking and porn).

    Please note:
    • You always need a policy called "default"!
    • If you do not specify a redirect rule, blocking and logging of requests will not work.
    • There must only be one redirect rule within a policy declaration.

  2. Advanced

    Instead of displaying a static "You have been blocked" message, you can program a script to do so and tell the user some more information about the blocking. SquidGuard passes the following variables that can be interpreted by the script:

    %a Variable that holds the IP address of the client.
    %i Variable that holds the user ID (RFC931 or LDAP) or "unknown" if not available.
    %n Variable that holds the domainname of the client or "unknown" if not available.
    %p Variable that holds the REQUEST_URI, i.e. the path and the optional query string of %u, but note for convenience without the leading "/".
    %s Variable that holds the matched source group (client group) or "unknown" if no groups were matched.
    %t Variable that holds the matched destination group (target group) or "unknown" if no groups were matched.
    %u Variable that holds the requested URL.

    In order to use this additional information in your script your redirect rule should look like the following:

    Redirect rule with variables:
     redirect http://www.foo.bar/blocked.cgi?caddr=%a&cname=%n&user=%i&group=%s&url=%u&target=%t 

    In your script you have to evaluate the passed variable $QUERY_STRING. This variable holds all given parameters. SquidGuard substitutes the variable (the ones with the "%") with their appropriate values before sending URL to the script, so the variable $QUERY_STRING holds all the information about user, ip, group and requested URL.

 Getting started
 Destination ACLs
 Source ACLs
 Redirect Rule
 Time Constraints
 Regular Expressions

Runtime Options
About blocking
Known Issues
Other Sources

  © Powered by Shalla Secure Services 2019