hostname -f 必须返回完全合格的名称(包括域名)。如果没有的话,那么应该编辑 /etc/hosts 文件来包含系统的全名(例如,arrakis.falcot.com)。官方的计算机名称对网络管理员应该是合法的,来避免可能的名称冲突。
/etc/squid/squid.conf 配置文件并允许本地网络商的机器通过代理来运行查询的简单事情。后面的示例显示了 Falcot 公司的管理员所做的修改:
例 11.22. /etc/squid/squid.conf 文件(节选)
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # include /etc/squid/conf.d/* # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed acl our_networks src 192.168.1.0/24 192.168.2.0/24 http_access allow our_networks http_access allow localhost # And finally deny all other access to this proxy http_access deny all
squid 本身不执行筛选;这个动作委托给 squidGuard。然后前者必须配置与后者交互。这包括将后面的指令添加到 /etc/squid/squid.conf 文件:
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
/usr/lib/cgi-bin/squidGuard.cgi CGI program also needs to be installed, using /usr/share/doc/squidguard/examples/squidGuard.cgi as a starting point. Required modifications to this script are the $proxy and $proxymaster variables (the name of the proxy and the administrator's contact email, respectively). The $image and $redirect variables should point to existing images representing the rejection of a query.
systemctl reload squid command. However, since the squidguard package does no filtering by default, it is the administrator's task to define the policy. This can be done by creating the /etc/squid/squidGuard.conf file (using /etc/squidguard/squidGuard.conf.default as template if required).
squidGuard (或者它提到的域名或 URL 列表之一)的每次更改后,必须用 update-squidguard 重新生成工作数据库。 配置文件的语法归档在后面的网站中: