Hi,

here i have a similar problem.

I have squidguard and squid3 running 2.3.2.

1. i added a domain in squid3 to ACL whitelist
2. i added the the limit target in squidguard, which is allowed in the commonACL.

But the request is always answered with the redirect info page, showing it's denied by the second target.

Any ideas?
stegbth

@mrhub:

Hello.
I beleive that in SARG you could click a domain and se all the urls, is that possible to do with lightsquid?
Right now it shows only the topdomain, but I need to see the specific pages that has been visited, and if I check the access log from squid it is there…

Any update on this? I also need full URLs. (:

Not sure about squid.. maybe it can..
As for haproxy it can decrypt the traffic and use an acl on the url path. and then forward the traffic unencrypted to the desired backend servers. The big question with that always is will the webapplications properly handle the traffic without sending a https redirect, or including absolute links pointing to a http://my-domain.com/image.jpg or javascripts or other page links.. Haproxy will not rewrite the 'body' of a webserver response. It can modify headers, but that doesnt always make the webapp work.

I have no experience with subsonic nor calibre so can tell anything specific to those environment.. For wordpress for example there are some 'manuals' online that tell how to configure it when hosting it behind a reverse proxy.

Is there any traffic in access.log from any of these ghost users?  No log data usually means they either aren't using the proxy or aren't using the web.

I've never used captive portal so I can't help you there.

any suggestion where the problem !!!!!

Hello

same problem here.

2016/10/31 21:40:33| Processing: acl allowed_subnets src 172.28.1.0/24 172.28.2.0/24 172.28.3.0/24 172.28.4.0/24 172.28.5.0/24 172.28.6.0/24 172.28.7.0/24 172.28.8.0/24 172.28.9.0/24 172.28.10.0/24 172.28.12.0/24 172.28.13.0/24 172.28.14.0/24 172.28.15.0/24 172.28.16.0/24 172.28.17.0/24 172.28.18.0/24 172.28.19.0/24 172.28.20.0/24 172.28.21.0/24 172.28.22.0/24 172.28.23.0/24 172.28.24.0/24 172.28.25.0/24 172.28.26.0/24 172.28.27.0/24 172.28.28.0/24 172.28.29.0/24 172.28.30.0/24 172.28.31.0/24 172.28.32.0/24 172.28.33.0/24 172.28.34.0/24 172.28.35.0/24 172.28.36.0/24 172.28.37.0/24 172.28.38.0/24 172.28.39.0/24 172.28.40.0/24 172.28.41.0/24 172.28.42.0/24 172.28.43.0/24 172.28.44.0/24 172.28.45.0/24 172.28.46.0/24 172.28.47.0/24 172.28.48.0/24 172.28.49.0/24 172.28.50.0/24 172.28.51.0/24 172.28.52.0/24 172.28.53.0/24 172.28.54.0/24 172.28.55.0/24 172.28.56.0/24 172.28.57.0/24 172.28.58.0/24 172.28.59.0/24 172.28.60.0/24 172.28.61.0/24 172.28.62.0/24 172.28.63.0/24 172.28.64.0/24 172.28.65.0/24 172.28.66.0/24 172.28.67.0/24 172.28.68.0/24 172
2016/10/31 21:40:33| Processing: .28.69.0/24
2016/10/31 21:40:33| /usr/local/etc/squid/squid.conf:73 unrecognized: '.28.69.0/24'

I requiere this to exclude 172.28.11.0/24, for me is no use to 172.28.0.0/16

Any suggerest??

I wonder if you don't mix-up "captive portal authentication sent to proxy" and "squid support for radius based authentication". Its no clear to me what you really want to achieve.

Why don't you, for testing purpose and if possible, stop using captive portal and focus on "Squid + radius" authentication?
For this, Squid wiki will still help.
Once this works, you can go back to the initial config stacking Captive portal and Squid.

This aside, I've to admit that I don't really understand what's the added value of having stack of authenticated captive portal plus authenticated HTTP proxy.
What would the first one bring to the other? Is there something I miss here ?

From the GUI.  Look under Services for Squid Proxy Server.

@securityconscious:

Also, save same as three separate files.
wpad.dat
wpad.da
proxy.pac

May I suggest not to save this as 3 different files but to save one single file and create symbolic links: doing so, when you modify your file, you modify it only once and you ensure everything is consistent  :P

@bellera:

Did you disable the IPv6 support?

squid3-devel needs IPv6 support activated. I doesn't matter if you use IPv6 or not.

Hello

I ran into this issue today. Disabled IPV6 support in Advanced -> Networking and squid3-dev + squidgard stopped filtering traffic (no internet on clients).

I have since re-enabled the option but it still does not work. Will restart the machine when possible.

any thoughts on why its still not working after re-enablind the option?

thanks

@killmasta93:

True true, but some sites dont really play nice with MITM, i haven had a few issues with some times using WPAD i cant even imagine the headache with MITM

MITM and WPAD are definitely different stories.
You may have one or the other or both or none  ;D

Issues with WPAD depending on site? I can't imagine what kind of issue, even thinking about fairly complex proxy.pac (because issue would be proxy.pac rather than WPAD if any)

This said, MITM…. well  :-X  for sure if content filter or antivirus at proxy level is mandatory, it does help but I won't comment further  :-X :-X :-\

Hi, i have the same problem did you fixed it

You mean like those new Chromebook R11s with the Playstore?

I have contacted them

If anyone is having the same issue you can fix it by opening sigwhitelist.ign2 in /var/db/clamav and adding Sanesecurity.Foxhole.Zip_SFN1 line into sigwhitelist.ign2. Don't forget to save.

I don't know why but specific url/domain whitelisting does not appear to work through clamav.conf in advanced conf

Remove all packages, then upgrade to pfSense 2.3, then reinstall squid. Packages are not being maintained or fixed on 2.2.x.