SquidGuard Builtin expressions no filter

Hi

Why a builtin expressions( !builtin ) is not work? no filter

dest builtin {
domainlist /var/squidGuard/blacklists/custom/builtin/domains
urllist /var/squidGuard/blacklists/custom/builtin/urls
expressionlist /var/squidGuard/blacklists/custom/builtin/expressions
logfile urlfilter.log
}

Profile: internet_filter
src_internet_filter within always {
pass !blacklist !in-addr !files !builtin !adv !aggressive !alcohol !anonvpn !chat all
}

Thank you

It seems strange, I have not had this kind of problem. let’s see your filtering proxy settings

Hi

NethServer 6.8 with one Ethernet (LAN)

#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at https://dev.nethesis.it/projects/nethserver/wiki/NethServer
# original work from http://www.contribs.org/development/
#
# Copyright (C) 2013 Nethesis S.r.l.
# http://www.nethesis.it - support@nethesis.it
#

# Uncomment this to enable debug
#debug_options ALL,1 33,2 28,9

# Sites not cached
acl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
no_cache deny no_cache

# Allow access from green and trusted networks.
acl localnet src 10.xx.xx.0/24
acl localnet_dst src 10.xx.xx.0/24
acl localnet src 192.168.xx.0/24
acl localnet_dst src 192.168.xx.0/24

# Safe ports
acl SSL_ports port 443
acl SSL_ports port 980# httpd-admin (server-manager)
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https
acl Safe_ports port 70# gopher
acl Safe_ports port 210# wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280# http-mgmt
acl Safe_ports port 488# gss-http
acl Safe_ports port 591# filemaker
acl Safe_ports port 777# multiling http
acl Safe_ports port 980# httpd-admin (server-manager)
acl CONNECT method CONNECT
#
# 20acl_00_portscustom#

# Authentication required

# BASIC (LDAP)auth_param basic program /usr/lib64/squid/basic_ldap_auth -b ou=People,dc=directory,dc=nh localhostauth_param basic children 5auth_param basic realm proxy.localdomain.localauth_param basic credentialsttl 1 hoursauth_param basic casesensitive onacl authenticated proxy_auth REQUIRED
#
# SSL bump bypass#
acl bypass_ssl dstdomain '/etc/squid/acls/ssl_bypass.acl'
# Allow access from localhosthttp_access allow localhost
# Deny requests to certain unsafe portshttp_access deny !Safe_ports
# Deny CONNECT to other than secure SSL portshttp_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhosthttp_access allow localhost managerhttp_access deny manager
#
# Skip URL rewriter for local addresses#
acl self dst 192.168.xx.xxxacl self_port port 80acl self_port port 443url_rewrite_access deny self localnet  self_port
#
# Skip URL rewriter for SSL bump bypass sites#
url_rewrite_access deny bypass_ssl self_port

# Authentication required on green and trusted networkshttp_access allow localnet authenticated

# And finally deny all other access to this proxyhttp_access deny all
cache_mem 256 MB
# Enable disk cacheminimum_object_size 0 KBmaximum_object_size 4096 KBcache_dir aufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dircoredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.#
refresh_pattern ^ftp:1440    20%     10080refresh_pattern ^gopher:1440    0%      1440refresh_pattern -i (/cgi-bin/|\?) 0     0%      0refresh_pattern .020%     4320refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*\.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims
# Always enable manual proxyhttp_port 3128



# Enable squidGuardurl_rewrite_program /usr/bin/squidGuardurl_rewrite_children 20 startup=5 idle=5

#
# 90options#
forward_max_tries 25shutdown_lifetime 1 secondsbuffered_logs onmax_filedesc 16384logfile_rotate 0

s quidGuard.conf

#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at https://dev.nethesis.it/projects/nethserver/wiki/NethServer
# original work from http://www.contribs.org/development/
#
# Copyright (C) 2013 Nethesis S.r.l.
# http://www.nethesis.it - support@nethesis.it
#
#
# CONFIG FILE FOR SQUIDGUARD
#
# See http://www.squidguard.org/config/ for more examples
#

dbhome /var/squidGuard/blacklists
logdir /var/log/squidGuard

dest gamble {domainlist /var/squidGuard/blacklists/gamble/domainsurllist /var/squidGuard/blacklists/gamble/urlslogfile urlfilter.log
}
dest chemistry {domainlist /var/squidGuard/blacklists/science/chemistry/domainsurllist /var/squidGuard/blacklists/science/chemistry/urlslogfile urlfilter.log
}
dest files {expressionlist /var/squidGuard/blacklists/custom/files/expressionslogfile urlfilter.log
}
dest pets {domainlist /var/squidGuard/blacklists/hobby/pets/domainsurllist /var/squidGuard/blacklists/hobby/pets/urlslogfile urlfilter.log
}
dest bikes {domainlist /var/squidGuard/blacklists/automobile/bikes/domainsurllist /var/squidGuard/blacklists/automobile/bikes/urlslogfile urlfilter.log

}
dest aggressive {

domainlist /var/squidGuard/blacklists/aggressive/domains

urllist /var/squidGuard/blacklists/aggressive/urls

logfile urlfilter.log

}
dest radiotv {

domainlist /var/squidGuard/blacklists/radiotv/domains

urllist /var/squidGuard/blacklists/radiotv/urls

logfile urlfilter.log

}
dest violence {

domainlist /var/squidGuard/blacklists/violence/domains
urllist /var/squidGuard/blacklists/violence/urls
logfile urlfilter.log
}
dest cars {

domainlist /var/squidGuard/blacklists/automobile/cars/domains
urllist /var/squidGuard/blacklists/automobile/cars/urls
logfile urlfilter.log
}
dest travel {

domainlist /var/squidGuard/blacklists/recreation/travel/domains
urllist /var/squidGuard/blacklists/recreation/travel/urls
logfile urlfilter.log
}
dest martialarts {

domainlist /var/squidGuard/blacklists/recreation/martialarts/domains
urllist /var/squidGuard/blacklists/recreation/martialarts/urls
logfile urlfilter.log
}
dest webradio {

domainlist /var/squidGuard/blacklists/webradio/domains
urllist /var/squidGuard/blacklists/webradio/urls
logfile urlfilter.log
}
dest wellness {

domainlist /var/squidGuard/blacklists/recreation/wellness/domains
urllist /var/squidGuard/blacklists/recreation/wellness/urls
logfile urlfilter.log
}
dest movies {

domainlist /var/squidGuard/blacklists/movies/domains
urllist /var/squidGuard/blacklists/movies/urls
logfile urlfilter.log
}
dest politics {

domainlist /var/squidGuard/blacklists/politics/domains
urllist /var/squidGuard/blacklists/politics/urls
logfile urlfilter.log
}
dest military {

domainlist /var/squidGuard/blacklists/military/domains
urllist /var/squidGuard/blacklists/military/urls
logfile urlfilter.log
}
dest dynamic {

domainlist /var/squidGuard/blacklists/dynamic/domains
urllist /var/squidGuard/blacklists/dynamic/urls
logfile urlfilter.log
}
dest ringtones {

domainlist /var/squidGuard/blacklists/ringtones/domains
urllist /var/squidGuard/blacklists/ringtones/urls
logfile urlfilter.log
}
dest astronomy {

domainlist /var/squidGuard/blacklists/science/astronomy/domains
urllist /var/squidGuard/blacklists/science/astronomy/urls
logfile urlfilter.log
}
dest redirector {

domainlist /var/squidGuard/blacklists/redirector/domains
urllist /var/squidGuard/blacklists/redirector/urls
logfile urlfilter.log
}
dest alcohol {

domainlist /var/squidGuard/blacklists/alcohol/domains
urllist /var/squidGuard/blacklists/alcohol/urls
logfile urlfilter.log
}
dest dating {

domainlist /var/squidGuard/blacklists/dating/domains
urllist /var/squidGuard/blacklists/dating/urls
logfile urlfilter.log
}
dest gardening {

domainlist /var/squidGuard/blacklists/hobby/gardening/domains
urllist /var/squidGuard/blacklists/hobby/gardening/urls
logfile urlfilter.log
}
dest trading {

domainlist /var/squidGuard/blacklists/finance/trading/domains
urllist /var/squidGuard/blacklists/finance/trading/urls
logfile urlfilter.log
}
dest hacking {

domainlist /var/squidGuard/blacklists/hacking/domains
urllist /var/squidGuard/blacklists/hacking/urls
logfile urlfilter.log
}
dest adv {

domainlist /var/squidGuard/blacklists/adv/domains
urllist /var/squidGuard/blacklists/adv/urls
logfile urlfilter.log
}
dest updatesites {

domainlist /var/squidGuard/blacklists/updatesites/domains
urllist /var/squidGuard/blacklists/updatesites/urls
logfile urlfilter.log
}
dest tracker {

domainlist /var/squidGuard/blacklists/tracker/domains
urllist /var/squidGuard/blacklists/tracker/urls
logfile urlfilter.log
}
dest humor {

domainlist /var/squidGuard/blacklists/recreation/humor/domains
urllist /var/squidGuard/blacklists/recreation/humor/urls
logfile urlfilter.log
}
dest costtraps {

domainlist /var/squidGuard/blacklists/costtraps/domains
urllist /var/squidGuard/blacklists/costtraps/urls
logfile urlfilter.log
}
dest shopping {

domainlist /var/squidGuard/blacklists/shopping/domains
urllist /var/squidGuard/blacklists/shopping/urls
logfile urlfilter.log
}
dest forum {

domainlist /var/squidGuard/blacklists/forum/domains
urllist /var/squidGuard/blacklists/forum/urls
logfile urlfilter.log
}
dest whitelist {

domainlist /var/squidGuard/blacklists/custom/whitelist/domains
urllist /var/squidGuard/blacklists/custom/whitelist/urls
logfile urlfilter.log
}
dest weapons {

domainlist /var/squidGuard/blacklists/weapons/domains
urllist /var/squidGuard/blacklists/weapons/urls
logfile urlfilter.log
}
dest sports {

domainlist /var/squidGuard/blacklists/recreation/sports/domains
urllist /var/squidGuard/blacklists/recreation/sports/urls
logfile urlfilter.log
}
dest education {

domainlist /var/squidGuard/blacklists/sex/education/domains
urllist /var/squidGuard/blacklists/sex/education/urls
logfile urlfilter.log
}
dest webmail {

domainlist /var/squidGuard/blacklists/webmail/domains
urllist /var/squidGuard/blacklists/webmail/urls
logfile urlfilter.log
}
dest moneylending {

domainlist /var/squidGuard/blacklists/finance/moneylending/domains
urllist /var/squidGuard/blacklists/finance/moneylending/urls
logfile urlfilter.log
}
dest cooking {

domainlist /var/squidGuard/blacklists/hobby/cooking/domains
urllist /var/squidGuard/blacklists/hobby/cooking/urls
logfile urlfilter.log
}
dest hospitals {

domainlist /var/squidGuard/blacklists/hospitals/domains
urllist /var/squidGuard/blacklists/hospitals/urls
logfile urlfilter.log
}
dest searchengines {

domainlist /var/squidGuard/blacklists/searchengines/domains
urllist /var/squidGuard/blacklists/searchengines/urls
logfile urlfilter.log
}
dest schools {

domainlist /var/squidGuard/blacklists/education/schools/domains
urllist /var/squidGuard/blacklists/education/schools/urls
logfile urlfilter.log
}
dest remotecontrol {

domainlist /var/squidGuard/blacklists/remotecontrol/domains
urllist /var/squidGuard/blacklists/remotecontrol/urls
logfile urlfilter.log
}
dest realestate {

domainlist /var/squidGuard/blacklists/finance/realestate/domains
urllist /var/squidGuard/blacklists/finance/realestate/urls
logfile urlfilter.log
}
dest spyware {

domainlist /var/squidGuard/blacklists/spyware/domains
urllist /var/squidGuard/blacklists/spyware/urls
logfile urlfilter.log
}
dest drugs {

domainlist /var/squidGuard/blacklists/drugs/domains
urllist /var/squidGuard/blacklists/drugs/urls
logfile urlfilter.log
}
dest music {

domainlist /var/squidGuard/blacklists/music/domains
urllist /var/squidGuard/blacklists/music/urls
logfile urlfilter.log
}
dest urlshortener {

domainlist /var/squidGuard/blacklists/urlshortener/domains
urllist /var/squidGuard/blacklists/urlshortener/urls
logfile urlfilter.log
}
dest downloads {

domainlist /var/squidGuard/blacklists/downloads/domains
urllist /var/squidGuard/blacklists/downloads/urls
logfile urlfilter.log
}
dest models {

domainlist /var/squidGuard/blacklists/models/domains
urllist /var/squidGuard/blacklists/models/urls
logfile urlfilter.log
}
dest government {

domainlist /var/squidGuard/blacklists/government/domains
urllist /var/squidGuard/blacklists/government/urls
logfile urlfilter.log
}
dest builtin {

domainlist /var/squidGuard/blacklists/custom/builtin/domains
urllist /var/squidGuard/blacklists/custom/builtin/urls
expressionlist /var/squidGuard/blacklists/custom/builtin/expressions
logfile urlfilter.log
}
dest imagehosting {

domainlist /var/squidGuard/blacklists/imagehosting/domains
urllist /var/squidGuard/blacklists/imagehosting/urls
logfile urlfilter.log
}
dest webphone {

domainlist /var/squidGuard/blacklists/webphone/domains
urllist /var/squidGuard/blacklists/webphone/urls
logfile urlfilter.log
}
dest insurance {

domainlist /var/squidGuard/blacklists/finance/insurance/domains
urllist /var/squidGuard/blacklists/finance/insurance/urls
logfile urlfilter.log
}
dest blacklist {

domainlist /var/squidGuard/blacklists/custom/blacklist/domains
urllist /var/squidGuard/blacklists/custom/blacklist/urls
logfile urlfilter.log
}
dest planes {

domainlist /var/squidGuard/blacklists/automobile/planes/domains
urllist /var/squidGuard/blacklists/automobile/planes/urls
logfile urlfilter.log
}
dest games-online {

domainlist /var/squidGuard/blacklists/hobby/games-online/domains
urllist /var/squidGuard/blacklists/hobby/games-online/urls
logfile urlfilter.log
}
dest other {

domainlist /var/squidGuard/blacklists/finance/other/domains
urllist /var/squidGuard/blacklists/finance/other/urls
logfile urlfilter.log
}
dest warez {

domainlist /var/squidGuard/blacklists/warez/domains
urllist /var/squidGuard/blacklists/warez/urls
logfile urlfilter.log
}
dest lingerie {

domainlist /var/squidGuard/blacklists/sex/lingerie/domains
urllist /var/squidGuard/blacklists/sex/lingerie/urls
logfile urlfilter.log
}
dest homestyle {

domainlist /var/squidGuard/blacklists/homestyle/domains
urllist /var/squidGuard/blacklists/homestyle/urls
logfile urlfilter.log
}
dest games-misc {

domainlist /var/squidGuard/blacklists/hobby/games-misc/domains
urllist /var/squidGuard/blacklists/hobby/games-misc/urls
logfile urlfilter.log
}
dest podcasts {

domainlist /var/squidGuard/blacklists/podcasts/domains
urllist /var/squidGuard/blacklists/podcasts/urls
logfile urlfilter.log
}
dest library {

domainlist /var/squidGuard/blacklists/library/domains
urllist /var/squidGuard/blacklists/library/urls
logfile urlfilter.log
}
dest jobsearch {

domainlist /var/squidGuard/blacklists/jobsearch/domains
urllist /var/squidGuard/blacklists/jobsearch/urls
logfile urlfilter.log
}
dest anonvpn {

domainlist /var/squidGuard/blacklists/anonvpn/domains
urllist /var/squidGuard/blacklists/anonvpn/urls
logfile urlfilter.log
}
dest socialnet {

domainlist /var/squidGuard/blacklists/socialnet/domains
urllist /var/squidGuard/blacklists/socialnet/urls
logfile urlfilter.log
}
dest webtv {

domainlist /var/squidGuard/blacklists/webtv/domains
urllist /var/squidGuard/blacklists/webtv/urls
logfile urlfilter.log
}
dest porn {

domainlist /var/squidGuard/blacklists/porn/domains
urllist /var/squidGuard/blacklists/porn/urls
logfile urlfilter.log
}
dest religion {

domainlist /var/squidGuard/blacklists/religion/domains
urllist /var/squidGuard/blacklists/religion/urls
logfile urlfilter.log
}
dest fortunetelling {

domainlist /var/squidGuard/blacklists/fortunetelling/domains
urllist /var/squidGuard/blacklists/fortunetelling/urls
logfile urlfilter.log
}
dest restaurants {

domainlist /var/squidGuard/blacklists/recreation/restaurants/domains
urllist /var/squidGuard/blacklists/recreation/restaurants/urls
logfile urlfilter.log
}
dest chat {

domainlist /var/squidGuard/blacklists/chat/domains
urllist /var/squidGuard/blacklists/chat/urls
logfile urlfilter.log
}
dest banking {

domainlist /var/squidGuard/blacklists/finance/banking/domains
urllist /var/squidGuard/blacklists/finance/banking/urls
logfile urlfilter.log
}
dest news {

domainlist /var/squidGuard/blacklists/news/domains
urllist /var/squidGuard/blacklists/news/urls
logfile urlfilter.log
}
dest boats {

domainlist /var/squidGuard/blacklists/automobile/boats/domains
urllist /var/squidGuard/blacklists/automobile/boats/urls
logfile urlfilter.log
}
dest isp {

domainlist /var/squidGuard/blacklists/isp/domains
urllist /var/squidGuard/blacklists/isp/urls
logfile urlfilter.log
}

src src_pro_level1 {

user user1
    
}

time always {

weekly mtwhfas 00:00-00:00
    
}

acl {


# Profile: pro_level1
    
src_pro_level1 within always {
    pass !blacklist  !in-addr  !files  _**!builtin**_  !adv  !aggressive  !alcohol  !anonvpn  !chat  !dating  !downloads  !druggs  !dynamic  !forum  !games-misc  !games-online  !gardening  !hacking  !homestyle  !webphone  !webradio  !isp  !jobsearch  !mmoneylending  !movies  !music  !other  !porn  !redirector  !radiotv  !remotecontrol  !searchengines  !socialnet  !spyware  !trracker  !travel  !urlshortener  !violence  !warez  !weapons  !webmail  !webtv  all
}

default {
    
pass whitelist  !blacklist  !in-addr  allredirect     http://192.168.xx.xx/cgi-bin/nethserver-block.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%ss&targetgroup=%t&url=%u
}

}

Thanks

Ehi man @Ya_Ley welcome here! Please use the code formatting in the editor, it improves very much readability of your posts.

I guess that one of thess guys can help here @vhinzsanchez @Freddy_Brignardello @Renan_Azedo_de_Olive @acsel10 @mansoor.tariq @cswain @Mario_Spang they have played many times with the proxy module.

1 Like

Hi @Ya_Ley
You’re setting the filters from the main files? or you are using the module web filters?

This is my settings and I have not had any problems:





In this profile only allowed banks and I have emails

Thanks @alefattorini for fix, reading formats

Regards

1 Like

Hello @Ya_Ley,

Have you checked on the docs?
http://docs.nethserver.org/en/latest/web_proxy.html
http://docs.nethserver.org/en/latest/content_filter.html

Are you using transparent? Is user module installed? My apologies, no time to check on your earlier post.

Hi Jose,

For Black list is work as well but the builtin expressions is not work
for example, I would like to filter express words like "vpn, porn,hide my ass and etc… " it is no filters

Here is more detail about the filters

#####cat /var/squidGuard/blacklists/custom/builtin/expressions
.
.
#####Block images and video on google
#####(images.google)+.*(.jpg|.wmv|.mpg|.mpeg|.gif|.mov)
#####(google.com/video) #block all video
#####(google.com/ThumbnailServer) #block video thumbnails
######(google.com/videoplay) #block only playing the video

######################################################

Proxy Sites

######################################################

#####Block Cgiproxy, Poxy, PHProxy and other Web-based proxies
(cecid.php|nph-webpr|nph-pro|/dmirror|cgiproxy|phpwebproxy|__proxy_url|proxy.php)

#####Block websites containing proxy lists
(anonymizer|proxify|megaproxy)

######AGRESSIVE blocking of all URLs containing proxy - WARNING - this WILL overblock!!
(proxy)
.
.

Thank you

Hello

Used Mode Authenticated and Users and Groups already installed.

Thanks

Hi friend,

Enable expression matching on URL
Filter URLs using regular expressions. For example, block URLs containing the word sex. Not recommended: this type of filter can lead to false positives.

In my case test carried out this way:

1 Profile block all, allow only desired

Regards

1 Like

So blacklist is working well…you wanted to block words/expressions in URLs. I second jgjimenezs’ post above. This will also lead to false positive…sites which contains news which has the words you identified within the address.

Some technology site blogs which contains pirate, torrent and the likes are being blocked as well in our network…I need to adjust if I’m going to read it.

1 Like

Hello @vhinzsanchez how are you?

Indeed, searching for the word MegaProxy.

But it works builtin. The use of blocking by words is very tedious. I prefer the block by domain. @Ya_Ley

1 Like

Hi Jose,
Which version of nethserver that you used?
Thanks

6.8 @ya_ley

A post was split to a new topic: How to filters MIME types, block audio, video