Content Control filter integration for Squid by MARA Systems AB

On this page you can find the required files for integrating the Content Control filtering service with Squid. For more information regarding the Content Control filtering service please see our product description.

Note: The downloads on this page is mainly meant for use together with the Content Control filtering service. but the Squid binaries and patches also works standalone. The helper is unique for Content Control and requires a Content Control license to be used.

For licensing questions please contact sales@marasystems.com

Contents:

Overview
Installation
Configuration guide
Release notes
Support

Overview

The integration consists of two components:

A external_acl helper for Squid which maintains all communication to the filter service point / lookup appliances. This helper is also responsible for caching of site and directory ratings.

A patch for Squid-2.5 to extend the external_acl mechanism with improved performance and extended functionality used for better integration with the rating database.

Installation instructions

Squid patch

To integrate with Squid in a clean and efficient manner Squid-2.5 needed to be extended slightly. These patches were developed by MARA Systems AB in cooperation with other Squid developers and is fully Open Source as required by the Squid License. In addition the functionality provided by these patches have been merged into the Squid main source tree and will be included in the next major Squid release (Squid-3.0).

This patch should apply cleanly to Squid-2.5.STABLE10 or later. For earlier Squid-2.5 releases see the older versions section below.

Download

Patches for squid-2.5.STABLE10 or later: squid-2.5-20050422-cerberian.patch
squid-2.5-20030904-customlog.patch (optional, see Release Notes)

Install

tar zxvf squid-2.5.STABLE10.tar.gz
cd squid-2.5.STABLE10
Apply any other patches you might be interested in using. Especially consider the official bug fixes posted on the Squid-2.5 patches page
patch -p1 -s <../squid-2.5-20050422-cerberian.patch
patch -p1 -s <../squid-2.5-20030904-customlog.patch
./configure ....
etc as in a standard Squid installation

Helper

This helper is responsible for all communication with the Content Control service. The helper is distributed as a binary only due to licensing restrictions. If you need the helper for a platform not listed here please let us know and we will help you out the best we can.

Download

Linux (RedHat Linux and most other Linux distributions): squidCerberian-1.5-Linux.tgz
Linux RPM package (RedHat, Fedora and others): squidCerberian-1.5-2.rh.i386.rpm
FreeBSD: squidCerberian-1.4-FreeBSD.tgz
OpenBSD: squidCerberian-1.4-OpenBSD.tgz (OpenBSD)

NOTE: Version 1.7 & 1.8 has been revoked due to issues with false/invalid ratings returned after some time usage (a few thousands rating lookups). Please do NOT use these versions.

Install

cd /usr/local
tar zxvf $HOME/squidCerberian-1.5-Linux.tgz

This will create two files:

squid/libexec/squidCerberian: The Content Control Squid lookup helper called by Squid to verify ratings
squid/share/cerberian-categories.txt: A list of Content Control database categories and their human readable description.

You will also need a Content Control filtering License to use this software. Pricing and evaluation licenses are available on request by contacting sales@marasystems.com

Prebuilt Squid packages

If you do not want to patch and build your own Squid package then you can use one of the following pre-built packages.

Fedora Core 3: squid-cerberian-2.5.STABLE10-1-fc3.i386.rpm (source)
squidCerberian-1.5-2.rh.i386.rpm
Fedora Core 2: squid-cerberian-2.5.STABLE10-1-fc2.i386.rpm (source)
squidCerberian-1.5-2.rh.i386.rpm
RedHat 9: squid-cerberian-2.5.STABLE10-1-rh9.i386.rpm (source)
squidCerberian-1.5-2.rh.i386.rpm
RedHat 7.1: squid-cerberian-2.5.STABLE10-1-rh71.i386.rpm (source)
squidCerberian-1.5-2.rh.i386.rpm

Install

rpm -Uvh squid-cerberian-2.5.STABLE10-1.fc3.i386.rpm
rpm -Uvh squidCerberian-1.5-2.rh.i386.rpm

Note: Replace the squid-cerberian filename with the correct file for your distribution version

Configuration

Please see the Configuration Guide (separate document).

Release Notes

This version of the integration supports "CMR+DOMT" type of Content Control licenses. The "DOMT" license option is optional, and the helper takes advantage of this option for the increased rating cache capabilities and local reporting if available.

Support for "ADR" type licenses is not planned at this time as Squid typically runs on devices which can and should cache ratings locally, but "ADR" support can be added on request. Contact sales@marasystems.com for a quote if you need "ADR" type integration for Squid.

Logging of the category in blocked or domain rated sites is supported together with the customlog patch. The category code of the blocked or domain rated site is available as %ea in custom log format specifications.

Support

Support for this software is available by email to cerberian@support.marasystems.com or by phone +46 86810840. Please note that MARA Systems operate in Europe/Stockholm, timezone GMT-1 (1 hour ahead of GMT/UTC).

Older versions

Here you can find the previous version of this software as reference. Please note that we strongly recommend using the latest version unless you have specific reasons not to.

Squid-2.5.STABLE9: squid-2.5.STABLE9-cerberian.patch
squid-2.5-20030904-customlog.patch (optional, see Release Notes)
squid-cerberian-2.5.STABLE9-3.src.rpm (Fedora Core 3 Fedora Core 2)
squid-cerberian-2.5.STABLE9-3-rh.src.rpm (RedHat Linux 9 RedHat Linux 7.1)
Squid-2.5.STABLE7: squid-2.5.STABLE7-cerberian.patch
squid-2.5-20030904-customlog.patch (optional, see Release Notes)
squid-cerberian-2.5.STABLE5-3.src.rpm ( rh7 rh9 fc2)
Squid-2.5.STABLE5 + current patches: squid-2.5-20040604-cerberian.patch
squid-2.5-20030904-customlog.patch (optional, see Release Notes)
Squid-2.5.STABLE5: squid-2.5-20040223-cerberian.patch
squid-2.5-20030904-customlog.patch (optional, see Release Notes)
squid-cerberian-2.5.STABLE5-3.src.rpm ( rh7 rh9 fc1)

squidCerberian-1.5-1.rh.i386.rpm
squid-cerberian-2.5.STABLE1-2.src.rpm ( rh7 rh9 fc1 )
squid-cerberian-2.5.STABLE1-1.src.rpm ( rh7 rh9 fc1 )
squidCerberian-1.8-Linux.tgz (RedHat Linux and most other Linux distributions)
squidCerberian-1.7-Linux.tgz (RedHat Linux and most other Linux distributions)
squidCerberian-1.5-Linux.tgz (RedHat Linux and most other Linux distributions)
squidCerberian-1.5-Linux-static.tgz (Linux on Intel)
squidCerberian-1.4-FreeBSD.tgz (FreeBSD)
squid-2.5-20031215-cerberian.patch (for Squid-2.5.STABLE4)
squidCerberian-1.4-Linux.tgz
squidCerberian-1.3.tgz
squid-2.5-20030904-cerberian.patch.gz
squid-2.5-20030813-cerberian.patch.gz
squid-2.5-20030813-customlog.patch.gz

Changelog

2005-04-22 Squid-2.5.STABLE9 update: Patches updated to 2.5.STABLE9
2004-11-05 Squid-2.5.STABLE7 update: Patches and RPMs updated to 2.5.STABLE7.
2004-07-01 documentation update: Documentation updated with several examples, and split into a separate configuration guide
2004-06-06 access controls documentation update: Clarified how the policies are used in http_access
2004-06-05 updated Squid RPMs 2.5.STABLE5-3: Updated a broken patch (va_copyquid-2.5.STABLE5-va_copy.patch
2004-06-04 updated Squid RPMs 2.5.STABLE5-2: Corrected a packaging error where the default error directory path was specified wrongly
2004-06-03 Squid RPMs 2.5.STABLE5-1: Published prebuild Squid binary RPMs for your convenience
2004-06-03 reverted to version 1.5: Problems has been detected in versions 1.7 and 1.8 of the squidCerberian helper.
2004-06-02 version 1.8: Timestamp log output
2004-03-31 version 1.7: More resident to server errors and report malformed responses more verbose
Decreased memory usage
Improved cache efficiency by utilizing the Squid cache for per-url responses
2004-03-20: Minor documentation update
2004-03-03 version 1.5: Updated helper with support for forwarding the rating requests via a parent proxy
2004-02-23: Updated patch to resolve conflict with recent upstream NTLM patches
2004-01-21: Clarified squid.conf instructions slightly
2004-01-16 version 1.4: New helper with added support for FreeBSD and some usage cleanups
2004-01-08 new cerberian patch (20031215): Corrects an issue where Squid sometimes crashed during "squid -k rotate"
2003-09-12 version 1.3: New helper to automatically failover and load-balance on the service points assigned by Cerberian.
Note: If you today specifies an explicit IP address to the helper in external_acl_type then either remove this or change the address to the default sp.cwfservice.net (sp.cwfservice.net is automatically used if no address is specified).
2003-09-04 new squid patches: New Squid patches to fix the log function and resolve minor conflicts with the latest official Squid-2.5 patches.
2003-08-27 version 1.2: Bugfix release to address "comm.c:147: comm_handle_events: Assertion `fh->fd == fd' failed." under high load.
2003-08-13 version 1.1: Version 1.1 with log support, together with new matching Squid patches. Removed --vendor documentation (should not normally be specified)
2003-07-04 install instructions updated: Install instructions corrected to match the current patch version
2003-05-16 patch updated: Patch updated to match last-minute changes of 2.5.STABLE3
2003-05-15 patch and helper updated: Patch updated to apply to current Squid-2.5 sources (what will become 2.5.STABLE3) and some minor bug fixes to problems found in other uses of the same patch.
Helper updated to version 1.03
--user= option in combination with -u
--reporting= option fixed
problem on helper restart fixed categories.txt updated to match current Cerberian categories
2003-03-04 acl helper updated to version 1.0: Handle lookup timeouts
allow service point to be specified by DNS name
bug fixes
2003-01-23: Added --vendor option in the external_acl_type example.
2003-01-23: Corrected acl definition example. Was missing the "external" acl type keyword