Table of Contents

Overview

This is a very brief guide to configuring squidGuard to enable Zoom conferencing on CentOS 7.

Key terms & resources

squidGuard – a URL redirector for use with the squid proxy. It uses blacklists to block access to web sites grouped by categories – Resources: http://www.squidguard.org/
Zoom – a video conferencing application – Resources: https://zoom.us
CentOS 7 – a distribution of Linux particularly suited to servers rather than desktop – Resources: https://en.wikipedia.org/wiki/CentOS – Official website: https://centos.org/
Proxy – also known as proxy server or network proxy. A proxy is a computer network device that typically acts as an intermediary between a private network and the public Internet. Resources: https://en.wikipedia.org/wiki/Proxy_server

Background

In the current health concerns about COVID-19 with governments and health officials worldwide advising or mandating social isolation, many institutions including schools, universities, and religious organisations are turning to online video conferencing to continue to provide education and support to their communities.

Zoom is a commercial service provided over the Internet that enables video conferencing.

Organisations with limited bandwidth may have video conferencing blocked at their proxy server but now find that they need to enable access to Zoom.us in order to continue meeting the needs of their clients. This brief guide lists the five steps that you need to take to reconfigure squidGuard to allow access to zoom.us.

Configuration Steps

These steps assume that you are familiar with Linux system administration and just want to know the steps to carry out to enable access to Zoom as quickly as possible.

Find the dbhome value in the squidGuard.conf file
Check if you have a whitelist directory
Add zoom.us to your whitelist
Check that you reference the whitelist file in your squidGuard.conf
Rebuild your squidGuard database and instruct squid to pick up the changes

Find the dbhome value in the /etc/squid/squidGuard.conf file

The squidGuard.conf file on CentOS 7 is located in /etc/squid. Use grep to find the value of dbhome from the file.

# grep -i db /etc/squid/squidGuard.conf
  dbhome /var/squidGuard/blacklists

Check if you have a whitelist directory

Check if you have a whitelist directory under the dbhome. A simple ls -l command will do.

# ll /var/squidGuard/blacklists/whitelist/
-rw-r--r--. 1 squid squid   15 Jan  2  2014 domains
-rw-r--r--. 1 squid squid 8192 Sep  6  2019 domains.db

If you see the error “ls: cannot access /var/squidGuard/blacklists/whitelist/: No such file or directory” then you need to create the folder and create an empty file: domains

Add zoom.us to your whitelist

Edit the file /var/squidGuard/blacklists/whitelist/domains and add on a single line the domain name zoom.us

Check that you reference the whitelist file in squidGuard.conf

Check that you reference the whitelist file in your squidGuard.conf which is usually located in /etc/squid/

# grep whitelist /etc/squid/squidGuard.conf
 domainlist whitelist/domains
 log whitelist.log

If you don’t see this reference in squidGuard.conf then open squidGuard.conf to edit and add a new block under DESTINATION CLASSES as follows:

# Local Whitelists
dest white {
        domainlist      whitelist/domains
        log             whitelist.log
}

Still in your squidGuard.conf scroll down to your ACL rules which are usually at the bottom of the file and ensure that you include your whitelist destination “white” in any active rules. For example:

default {
  #
  # Ensure that changes to the 'default' are also propagated to 'exceptions' blocks
  #
  pass     white !adv !alcohol !dating !drugs !gamble !hacking {etc...} all
  redirect http://c3po/index.html
}

In this example,”c3po” is the name of the proxy host running squidGuard and apache and the page at index.html simply displays a nice message saying that the site it currently blocked by the proxy and who to contact. c3po was a fictional protocol droid in the Star Wars franchise and is a fitting name for a proxy server that is the go-between for communications between an internal network and the public Internet.

Rebuild your squidGuard database and tell squid to pick up the changes

Your changes so far won’t have been picked up by squidGuard. The following commands rebuild your squidGuard database and instruct squid to pick up the changes.

# squidGuard -C all
# squid -k reconfigure

That’s all there is. I hope that this has been helpful.

Business Tech

Quick guide: configure squidGuard for Zoom