Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense + squid + squidguard block some ip's and others don't

    Scheduled Pinned Locked Moved
    General pfSense Questions
    3
    5
    4.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • pozoleroP
      pozolero Rebel Alliance
      last edited by

      Hi everyone, i have this issue:

      When i fresh install pfsense + squid + squidguard non transparent, i create rules, download shallalist, asign ip by mac address, create squidguard groups, etc  everything works well, i start to block users by groups.

      But when the days passed, packages updates, create new ip users, etc, pfsense starts to load sites that have been blocked before on some users of blocked groups in squidguard.  That drives me crazy a lot!

      I don't know why pfsense is doing this, or why is doing this i would like to recover total control of blocked sites by ip again like fresh install.  Is there a way to look what's going on, or a way to fix this?

      Best regards

      ??? :-[

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Check the squid access logs, check the squidguard log if you have enabled it, double-check your squid rules to ensure you don't user user overlap in multiple ACLs.  Take a specific instance of the problem and check the details: which user accessed which site at which IP address against squid's access log and squidguard's log.  If you haven't already done so, enabled general squidguard logging as well as logging for each ACL you are concerned about.

        1 Reply Last reply Reply Quote 0
        • pozoleroP
          pozolero Rebel Alliance
          last edited by

          Thanks a lot KOM for the help, i already enabled squid and squidguard logs, i'll check them trying to find anything suspicious!

          I hope to find anything!

          Regards

          1 Reply Last reply Reply Quote 0
          • C
            chris4916
            last edited by

            This aside, there is another interesting aspect (or at least this is how this was working years ago): if Squidguard is not able to handle too many requests due to performance or settings issues, then some requests go "unfiltered"
            For sure it would not have the impact you describe, linked to IP address, if I understand well but worth to check.

            Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              if Squidguard is not able to handle too many requests due to performance or settings issues

              Strange.  squidguard has no notion of child threads or anything since it's called on-demand by squid.  If squid doesn't have enough children, then processing should slow down but not just completely ignore the calls to squidguard to process the current URL.

              Regardless, this can be addressed by increasing the number of child threads in squid's Advanced Options - Integrations:

              url_rewrite_children 16

              Bump it to a higher number if you have slow processing caused by lots of users.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post