Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    23.01 Squid issue

    Scheduled Pinned Locked Moved Cache/Proxy
    128 Posts 8 Posters 36.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hugoeyngH
      hugoeyng @stephenw10
      last edited by

      @stephenw10 said in 23.01 Squid issue:

      The package install script is hitting some php error and failing before it has added the require menu and service items into the main pfSense config.
      Usually when I've seen that it's because the system has been upgraded and the php versions mismatch. But as I understand it that shouldn't be the case here?

      I tried to manually insert the SquidGuard in the Menu Options.

      First I made a backup of the current installed pfSense .

      Then, I took a old backup XML file where the SquidGuard was present in the menu, copied the lines that referred toSG to the recent XML and then I restored it.

      Did not work. Raised an error and I did not try again.

      I love pfSense!

      Hugo Eyng
      Datamais Sistemas

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        If you remove your squidguard config from the config file and then try to reinstall squidguard does it succeed?

        hugoeyngH 1 Reply Last reply Reply Quote 0
        • hugoeyngH
          hugoeyng @stephenw10
          last edited by

          @stephenw10 No. It doesn´t.

          I love pfSense!

          Hugo Eyng
          Datamais Sistemas

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Hmm, so it throws those same errors even with no squidguard config present?

            And that's after uninstalling and reinstalling the pkg?

            hugoeyngH 1 Reply Last reply Reply Quote 0
            • hugoeyngH
              hugoeyng @stephenw10
              last edited by

              @stephenw10 Yes. A clean installation of squidGuard will fail showing the same errors.

              I love pfSense!

              Hugo Eyng
              Datamais Sistemas

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Is that with those patches applied still?

                I can't replicate this. It installs fine in 23.01 on a test box here:

                >>> Installing pfSense-pkg-squidGuard... 
                Updating pfSense-core repository catalogue...
                pfSense-core repository is up to date.
                Updating pfSense repository catalogue...
                pfSense repository is up to date.
                All repositories are up to date.
                The following 16 package(s) will be affected (of 0 checked):
                
                New packages to be INSTALLED:
                	arc: 5.21p [pfSense]
                	arj: 3.10.22_9 [pfSense]
                	brotli: 1.0.9,1 [pfSense]
                	c-icap: 0.5.10,2 [pfSense]
                	c-icap-modules: 0.5.5 [pfSense]
                	clamav: 0.105.1_1,1 [pfSense]
                	db5: 5.3.28_8 [pfSense]
                	krb5: 1.20 [pfSense]
                	libmspack: 0.10.1 [pfSense]
                	pfSense-pkg-squid: 0.4.45_10 [pfSense]
                	pfSense-pkg-squidGuard: 1.16.18_20 [pfSense]
                	squid: 5.7 [pfSense]
                	squidGuard: 1.4_15 [pfSense]
                	squid_radius_auth: 1.10 [pfSense]
                	squidclamav: 7.2 [pfSense]
                	unzoo: 4.4_2 [pfSense]
                
                Number of packages to be installed: 16
                
                The process will require 47 MiB more space.
                10 MiB to be downloaded.
                [1/16] Fetching libmspack-0.10.1.pkg: .......... done
                [2/16] Fetching pfSense-pkg-squidGuard-1.16.18_20.pkg: ...... done
                [3/16] Fetching krb5-1.20.pkg: .......... done
                [4/16] Fetching db5-5.3.28_8.pkg: .......... done
                [5/16] Fetching squidGuard-1.4_15.pkg: ...... done
                [6/16] Fetching squidclamav-7.2.pkg: .......... done
                [7/16] Fetching clamav-0.105.1_1,1.pkg: .......... done
                [8/16] Fetching arj-3.10.22_9.pkg: .......... done
                [9/16] Fetching arc-5.21p.pkg: ..... done
                [10/16] Fetching c-icap-0.5.10,2.pkg: .......... done
                [11/16] Fetching brotli-1.0.9,1.pkg: .......... done
                [12/16] Fetching squid_radius_auth-1.10.pkg: .. done
                [13/16] Fetching c-icap-modules-0.5.5.pkg: .......... done
                [14/16] Fetching pfSense-pkg-squid-0.4.45_10.pkg: ......... done
                [15/16] Fetching squid-5.7.pkg: .......... done
                [16/16] Fetching unzoo-4.4_2.pkg: ... done
                Checking integrity... done (0 conflicting)
                [1/16] Installing libmspack-0.10.1...
                [1/16] Extracting libmspack-0.10.1: ......... done
                [2/16] Installing arj-3.10.22_9...
                [2/16] Extracting arj-3.10.22_9: .......... done
                [3/16] Installing arc-5.21p...
                [3/16] Extracting arc-5.21p: ...... done
                [4/16] Installing brotli-1.0.9,1...
                [4/16] Extracting brotli-1.0.9,1: .......... done
                [5/16] Installing unzoo-4.4_2...
                [5/16] Extracting unzoo-4.4_2: ..... done
                [6/16] Installing krb5-1.20...
                [6/16] Extracting krb5-1.20: .......... done
                [7/16] Installing clamav-0.105.1_1,1...
                ===> Creating groups.
                Creating group 'clamav' with gid '106'.
                Using existing group 'mail'.
                ===> Creating users
                Creating user 'clamav' with uid '106'.
                Adding user 'clamav' to group 'mail'.
                [7/16] Extracting clamav-0.105.1_1,1: .......... done
                [8/16] Installing c-icap-0.5.10,2...
                ===> Creating groups.
                Creating group 'c_icap' with gid '959'.
                ===> Creating users
                Creating user 'c_icap' with uid '959'.
                [8/16] Extracting c-icap-0.5.10,2: .......... done
                [9/16] Installing db5-5.3.28_8...
                [9/16] Extracting db5-5.3.28_8: .......... done
                [10/16] Installing squidclamav-7.2...
                [10/16] Extracting squidclamav-7.2: .......... done
                [11/16] Installing squid_radius_auth-1.10...
                [11/16] Extracting squid_radius_auth-1.10: .... done
                [12/16] Installing c-icap-modules-0.5.5...
                [12/16] Extracting c-icap-modules-0.5.5: .......... done
                [13/16] Installing squid-5.7...
                ===> Creating groups.
                Creating group 'squid' with gid '100'.
                ===> Creating users
                Creating user 'squid' with uid '100'.
                ===> Creating homedir(s)
                ===> Pre-installation configuration for squid-5.7
                [13/16] Extracting squid-5.7: .......... done
                [14/16] Installing squidGuard-1.4_15...
                [14/16] Extracting squidGuard-1.4_15: ...... done
                [15/16] Installing pfSense-pkg-squid-0.4.45_10...
                [15/16] Extracting pfSense-pkg-squid-0.4.45_10: .......... done
                Saving updated package information...
                done.
                Loading package configuration... done.
                Configuring package components...
                Loading package instructions...
                Custom commands...
                Executing custom_php_install_command()...done.
                Executing custom_php_resync_config_command()...done.
                Menu items... done.
                Services... done.
                Writing configuration... done.
                [16/16] Installing pfSense-pkg-squidGuard-1.16.18_20...
                [16/16] Extracting pfSense-pkg-squidGuard-1.16.18_20: .......... done
                Saving updated package information...
                done.
                Loading package configuration... done.
                Configuring package components...
                Loading package instructions...
                Custom commands...
                Executing custom_php_install_command()...done.
                Executing custom_php_resync_config_command()...done.
                Menu items... done.
                Services... done.
                Writing configuration... done.
                Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html for details.=====
                Message from db5-5.3.28_8:
                
                --
                ===>   NOTICE:
                
                The db5 port currently does not have a maintainer. As a result, it is
                more likely to have unresolved issues, not be up-to-date, or even be removed in
                the future. To volunteer to maintain this port, please create an issue at:
                
                https://bugs.freebsd.org/bugzilla
                
                More information about port maintainership is available at:
                
                https://docs.freebsd.org/en/articles/contributing/#ports-contributing
                --
                ===>   NOTICE:
                
                This port is deprecated; you may wish to reconsider installing it:
                
                EOLd, potential security issues, maybe use db18 instead.
                
                It is scheduled to be removed on or after 2022-06-30.
                =====
                Message from squid_radius_auth-1.10:
                
                --
                ===>   NOTICE:
                
                The squid_radius_auth port currently does not have a maintainer. As a result, it is
                more likely to have unresolved issues, not be up-to-date, or even be removed in
                the future. To volunteer to maintain this port, please create an issue at:
                
                https://bugs.freebsd.org/bugzilla
                
                More information about port maintainership is available at:
                
                https://docs.freebsd.org/en/articles/contributing/#ports-contributing
                =====
                Message from squid-5.7:
                
                --
                o You can find the configuration files for this package in the
                       directory /usr/local/etc/squid.
                
                     o The default cache directory is /var/squid/cache/.
                       The default log directory is /var/log/squid/.
                
                       Note:
                       You must initialize new cache directories before you can start
                       squid.  Do this by running "squid -z" as 'root' or 'squid'.
                       If your cache directories are already initialized (e.g. after an
                       upgrade of squid) you do not need to initialize them again.
                
                     o When using DiskD storage scheme remember to read documentation:
                         http://wiki.squid-cache.org/Features/DiskDaemon
                       and alter your kern.ipc defaults in /boot/loader.conf. DiskD will not
                       work reliably without this. Last recomendations were:
                
                         kern.ipc.msgmnb=8192
                         kern.ipc.msgssz=64
                         kern.ipc.msgtql=2048
                
                     o The default configuration will deny everyone but the local host and
                       local networks as defined in RFC 1918 for IPv4 and RFCs 4193 and
                       4291 for IPv6 access to the proxy service.  Edit the "http_access
                       allow/deny" directives in /usr/local/etc/squid/squid.conf
                       to suit your needs.
                
                     o If AUTH_SQL option is set, please, don't forget to install one of
                       following perl modules depending on database you like:
                         databases/p5-DBD-mysql
                         databases/p5-DBD-Pg
                         databases/p5-DBD-SQLite
                
                     To enable Squid, set squid_enable=yes in either
                     /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
                     Please see /usr/local/etc/rc.d/squid for further details.
                
                     Note:
                     If you just updated your Squid installation from an earlier version,
                     make sure to check your Squid configuration against the 3.4 default
                     configuration file /usr/local/etc/squid/squid.conf.sample.
                
                     /usr/local/etc/squid/squid.conf.documented is a fully annotated
                     configuration file you can consult for further reference.
                
                     Additionally, you should check your configuration by calling
                     'squid -f /path/to/squid.conf -k parse' before starting Squid.
                =====
                Message from squidGuard-1.4_15:
                
                --
                In order to activate squidGuard you have to edit squid.conf
                 To the contain "url_rewrite_program /usr/local/bin/squidGuard"
                 and create a configuration file for squidGuard.
                
                 Sample blacklists have been installed in /usr/local/share/examples/squidGuard.
                
                 A sample configuration file has beeen installed in
                 /usr/local/etc/squid/squidGuard.conf.sample.
                
                 You need to edit the configuration and compile the blacklist
                 you choose to use with:
                 squidGuard -d -C all
                
                 Please bear in mind that this is just a sample configuration file
                 and for any real world usage you need to download or create your
                 own updated blacklists and create your own configuration file.
                
                 Check documentation here:
                
                 http://www.squidguard.org/Doc/
                
                 To activate the changes do a /usr/local/sbin/squid -k reconfigure
                =====
                Message from pfSense-pkg-squid-0.4.45_10:
                
                --
                Please visit Services - Squid Proxy Server menu to configure the package and enable the proxy.
                =====
                Message from pfSense-pkg-squidGuard-1.16.18_20:
                
                --
                Please visit Services - SquidGuard Proxy Filter - Target Categories and set up at least one category there before enabling SquidGuard. See https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html for details.
                >>> Cleaning up cache... done.
                Success
                
                hugoeyngH 1 Reply Last reply Reply Quote 0
                • hugoeyngH
                  hugoeyng @stephenw10
                  last edited by

                  @stephenw10 @stephenw10 I upgraded from 22.05 to 23.01.

                  22.05 was working fine.

                  After upgrading Squid was running e squidGuard was not.

                  SquidGuard was appearing in "installed packages" but not in the menu options and neither in the services runnig, and a notification about the mentioned error started to be shown.

                  I applied the patch and the error has gone. But squidGuard did no appear in the menu options and neither in services running.

                  I removed squidGuard package and reinstalled. The error was back and squidGuard appears in the installed packages but not in the menu options and neither in services running.

                  Then I applied the patch and the error has gone, but squidGuard did not appears in the menu options and neither in the services running.

                  And so on, as many times as I can uninstall and reinstall.

                  The way I can see to solve this issue is the suidguard.conf to be corrected in the installion package.

                  The error in the squidguard.conf occurs because a ")" is not present in a line of the code.

                  I love pfSense!

                  Hugo Eyng
                  Datamais Sistemas

                  stephenw10S 1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator @hugoeyng
                    last edited by

                    @hugoeyng said in 23.01 Squid issue:

                    The error in the squidguard.conf occurs because a ")" is not present in a line of the code.

                    I'm not sure where you're seeing that. It looks like the errors you're seeing are in the squidguard pkg install script. It fails before it's able to add the menu and service items.
                    It doesn't fail on a clean install to 23.01 that never had squidguard so it pretty much has to be something in your existing config that's tripping it up. To be clear this is a bug. It should handle existing squidguard config.

                    If you remove the existing squidguard entris fromn your config file it will probably install fine.

                    What squidguard values do you have in the config? My test box basic config does not hit this:

                    		<squidguardgeneral>
                    			<config>
                    				<squidguard_enable>on</squidguard_enable>
                    				<ldap_enable></ldap_enable>
                    				<ldapbinddn></ldapbinddn>
                    				<ldapbindpass></ldapbindpass>
                    				<ldapcachetime>0</ldapcachetime>
                    				<stripntdomain></stripntdomain>
                    				<striprealm></striprealm>
                    				<ldapversion>3</ldapversion>
                    				<rewrite_children>16</rewrite_children>
                    				<rewrite_children_startup>8</rewrite_children_startup>
                    				<rewrite_children_idle>4</rewrite_children_idle>
                    				<enable_guilog>on</enable_guilog>
                    				<enable_log>on</enable_log>
                    				<log_rotation>on</log_rotation>
                    				<adv_blankimg>on</adv_blankimg>
                    				<blacklist></blacklist>
                    				<blacklist_proxy></blacklist_proxy>
                    				<blacklist_url></blacklist_url>
                    			</config>
                    		</squidguardgeneral>
                    
                    hugoeyngH 1 Reply Last reply Reply Quote 0
                    • hugoeyngH
                      hugoeyng @stephenw10
                      last edited by

                      @stephenw10 /usr/local/pkg/squidguard.xml

                      <?xml version="1.0" encoding="utf-8"?>
                      <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
                      <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
                      <packagegui>
                      <copyright>
                      <![CDATA[
                      /*

                      • squidguard.xml
                      • part of pfSense (https://www.pfsense.org)
                      • Copyright (c) 2015-2023 Rubicon Communications, LLC (Netgate)
                      • Copyright (C) 2006-2013 Sergey Dvoriancev dv_serg@mail.ru
                      • All rights reserved.
                      • Licensed under the Apache License, Version 2.0 (the "License");
                      • you may not use this file except in compliance with the License.
                      • You may obtain a copy of the License at
                      • http://www.apache.org/licenses/LICENSE-2.0
                      • Unless required by applicable law or agreed to in writing, software
                      • distributed under the License is distributed on an "AS IS" BASIS,
                      • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
                      • See the License for the specific language governing permissions and
                      • limitations under the License.
                        */
                        ]]>
                        </copyright>
                        <name>squidguardgeneral</name>
                        <title>Proxy filter SquidGuard: General settings</title>
                        <include_file>/usr/local/pkg/squidguard.inc</include_file>
                        <!-- Installation -->
                        <menu>
                        <name>SquidGuard Proxy Filter</name>
                        <tooltiptext>Modify the proxy server's filter settings</tooltiptext>
                        <section>Services</section>
                        <url>/pkg_edit.php?xml=squidguard.xml&id=0</url>
                        </menu>
                        <tabs>
                        <tab>
                        <text>General settings</text>
                        <url>/pkg_edit.php?xml=squidguard.xml&id=0</url>
                        <active/>
                        </tab>
                        <tab>
                        <text>Common ACL</text>
                        <url>/pkg_edit.php?xml=squidguard_default.xml&id=0</url>
                        </tab>
                        <tab>
                        <text>Groups ACL</text>
                        <url>/pkg.php?xml=squidguard_acl.xml</url>
                        </tab>
                        <tab>
                        <text>Target categories</text>
                        <url>/pkg.php?xml=squidguard_dest.xml</url>
                        </tab>
                        <tab>
                        <text>Times</text>
                        <url>/pkg.php?xml=squidguard_time.xml</url>
                        </tab>
                        <tab>
                        <text>Rewrites</text>
                        <url>/pkg.php?xml=squidguard_rewr.xml</url>
                        </tab>
                        <tab>
                        <text>Blacklist</text>
                        <url>/squidGuard/squidguard_blacklist.php</url>
                        </tab>
                        <tab>
                        <text>Log</text>
                        <url>/squidGuard/squidguard_log.php</url>
                        </tab>
                        <tab>
                        <text>XMLRPC Sync</text>
                        <url>/pkg_edit.php?xml=squidguard_sync.xml</url>
                        </tab>
                        </tabs>
                        <service>
                        <name>squidGuard</name>
                        <description><![CDATA[Proxy server filter Service]]></description>
                        <executable>squidGuard</executable>
                        <starts_on_sync></starts_on_sync>
                        </service>
                        <fields>
                        <field>
                        <fielddescr>Enable</fielddescr>
                        <fieldname>squidguard_enable</fieldname>
                        <description>Check this option to enable squidGuard.</description>
                        <sethelp>
                        <![CDATA[
                        <strong><span class="errmsg">Important: </span></strong>Please set up at least one category on the 'Target Categories' tab before enabling.
                        See <a href="https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html">this link for details</a>.
                        ]]>
                        </sethelp>
                        <type>checkbox</type>
                        </field>
                        <field>
                        <name>LDAP Options</name>
                        <type>listtopic</type>
                        </field>
                        <field>
                        <fielddescr>Enable LDAP Filter</fielddescr>
                        <fieldname>ldap_enable</fieldname>
                        <description><![CDATA[Enable options for setup ldap connection to create filters with ldap search]]></description>
                        <type>checkbox</type>
                        <enablefields>ldapbinddn,ldapbindpass,stripntdomain,striprealm,ldapversion</enablefields>
                        </field>
                        <field>
                        <fielddescr>LDAP DN</fielddescr>
                        <fieldname>ldapbinddn</fieldname>
                        <description><![CDATA[Configure your LDAP DN (ex: cn=Administrator,cn=Users,dc=domain)]]></description>
                        <type>input</type>
                        <size>60</size>
                        </field>
                        <field>
                        <fielddescr>LDAP DN Password</fielddescr>
                        <fieldname>ldapbindpass</fieldname>
                        <description><![CDATA[Password must be initialize with letters (Ex: Change123), valid format: [a-zA-Z/][a-zA-Z0-9/_-./:%+?=&]]]></description>
                        <type>password</type>
                        </field>
                        <field>
                        <fielddescr>LDAP Cache Time</fielddescr>
                        <fieldname>ldapcachetime</fieldname>
                        <description><![CDATA[Number of seconds to cache LDAP Results (recommended value: 300)]]></description>
                        <default_value>0</default_value>
                        <type>input</type>
                        </field>
                        <field>
                        <fielddescr>Strip NT domain name</fielddescr>
                        <fieldname>stripntdomain</fieldname>
                        <description><![CDATA[Strip NT domain name component from user names (/ or \ separated).]]></description>
                        <type>checkbox</type>
                        <default_value>on</default_value>
                        </field>
                        <field>
                        <fielddescr>Strip Kerberos Realm</fielddescr>
                        <fieldname>striprealm</fieldname>
                        <description><![CDATA[Strip Kerberos Realm component from user names (@ separated).]]></description>
                        <type>checkbox</type>
                        <default_value>on</default_value>
                        </field>
                        <field>
                        <fielddescr>LDAP Version</fielddescr>
                        <fieldname>ldapversion</fieldname>
                        <type>select</type>
                        <default_value>3</default_value>
                        <options>
                        <option>
                        <name>Version 2</name>
                        <value>2</value>
                        </option>
                        <option>
                        <name>Version 3</name>
                        <value>3</value>
                        </option>
                        </options>
                        </field>
                        <field>
                        <name>Service options</name>
                        <type>listtopic</type>
                        </field>
                        <field>
                        <fielddescr>Rewrite process children</fielddescr>
                        <fieldname>rewrite_children</fieldname>
                        <description>Maximum number of SquidGuard redirector processes that Squid may spawn. Using too few of these helper processes (a.k.a. "helpers") creates request queues. Using too many helpers wastes your system resources. (Default: 16)</description>
                        <default_value>16</default_value>
                        <type>input</type>
                        </field>
                        <field>
                        <fielddescr>Rewrite process children startup</fielddescr>
                        <fieldname>rewrite_children_startup</fieldname>
                        <description>Sets a minimum of how many SquidGuard processes are to be spawned when Squid starts or reconfigures. (Default: 8)</description>
                        <default_value>8</default_value>
                        <type>input</type>
                        </field>
                        <field>
                        <fielddescr>Rewrite process children idle</fielddescr>
                        <fieldname>rewrite_children_idle</fieldname>
                        <description>Sets a minimum of how many SquidGuard processes Squid is to try and keep available at all times. (Default: 4)</description>
                        <default_value>4</default_value>
                        <type>input</type>
                        </field>
                        <field>
                        <name>Logging options</name>
                        <type>listtopic</type>
                        </field>
                        <field>
                        <fielddescr>Enable GUI log</fielddescr>
                        <fieldname>enable_guilog</fieldname>
                        <description><![CDATA[Check this option to log the access to the Proxy Filter GUI.]]></description>
                        <type>checkbox</type>
                        </field>
                        <field>
                        <fielddescr>Enable log</fielddescr>
                        <fieldname>enable_log</fieldname>
                        <description><![CDATA[Check this option to log the proxy filter settings like blocked websites in Common ACL, Group ACL and Target Categories. This option is usually used to check the filter settings.]]></description>
                        <type>checkbox</type>
                        </field>
                        <field>
                        <fielddescr>Enable log rotation</fielddescr>
                        <fieldname>log_rotation</fieldname>
                        <description><![CDATA[Check this option to rotate the logs every day. This is recommended if you enable any kind of logging to limit file size and do not run out of disk space.]]></description>
                        <type>checkbox</type>
                        </field>
                        <field>
                        <name>Miscellaneous</name>
                        <type>listtopic</type>
                        </field>
                        <field>
                        <fielddescr>Clean Advertising</fielddescr>
                        <fieldname>adv_blankimg</fieldname>
                        <description><![CDATA[Check this option to display a blank gif image instead of the default block page. With this option the user gets a cleaner webpage.]]></description>
                        <type>checkbox</type>
                        </field>
                        <field>
                        <name>Blacklist options</name>
                        <type>listtopic</type>
                        </field>
                        <field>
                        <fielddescr>Blacklist</fielddescr>
                        <fieldname>blacklist</fieldname>
                        <description>Check this option to enable blacklist</description>
                        <type>checkbox</type>
                        <enablefields>blacklist_proxy,blacklist_url</enablefields>
                        </field>
                        <field>
                        <fielddescr>Blacklist proxy</fielddescr>
                        <fieldname>blacklist_proxy</fieldname>
                        <description>
                        <![CDATA[<br>
                        Blacklist upload proxy - enter here, or leave blank.<br>
                        Format: host:[port login:pass] . Default proxy port 1080.<br>
                        Example: '192.168.0.1:8080 user:pass'
                        ]]>
                        </description>
                        <type>input</type>
                        <size>100</size>
                        </field>
                        <field>
                        <fielddescr>Blacklist URL</fielddescr>
                        <fieldname>blacklist_url</fieldname>
                        <description>
                        <![CDATA[Enter the path to the blacklist (blacklist.tar.gz) here. You can use FTP, HTTP or LOCAL URL blacklist archive or leave blank. The LOCAL path could be your pfsense (/tmp/blacklist.tar.gz).]]>
                        </description>
                        <type>input</type>
                        <size>100</size>
                        </field>
                        </fields>
                        <custom_add_php_command/>
                        <custom_php_validation_command>
                        squidguard_validate($_POST, $input_errors);
                        </custom_php_validation_command>
                        <custom_php_command_before_form>
                        squidguard_before_form($pkg);
                        </custom_php_command_before_form>
                        <custom_php_after_form_command>
                        squidGuard_print_javascript();
                        </custom_php_after_form_command>
                        <custom_php_resync_config_command>
                        squidguard_resync();
                        </custom_php_resync_config_command>
                        <custom_php_install_command>
                        squidguard_install_command();
                        squidguard_resync();
                        </custom_php_install_command>
                        <custom_php_deinstall_command>
                        squidguard_deinstall_command();
                        </custom_php_deinstall_command>
                        </packagegui>

                      I love pfSense!

                      Hugo Eyng
                      Datamais Sistemas

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        That's the standard package xml. What matters is the squidguard config lines inside the main pfSense config (/cf/conf/config.xml).
                        The install script is choking on something there when it tries to create the required tags. Usually when we see those php errors it's because there is something missing from the config that it assumed was there or something already present that it assumed was not. The older version of php was much more forgiving.

                        hugoeyngH 1 Reply Last reply Reply Quote 0
                        • hugoeyngH
                          hugoeyng @stephenw10
                          last edited by

                          @stephenw10 cf/conf/config.xml

                          	<squidguardgeneral>
                          		<config>
                          			<squidguard_enable>on</squidguard_enable>
                          			<ldap_enable></ldap_enable>
                          			<ldapbinddn></ldapbinddn>
                          			<ldapbindpass></ldapbindpass>
                          			<ldapcachetime>0</ldapcachetime>
                          			<stripntdomain></stripntdomain>
                          			<striprealm></striprealm>
                          			<ldapversion>2</ldapversion>
                          			<rewrite_children>16</rewrite_children>
                          			<rewrite_children_startup>8</rewrite_children_startup>
                          			<rewrite_children_idle>4</rewrite_children_idle>
                          			<enable_guilog>on</enable_guilog>
                          			<enable_log>on</enable_log>
                          			<log_rotation>on</log_rotation>
                          			<adv_blankimg></adv_blankimg>
                          			<blacklist>on</blacklist>
                          			<blacklist_proxy></blacklist_proxy>
                          			<blacklist_url>http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense.tar.gz</blacklist_url>
                          		</config>
                          	</squidguardgeneral>
                          	<squidguarddefault>
                          		<config>
                          			<dest>PADRAO !blk_blacklists_child !blk_blacklists_malware all</dest>
                          			<notallowingip></notallowingip>
                          			<deniedmessage></deniedmessage>
                          			<redirect_mode>rmod_int</redirect_mode>
                          			<redirect>Erro de acesso na ACL!</redirect>
                          			<safesearch>on</safesearch>
                          			<rewrite>safesearch</rewrite>
                          			<enablelog>on</enablelog>
                          		</config>
                          	</squidguarddefault>
                          

                          I love pfSense!

                          Hugo Eyng
                          Datamais Sistemas

                          1 Reply Last reply Reply Quote 0
                          • JonathanLeeJ
                            JonathanLee @hugoeyng
                            last edited by

                            @hugoeyng Have you tried this yet?

                            0b5cf771-88c9-4bde-885d-bb4a884c62c3-image.png

                            Ref:
                            https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html

                            Make sure to upvote

                            hugoeyngH 1 Reply Last reply Reply Quote 0
                            • hugoeyngH
                              hugoeyng @JonathanLee
                              last edited by

                              @jonathanlee I did not try this because in my point of view this will not solve the root question that is: th squidGuard installation package has a bug in it.

                              I love pfSense!

                              Hugo Eyng
                              Datamais Sistemas

                              JonathanLeeJ 1 Reply Last reply Reply Quote 0
                              • JonathanLeeJ
                                JonathanLee @hugoeyng
                                last edited by

                                @hugoeyng I understand I just keep thinking that something within your configuration is bonked up. You know how when you reinstall a package all your settings stay, if that config is bonked up it will make it appear that the package is messed up. I just keep thinking back to how my configuration was missing a section and kept doing the same thing until I found out that reverse proxy needed to be saved again, it was showing as missing, did not matter how many times I reinstalled the package it would fail until I fixed the configuration.

                                Make sure to upvote

                                hugoeyngH 1 Reply Last reply Reply Quote 0
                                • hugoeyngH
                                  hugoeyng @JonathanLee
                                  last edited by

                                  @jonathanlee said in 23.01 Squid issue:

                                  I understand I just keep thinking that something within your configuration is bonked up. You know how when you reinstall a package all your settings stay, if that config is bonked up it will make it appear that the package is messed up. I just keep thinking back to how my configuration was missing a section and kept doing the same thing until I found out that reverse proxy needed to be saved again, it was showing as missing, did not matter how many times I reinstalled the package it would fail until I fixed the configuration.

                                  So, how I can completly remove SquidGuard in a way to make a clean install (without old configurations)?
                                  I already tried some instructions, but did not work.

                                  I love pfSense!

                                  Hugo Eyng
                                  Datamais Sistemas

                                  JonathanLeeJ 1 Reply Last reply Reply Quote 0
                                  • JonathanLeeJ
                                    JonathanLee @hugoeyng
                                    last edited by

                                    @hugoeyng (/cf/conf/config.xml) rename with a .old after add patches and than rename it back to .xml maybe, if not revert it back. @stephenw10 would that work?

                                    Make sure to upvote

                                    hugoeyngH 1 Reply Last reply Reply Quote 1
                                    • hugoeyngH
                                      hugoeyng @JonathanLee
                                      last edited by

                                      @jonathanlee I am sorry, but I can not agree your suggestion. I did waht you sugested , but did not work.
                                      Could you send a config.xml that is working with squidGuard? I will replace it in my installation.

                                      I love pfSense!

                                      Hugo Eyng
                                      Datamais Sistemas

                                      JonathanLeeJ 1 Reply Last reply Reply Quote 0
                                      • JonathanLeeJ
                                        JonathanLee @hugoeyng
                                        last edited by

                                        @hugoeyng sure I can I will have to delete my password as it shows in clear text on the config file. How can I send it to you

                                        Make sure to upvote

                                        hugoeyngH 1 Reply Last reply Reply Quote 0
                                        • hugoeyngH
                                          hugoeyng @JonathanLee
                                          last edited by

                                          @jonathanlee you can paste here or send to my e-mail

                                          I love pfSense!

                                          Hugo Eyng
                                          Datamais Sistemas

                                          JonathanLeeJ 1 Reply Last reply Reply Quote 0
                                          • JonathanLeeJ
                                            JonathanLee @hugoeyng
                                            last edited by

                                            @hugoeyng what is your email?

                                            Make sure to upvote

                                            hugoeyngH 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.