Extract Squid whitelists, blacklists etc

[ranj]

Hi

We currently use Squid and are moving to a new Proxy solution provided by Trend Micro

InterScan Web Security

Its basically another proxy solution, based on CentOS but seems to fulfil what we want to do.

Over the years though we have built up custom categories, whitelists, blacklists that we want to export into the trend solution, even if its a bunch of text files that we can visbly see and then manually type into Trend that will be fine.

Is there a way to do this? Where would i look on the Linux squid backend to find these lists? Could it be done using webmin?

Basically the director doesnt want us to affect the end user experience, if they were able to access a webiste before he doesnt want this to be impact on the user if Trend categorises it as a unsuitable webiste.

Anyone who has moved of squid and can share some experience would be greatly appreciated.

Thanks

[Geoff]

Well the good news is that they will most likely be flat text files or possibly in a database like mysql that's easy to export from. If it's a vanilla squid install then you will need to check the squid configurations ACL list, the http_access lines will tell you what files it's using for white and black listing. If you have something like SquidGuard or Dansguardian installed alongside Squid then you need to check those configurations instead.

[ranj]

Well the good news is that they will most likely be flat text files or possibly in a database like mysql that's easy to export from. If it's a vanilla squid install then you will need to check the squid configurations ACL list, the http_access lines will tell you what files it's using for white and black listing. If you have something like SquidGuard or Dansguardian installed alongside Squid then you need to check those configurations instead.

Do you know where in the Linux file system I may find them. e.g. /etc /srv etc.

If i was to use webmin, would it be servers, squid? Where within squid would it be, there are so many options!

[3s-gtech]

I use a flat file with Squid, so for a default Debian install it's in /etc/Squid3/ then I just called the file blacklist.acl. Fairly standard setup I believe.

[tom_newton]

Likely in /var somewhere - run
grep -lR knownblocked.com /var

that might show the location up.

Helping someone move to Trend... what next?

[hit]

Look in /etc/squid/squid.conf (may be /etc/squid3/... Depending on your distro). Look for lines like

Code:

acl BAD_DOMAINS dstdom_regex -i "/etc/squid/bad_domains"
http_access deny BAD_DOMAINS

Which should give you a clue as to which files are used and what they are used for.