23.01 Squid issue
-
That's the standard package xml. What matters is the squidguard config lines inside the main pfSense config (/cf/conf/config.xml).
The install script is choking on something there when it tries to create the required tags. Usually when we see those php errors it's because there is something missing from the config that it assumed was there or something already present that it assumed was not. The older version of php was much more forgiving. -
@stephenw10 cf/conf/config.xml
<squidguardgeneral> <config> <squidguard_enable>on</squidguard_enable> <ldap_enable></ldap_enable> <ldapbinddn></ldapbinddn> <ldapbindpass></ldapbindpass> <ldapcachetime>0</ldapcachetime> <stripntdomain></stripntdomain> <striprealm></striprealm> <ldapversion>2</ldapversion> <rewrite_children>16</rewrite_children> <rewrite_children_startup>8</rewrite_children_startup> <rewrite_children_idle>4</rewrite_children_idle> <enable_guilog>on</enable_guilog> <enable_log>on</enable_log> <log_rotation>on</log_rotation> <adv_blankimg></adv_blankimg> <blacklist>on</blacklist> <blacklist_proxy></blacklist_proxy> <blacklist_url>http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense.tar.gz</blacklist_url> </config> </squidguardgeneral> <squidguarddefault> <config> <dest>PADRAO !blk_blacklists_child !blk_blacklists_malware all</dest> <notallowingip></notallowingip> <deniedmessage></deniedmessage> <redirect_mode>rmod_int</redirect_mode> <redirect>Erro de acesso na ACL!</redirect> <safesearch>on</safesearch> <rewrite>safesearch</rewrite> <enablelog>on</enablelog> </config> </squidguarddefault> -
@hugoeyng Have you tried this yet?
Ref:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html -
@jonathanlee I did not try this because in my point of view this will not solve the root question that is: th squidGuard installation package has a bug in it.
-
@hugoeyng I understand I just keep thinking that something within your configuration is bonked up. You know how when you reinstall a package all your settings stay, if that config is bonked up it will make it appear that the package is messed up. I just keep thinking back to how my configuration was missing a section and kept doing the same thing until I found out that reverse proxy needed to be saved again, it was showing as missing, did not matter how many times I reinstalled the package it would fail until I fixed the configuration.
-
@jonathanlee said in 23.01 Squid issue:
I understand I just keep thinking that something within your configuration is bonked up. You know how when you reinstall a package all your settings stay, if that config is bonked up it will make it appear that the package is messed up. I just keep thinking back to how my configuration was missing a section and kept doing the same thing until I found out that reverse proxy needed to be saved again, it was showing as missing, did not matter how many times I reinstalled the package it would fail until I fixed the configuration.
So, how I can completly remove SquidGuard in a way to make a clean install (without old configurations)?
I already tried some instructions, but did not work. -
@hugoeyng (/cf/conf/config.xml) rename with a .old after add patches and than rename it back to .xml maybe, if not revert it back. @stephenw10 would that work?
-
@jonathanlee I am sorry, but I can not agree your suggestion. I did waht you sugested , but did not work.
Could you send a config.xml that is working with squidGuard? I will replace it in my installation. -
@hugoeyng sure I can I will have to delete my password as it shows in clear text on the config file. How can I send it to you
-
@jonathanlee you can paste here or send to my e-mail
-
@hugoeyng what is your email?
-
@jonathanlee [removed]
-
@hugoeyng security !!!
I would recommend you guys private message each other your contact emails
-
@hugoeyng I sent you a copy of my config file. I hope that helps please don't share it with anyone else. I hope that helps you secure your system and get your URL blocker working again. Use it with a dif checker to see what is bonked up. I was somewhat worried to share this as it's everything, but then I thought, what is the goal? Well, it's to help secure systems with cyber security as the end result. I am 1. just running this at my home it's not really a super secure environment, so no big deal if I share it. I hope that helps you in some way as people are generally good.
-
https://redmine.pfsense.org/issues/13984
Someone else has found a solution while researching this issue
-
This post is deleted! -
@jonathanlee It got worse
WARNING: Current pkg repository has a new PHP major
version. pfSense should be upgraded before
installing any new package. -
@jonathanlee Finally!! Everything working fine.
A few minutes ago the upgrade of Squid and squidGuard
was made available and corrected the issue we were trying to fix.Thank you, Jonathan and Stephen.
-
@hugoeyng that's great!! Now you have a really good URL filter again.
-
@hugoeyng @stephenw10 Is this of any concern I just noticed this?
Message from db5-5.3.28_9:
--
===> NOTICE:The db5 port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:https://bugs.freebsd.org/bugzilla
More information about port maintainership is available at:
https://docs.freebsd.org/en/articles/contributing/#ports-contributing
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
EOLd, potential security issues, maybe use db18 instead.
It is scheduled to be removed on or after 2022-06-30.
I have found:
Shell Output - pkg info -r db5
db5-5.3.28_9:
squidGuard-1.4_15