SquidGuard and blank redirects?

xen

If you set management port other than 80 you have to edit /usr/local/pkg/squidguard_configurator.inc…

find:

define('REDIRECT_BASE_URL', 'http://127.0.0.1/sgerror.php');

and

define('REDIRECT_TRANSPARENT_BASE_URL', '/sgerror.php');

lines and change them with

define('REDIRECT_BASE_URL', 'http://127.0.0.1:XXXX/sgerror.php');
define('REDIRECT_TRANSPARENT_BASE_URL', ':XXXX/sgerror.php');

XXXX means your managament port...

that will solve your problem..

note: you have to change that port settings when you change your management port...

ciarocci

I am currently using port 80 for my management port.  Are you saying simply changing the port and changing the config file for squidguard will stop the blank redirects?  That doesn't make sense to me.  Right now the ports match, and after the modification the ports will still match.  How does that change anything?  You might have to explain it to me like I'm stupid (or ignorant would be a better word).  :-)  I'm still unclear on why the port used to manage my firewall has anything to do with the port squidguard uses.  Doesn't squidguard speak to squid which is running on port 3128?  I don't seem to have even a basic understanding on how the management port comes into play.  The only thing that seems to match is squid is capturing packets destined to port 80 outside of the LAN.

Chris

dvserg

This blank-page-bug exists - that's all what i can say.
Maybe problem with 127.0.0.1 & transparent mode of squid
On transparent mode all connections to 80 port (but not LAN-IP) redirect to 3128 port of squid, 127.0.0.1:80 too.

Now i see one way - use LAN ip as redirect address
http://LanIP/sgerror.php

Now i can't test this - up to 09/01 I have Selebrations  :-
May-be any body will test this for me?

This sources (! store you old files !)
http://diskatel.narod.ru/pfSense/packages/squidguard.inc
http://diskatel.narod.ru/pfSense/packages/squidguard_configurator.inc
In squidGuard.cfg must be used Lan IP as redirection path.

xen

when i try to manage my box over 80, i got some issues(on transparent mode)… then i change the managament port and i realise that squidguard_configurator.inc doesnt care the box's management port... that makes the sgerror.php page unreachable. first of all you have to access this file to redirect to another page. thats what im saying.

by the way , serg's new scripts are working and recognizing management port without modification. it still shows a blank page. you can make a custom error page on your server and use it as default redirection url. sgerror.php can redirect to another page.

dvserg

Test error request-pages - generated 'sgerror'
http://youPfSense/sgerror.php?url=403
http://youPfSense/sgerror.php?url=404
http://youPfSense/sgerror.php?url=410
Must showing standard browser error page on you language.

xen

i already tried that. on my pfsense, sgerror doesnt generate error pages.

dvserg

@xen:

i already tried that. on my pfsense, sgerror doesnt generate error pages.

1 - if make 'disabled' squidGuard - only with squid?
2 - or test this: http://youpfsense/sgerror.php?url=http://www.google.com

I have IE 6 for test. You have FFox?

dvserg

Firefox not parsed error code - ignored all header information :(
What different with IE?

"HTTP/1.0 404 not Found"
–------------
FireFox not have internal error pages (as IE)? Ok - i make this for F/F
Please check this:
http://diskatel.narod.ru/pfSense/packages/sgerror.php

ps On IE must continue showing 'friendly error-code IE pages'.

ciarocci

Any further news on this?  I got lost towards the end of the conversation and couldn't help any further.  Is there something I can do to help this get resolved?  I'm very interested in the filtering (in fact that is why I chose pfSense as a firewall), and need to get it working.  Thanks.

Chris

dvserg

replace /usr/local/www/sgerror.php to this
http://diskatel.narod.ru/pfSense/packages/sgerror.php
and check. I found and fix this trouble on FireFox.

ciarocci

Let me rephrase my question.  Is there anything a person who doesn't know what you're talking about can do to help out?  Basically, I have no clue how to do what you are asking.  If you could guide me on how to replace that file I certainly will give it a try.

Chris

dvserg

Chris, if you have time  - wait next update.
May-be this will 14-15 jan.
Thanks.

ciarocci

Will do.  I thought if you hadn't already confirmed the problem was fixed I could help do that.  But if you're already planning on the update because it's fixed I'll certainly wait until then.  Thanks.

Chris

flachance

dvserg,

Just to let you know, your updated sgerror.php does not work for me on Firefox or IE.  In fact, there is now nothing that gets displayed.  The browser is just forever spinning its wheels and then eventually gives the following error message:

ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://192.168.1.1/sgerror.php 

The following error was encountered: 

Connection to 192.168.1.1 Failed 
The system returned: 

    (60) Operation timed outThe remote host or network may be down. Please try the request again. 

Your cache administrator is xxx@xxx. 

--------------------------------------------------------------------------------

Generated Sat, 12 Jan 2008 16:51:54 GMT by localhost (squid/2.6.STABLE5) 

And of course, I forgot to make a backup of the file before I overwrote it with your version.

Based on the message above, I figured that since I modified my pfsense install to use port 8080 and HTTPS, SquidGuard cannot execute sgerror.php as it tries to do it over port 80.  I'd say that something has to change in the source code of SquidGuard that manages the re-direct when a banned site is hit.  The page displays if I use https://192.168.1.1:8080/sgerror.php.

Where is the source for SquidGuard if I wanted to take a look?

Thanks

dvserg

Current 'stable' source sgerror on:
http://www.pfsense.com/packages/config/squidGuard/sgerror.php
Now sources on www.pfsense.com can't work with non-80 port's pfSense
It will be in nearest update.
Anonce nearest update:

• controls from page 'Sources' will adding to 'ACL', 'Sources' removed
• changes for transparent-proxy and non-80 port support
• more options in sgerror.php: blank page; blank image (for banners); fix+additional http code pages gen (3xx, 4xx, 5xx + self message);

Sources also in /usr/local/pkg/
File squidguard_configurator.inc

dvserg

Updated squidGuard sources
!Attention!
Before reInstallation - remember you Sources page content
This page elements moved to ACL and need apply you Sources defines to this page manually (i not make conversion).
–-
What new:

• added error page generation, now you can use error code with Reasone message
  example:
  '[redirection field] 404 This page contains porn elements'
• added non-80 GUI port supporting

Please, testing it.
Best regards
Serg.

ciarocci

I uninstalled the old version and installed the new version.  Now squidguard behaves like it's not even there.  It shows as running, but none of the configuration I do to it is taking any effect on my web browsing.  While this is better than before (previously I couldn't browse at all if  squidguard was enabled), it's still not what I need.  Is there something else I need to do in my config besides just turn squidguard on?  Do I need to do something in squid?

I tried fooling around in squid and squidguard and I kept applying the settings each time I made a change.  At one point squid and squidguard would no longer start and I could no longer access the internet.  I had to uninstall both packages to get back online.  It seems the configs are not deleted when uninstalling a package because if I install it again I'm stuck with all my settings I had previously and can no longer get on the internet.  At this point I can't even install either package without cutting myself off from the world.  HELP!

Chris

dvserg

You always can disable squidGuard (disable+Save and Apply) - this deleted redirector options from squid config and stopped squidGuard. Use this way for checking how squid worked without SG.
Also check Log box on General page - read this messages for error while SG config updated (Apply).
By default SG blocked all connections, if found error in self config data.
You can delete all options on squidGuard GUI and step-by-stef make configuration once more.

ps: Bugs in sources may be too - i prepare all codes tonight :) But today i have many testing's all SG modes. Now my SG system work stable.

Thanks for help.

sullrich

Great work dvserg!  I appreciate all the hard work you have been putting into the packages recently!! :)

ciarocci

Well, I seem to have a basic config up and running, except for the following.  When a page is blocked it doesn't use the default URL Redirect.  Instead I get the following:

ERROR
The requested URL could not be retrieved

–------------------------------------------------------------------------------

While trying to retrieve the URL: https://192.168.1.1/sgerror.php?

The following error was encountered:

Connection to 192.168.1.1 Failed
The system returned:

(92) Protocol error

The remote host or network may be down. Please try the request again.

Any ideas?  The config is doing it's job, but I much rather see the default redirect URL come up instead of the error.

Chris