Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    23.01 Squid issue

    Scheduled Pinned Locked Moved Cache/Proxy
    128 Posts 8 Posters 36.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      That's the standard package xml. What matters is the squidguard config lines inside the main pfSense config (/cf/conf/config.xml).
      The install script is choking on something there when it tries to create the required tags. Usually when we see those php errors it's because there is something missing from the config that it assumed was there or something already present that it assumed was not. The older version of php was much more forgiving.

      hugoeyngH 1 Reply Last reply Reply Quote 0
      • hugoeyngH
        hugoeyng @stephenw10
        last edited by

        @stephenw10 cf/conf/config.xml

        	<squidguardgeneral>
        		<config>
        			<squidguard_enable>on</squidguard_enable>
        			<ldap_enable></ldap_enable>
        			<ldapbinddn></ldapbinddn>
        			<ldapbindpass></ldapbindpass>
        			<ldapcachetime>0</ldapcachetime>
        			<stripntdomain></stripntdomain>
        			<striprealm></striprealm>
        			<ldapversion>2</ldapversion>
        			<rewrite_children>16</rewrite_children>
        			<rewrite_children_startup>8</rewrite_children_startup>
        			<rewrite_children_idle>4</rewrite_children_idle>
        			<enable_guilog>on</enable_guilog>
        			<enable_log>on</enable_log>
        			<log_rotation>on</log_rotation>
        			<adv_blankimg></adv_blankimg>
        			<blacklist>on</blacklist>
        			<blacklist_proxy></blacklist_proxy>
        			<blacklist_url>http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense.tar.gz</blacklist_url>
        		</config>
        	</squidguardgeneral>
        	<squidguarddefault>
        		<config>
        			<dest>PADRAO !blk_blacklists_child !blk_blacklists_malware all</dest>
        			<notallowingip></notallowingip>
        			<deniedmessage></deniedmessage>
        			<redirect_mode>rmod_int</redirect_mode>
        			<redirect>Erro de acesso na ACL!</redirect>
        			<safesearch>on</safesearch>
        			<rewrite>safesearch</rewrite>
        			<enablelog>on</enablelog>
        		</config>
        	</squidguarddefault>
        
        1 Reply Last reply Reply Quote 0
        • JonathanLeeJ
          JonathanLee @hugoeyng
          last edited by

          @hugoeyng Have you tried this yet?

          0b5cf771-88c9-4bde-885d-bb4a884c62c3-image.png

          Ref:
          https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html

          Make sure to upvote

          hugoeyngH 1 Reply Last reply Reply Quote 0
          • hugoeyngH
            hugoeyng @JonathanLee
            last edited by

            @jonathanlee I did not try this because in my point of view this will not solve the root question that is: th squidGuard installation package has a bug in it.

            JonathanLeeJ 1 Reply Last reply Reply Quote 0
            • JonathanLeeJ
              JonathanLee @hugoeyng
              last edited by

              @hugoeyng I understand I just keep thinking that something within your configuration is bonked up. You know how when you reinstall a package all your settings stay, if that config is bonked up it will make it appear that the package is messed up. I just keep thinking back to how my configuration was missing a section and kept doing the same thing until I found out that reverse proxy needed to be saved again, it was showing as missing, did not matter how many times I reinstalled the package it would fail until I fixed the configuration.

              Make sure to upvote

              hugoeyngH 1 Reply Last reply Reply Quote 0
              • hugoeyngH
                hugoeyng @JonathanLee
                last edited by

                @jonathanlee said in 23.01 Squid issue:

                I understand I just keep thinking that something within your configuration is bonked up. You know how when you reinstall a package all your settings stay, if that config is bonked up it will make it appear that the package is messed up. I just keep thinking back to how my configuration was missing a section and kept doing the same thing until I found out that reverse proxy needed to be saved again, it was showing as missing, did not matter how many times I reinstalled the package it would fail until I fixed the configuration.

                So, how I can completly remove SquidGuard in a way to make a clean install (without old configurations)?
                I already tried some instructions, but did not work.

                JonathanLeeJ 1 Reply Last reply Reply Quote 0
                • JonathanLeeJ
                  JonathanLee @hugoeyng
                  last edited by

                  @hugoeyng (/cf/conf/config.xml) rename with a .old after add patches and than rename it back to .xml maybe, if not revert it back. @stephenw10 would that work?

                  Make sure to upvote

                  hugoeyngH 1 Reply Last reply Reply Quote 1
                  • hugoeyngH
                    hugoeyng @JonathanLee
                    last edited by

                    @jonathanlee I am sorry, but I can not agree your suggestion. I did waht you sugested , but did not work.
                    Could you send a config.xml that is working with squidGuard? I will replace it in my installation.

                    JonathanLeeJ 1 Reply Last reply Reply Quote 0
                    • JonathanLeeJ
                      JonathanLee @hugoeyng
                      last edited by

                      @hugoeyng sure I can I will have to delete my password as it shows in clear text on the config file. How can I send it to you

                      Make sure to upvote

                      hugoeyngH 1 Reply Last reply Reply Quote 0
                      • hugoeyngH
                        hugoeyng @JonathanLee
                        last edited by

                        @jonathanlee you can paste here or send to my e-mail

                        JonathanLeeJ 1 Reply Last reply Reply Quote 0
                        • JonathanLeeJ
                          JonathanLee @hugoeyng
                          last edited by

                          @hugoeyng what is your email?

                          Make sure to upvote

                          hugoeyngH 1 Reply Last reply Reply Quote 0
                          • hugoeyngH
                            hugoeyng @JonathanLee
                            last edited by stephenw10

                            @jonathanlee [removed]

                            M JonathanLeeJ 3 Replies Last reply Reply Quote 0
                            • M
                              michmoor LAYER 8 Rebel Alliance @hugoeyng
                              last edited by

                              @hugoeyng security !!!
                              I would recommend you guys private message each other your contact emails 😀

                              Firewall: NetGate,Palo Alto-VM,Juniper SRX
                              Routing: Juniper, Arista, Cisco
                              Switching: Juniper, Arista, Cisco
                              Wireless: Unifi, Aruba IAP
                              JNCIP,CCNP Enterprise

                              1 Reply Last reply Reply Quote 0
                              • JonathanLeeJ
                                JonathanLee @hugoeyng
                                last edited by JonathanLee

                                @hugoeyng I sent you a copy of my config file. I hope that helps please don't share it with anyone else. I hope that helps you secure your system and get your URL blocker working again. Use it with a dif checker to see what is bonked up. I was somewhat worried to share this as it's everything, but then I thought, what is the goal? Well, it's to help secure systems with cyber security as the end result. I am 1. just running this at my home it's not really a super secure environment, so no big deal if I share it. I hope that helps you in some way as people are generally good.

                                Make sure to upvote

                                1 Reply Last reply Reply Quote 1
                                • JonathanLeeJ
                                  JonathanLee @hugoeyng
                                  last edited by

                                  @hugoeyng

                                  https://redmine.pfsense.org/issues/13984

                                  Someone else has found a solution while researching this issue

                                  Make sure to upvote

                                  hugoeyngH 3 Replies Last reply Reply Quote 1
                                  • hugoeyngH
                                    hugoeyng @JonathanLee
                                    last edited by

                                    This post is deleted!
                                    1 Reply Last reply Reply Quote 0
                                    • hugoeyngH
                                      hugoeyng @JonathanLee
                                      last edited by

                                      @jonathanlee It got worse

                                      WARNING: Current pkg repository has a new PHP major
                                      version. pfSense should be upgraded before
                                      installing any new package.

                                      1 Reply Last reply Reply Quote 0
                                      • hugoeyngH
                                        hugoeyng @JonathanLee
                                        last edited by

                                        @jonathanlee Finally!! Everything working fine.

                                        A few minutes ago the upgrade of Squid and squidGuard
                                        was made available and corrected the issue we were trying to fix.

                                        Thank you, Jonathan and Stephen.

                                        JonathanLeeJ 1 Reply Last reply Reply Quote 2
                                        • JonathanLeeJ
                                          JonathanLee @hugoeyng
                                          last edited by

                                          @hugoeyng that's great!! Now you have a really good URL filter again.

                                          Make sure to upvote

                                          1 Reply Last reply Reply Quote 1
                                          • JonathanLeeJ
                                            JonathanLee @hugoeyng
                                            last edited by

                                            @hugoeyng @stephenw10 Is this of any concern I just noticed this?

                                            Message from db5-5.3.28_9:

                                            --
                                            ===> NOTICE:

                                            The db5 port currently does not have a maintainer. As a result, it is
                                            more likely to have unresolved issues, not be up-to-date, or even be removed in
                                            the future. To volunteer to maintain this port, please create an issue at:

                                            https://bugs.freebsd.org/bugzilla

                                            More information about port maintainership is available at:

                                            https://docs.freebsd.org/en/articles/contributing/#ports-contributing

                                            --

                                            ===> NOTICE:

                                            This port is deprecated; you may wish to reconsider installing it:

                                            EOLd, potential security issues, maybe use db18 instead.

                                            It is scheduled to be removed on or after 2022-06-30.

                                            I have found:

                                            Shell Output - pkg info -r db5
                                            db5-5.3.28_9:
                                            squidGuard-1.4_15

                                            Make sure to upvote

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.