Итак по порядку.
FreeBSD 7.0 + Squid 3.0.1 + SquidGuard 1.2.0_1 + Apache 2.0.63 + PHP 5.2.5 (CGI работают, test.cgi кажет инфу)
Не могу понять почему при срабатывании правила редиректа не срабатывает CGI скрипт, выводя вот эту ошибку:
Код: Выделить всё
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, you@example.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.0.63 (FreeBSD) PHP/5.2.5 Server at 192.168.2.16 Port 80
Squid.conf
Код: Выделить всё
# OPTIONS FOR AUTHENTICATION
# -----------------------------------------------------------------------------
external_acl_type nt_group %LOGIN /usr/local/libexec/squid/wbinfo_group.pl
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
# auth_param ntlm max_challenge_reuses 0
# auth_param ntlm max_challenge_lifetime
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# REDIRECT CONTROLS
# -----------------------------------------------------------------------------
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf
redirector_bypass on
redirect_children 20
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.2.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#http_access allow all
http_access allow localnet
http_access deny all
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 8080
http_port 3128
# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_dir ufs /usr/local/squid/cache 1000 24 256
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
access_log /usr/local/squid/logs/access.log squid
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
logfile_rotate 10
pid_filename /usr/local/squid/logs/squid.pid
# debug_options ALL,1
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
Код: Выделить всё
#
# SAMPLE CONFIG FILE FOR SQUIDGUARD
# (for further configuration options see the
# documentation and http://www.squidguard.org/)
#
dbhome /var/db/squidGuard
logdir /var/log
#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
weekly mtwhf 08:00 - 20:30
date *-*-01 08:00 - 20:30
}
#
# SOURCE ADDRESSES
#
source sample-clients {
ip 192.168.2.80
}
src dr {
ip 192.168.2.99
}
#
# DESTINATION CLASSES
#
dest ads {
domainlist ads/domains
urllist ads/urls
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
dest mail {
domainlist mail/domains
}
dest porn {
domainlist porn/domains
urllist porn/urls
expressionlist porn/expressions
}
dest proxy {
domainlist proxy/domains
urllist proxy/urls
}
dest violence {
domainlist violence/domains
urllist violence/urls
expressionlist violence/expressions
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
acl {
sample-clients within workhours {
pass any
}
dr {
pass !ads !aggressive !audio-video !drugs !gambling !hacking !mail !porn !proxy !violence !warez !in-addr any
redirect http://192.168.2.16/cgi-bin/bl.cgi?caddr=%a&cname=%n&user=%i&group=%s&url=%u&target=%t
}
default {
pass none
redirect http://192.168.2.16/cgi-bin/bl.cgi?caddr=%a&cname=%n&user=%i&group=%s&url=%u&target=%t
}
}
Код: Выделить всё
[Mon Mar 17 17:57:29 2008] [error] [client 127.0.0.1] (2)No such file or directory: exec of '/usr/local/www/cgi-bin/bl.cgi' failed
[Mon Mar 17 17:57:29 2008] [error] [client 127.0.0.1] Premature end of script headers: bl.cgi
Код: Выделить всё
[Mon Mar 17 18:15:01 2008] [error] [client 192.168.2.16] (2)No such file or directory: exec of '/usr/local/www/cgi-bin/bl.cgi' failed, referer: http://sysadmins.ru/forum3.html?sid=02d374cef6d058b473f9bb779d28d376
[Mon Mar 17 18:15:01 2008] [error] [client 192.168.2.16] Premature end of script headers: bl.cgi, rreferer: http://sysadmins.ru/forum3.html?sid=02d374cef6d058b473f9bb779d28d376