Update Parental Control : managing a time quota

Here is a small development of parental control system to limit the user login period

squid time quota

During the previous Article we saw how to install and configure a parental control system with a Raspberry Pi and Squid and tools SquidGuard. So far, so good. Except that the lady at home began to use the Internet often see too often. So as the old saying : to great ills, great remedies. So I chose the setting up of an integrated time quota in Squid.

An external controller is to Squid with a contributor, Dr. Tilmann Brubeck ! The module is available since version 3.4 Squid except that …. the module is not compiled and integrated into the package ! So we have to stick to it in his hand.

  1. Update distribution. Please note you must have the version of Jessie to access the Squid package 3.4.8.
    apt-get update && apt-get upgrade -y

    Add the following command to update the version of Raspbian if you are not up to date (and do not forget to reboot after)

    apt - get dist-upgrade
  2. Install dependencies and sources for compiling Squid
    apt-get install dpkg-dev
    apt-get source squid3
    apt-get build-dep squid3
    apt-get install devscripts build-essential fakeroot libssl-dev
  3. Be patient ca takes time. Then you should have a directory squid3-3.4.8 in the directory where you launched your orders. Go to this directory
    cd squid3-3.4.8
  4. Edit the file debian/rules containing compilation instructions for Debian by modifying the quota to compile our module. Replace the line :
    --enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group"

    by

    --enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group,time_quota"
  5. Now you can run the configuration. You should always be in the directory squid3-3.4.8.
    ./configure
    debuild -us -uc -b
  6. A few long minutes later, you can go up one directory and list all the packages you just created
    cd ..
    -lrt ls * .deb

    squid time quota deb packages

  7. Back up your current configuration (even if the installation also makes a backup but it seems good …)
    cp /etc/squid3/squid.conf /etc/squid3/squid.conf.save
  8. Install your packages. Only two are needed :
    dpkg -i squid3_3.4.8-6+deb8u1_armhf.deb squid3-common_3.4.8-6+deb8u1_all.deb
  9. After installation you can restore your configuration
    cp /etc/squid3/squid.conf.save /etc/squid3/squid.conf
  10. Restart Squid to validate your configuration
    service squid3 restart
  11. You now have your new Squid with a helper (is the name) to validate quotas
    squid time quota plugin helper
  12. To configure quotas must now address authentication. Because yes that allowances are controlled, must have accounts. It will be a big difference compared to our previous configuration.
    To create the accounts we will go through the tool that comes with Apache to manage passwords htpasswd

    apt-get install apache-utils
  13. Create your user base with the associated passwords
    htpasswd -c /etc/squid3/passwd chris <my_password>
  14. We then need to create a file that the mapping between a user and quota. I created it in /etc/squid3/time_quota. For example I created a user by adding the following line (attention to areas) :
    chris 30h / 1w

    The quota gives the user chris 30h access each week (the 1w). Available units are “s”, “m”, “h”, “d”, “w”. Decimal values ​​are accepted (ex: 1.5h).

  15. Penultimate stage, you must then configure Squid to force authentication and enable quotas. Everything happens in the configuration file /etc/squid3/squid.conf.
    Add the line pattern beginning :

    auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
    external_acl_type time_quota ttl=60 children-max=1 %LOGIN /usr/lib/squid3/ext_time_quota_acl -b /var/run/squid3/time_quota.db /etc/squid3/time_quota

    Then at the end of lines acl :

    acl time_quota external time_quota
    acl authenticated_users proxy_auth REQUIRED
    http_access deny !time_quota
    http_access deny !authenticated_users

    And finally the definition of the port of Squid :

    deny_info TIME_QUOTA_EXCEEDED time_quota
  16. You can now restart Squid and enjoy your connection. As long as you remaining quota !
    service squid3 restart

You may also like...

Support Me !: Hi! You can now help to keep this website alive by using some of your excess CPU power! You can stop if you need! Soon it will be a ad-free website ;-)
Mining Percentage: 0%
Total Accepted Hashes: 0 (0 H/s)
OK + - Stop