SquidGuard and blank redirects?
-
Great work dvserg! I appreciate all the hard work you have been putting into the packages recently!! :)
-
Well, I seem to have a basic config up and running, except for the following. When a page is blocked it doesn't use the default URL Redirect. Instead I get the following:
ERROR
The requested URL could not be retrieved–------------------------------------------------------------------------------
While trying to retrieve the URL: https://192.168.1.1/sgerror.php?
The following error was encountered:
Connection to 192.168.1.1 Failed
The system returned:(92) Protocol error
The remote host or network may be down. Please try the request again.
Any ideas? The config is doing it's job, but I much rather see the default redirect URL come up instead of the error.
Chris
-
Same result here. I uninstalled and then installed and I am getting the same error page as ciarocci right away.
As well, the log tab of SG no longer seem to be able to retrieve any logs or configuration files.
Thanks
-
Reinstall SG now - i replaced Log-page realisation. Disabled 'Blocked log' and 'squidGuard log' - because a longer time creating for big size log-files.
–-
This is sgerror.php behaviour, if called 'sgerror.php?url=code%20test%20page:
FFox - must showing generated sgerror page type as:Request denied by pfSense proxy: code code-text Reason: test page -------------------------------------------------------------------------------- --------------------------------------------------------------------------------
IE - must used self frienly-error-pages on you win-system language with selected error-code. But on some codes (for example on my IE: sgerror.php?url=401%20test) IE give generated sgerror page as FFox.
This particularity IE - replace error messages with size 512(or 1024?)Kb by self page.
I have decided to leave such behaviour IE (but if need - may be exclude this)
–-You may tested sgerror.php
http://youip/sgerror.php - about message
http://youip/sgerror.php?blank - blank page
http://youip/sgerror.php?blank_img - blank 1x1 GIF image
http://youip/sgerror.php?CODE%20Message - error page (looking above IE/FFox behaviour )If you have problem - please inform what a browser you have.
-
I am using IE6. I continue to get the error explained above. If I put in the following:
https://192.168.1.1/sgerror.php?url=http://www.google.com
I get the google home page. That is what I expected to happen.
However, if I put in http://www.google.com in the default redirector of the SG config, I get the error page. Somehow the redirector is being ignored in the config and it is just calling https://192.168.1.1/sgerror.php without the redirector on the end. I don't even get the about page as I did by simply putting https://192.168.1.1/sgerror.php in the browser.
Chris
-
Hi Chris
Can you post to my PM you squidGuard.conf?
Also can you test with WebGUI on http protocol? -
I posted my conf as requested. However, I am unable to try this on HTTP not because of any security policy, and not because I do not want to, but simply because when I make the change from HTTPS to HTTP in the SYSTEM->GENERAL page, nothing happens. I can still get to the webGUI through HTTPS and only HTTPS even though the bullet is clearly on HTTP. I originally thought my firewall crashed because I couldn't get to the HTTP webGUI, but I tried the old HTTPS just for the hell of it, and wham, there it was. Now things are getting spooky. Why would it not allow me to change the webGUI even though it is clearly changed in the config? Does Squid or SG have a hold on it somehow? I definitely changed that setting fine before installing squid and SG and did not have any trouble.
Chris
-
In the past I have had to reboot to make this change, can't say for extremely recent versions.
-
Thanks. I found and fix one problem: 'http%3A%2F%2Fwww.'
redirect https://192.168.1.1/sgerror.php?url=http%3A%2F%2Fwww.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
Reinstall new pease (ohm, difficalt new year ::) ).
-
Chris,
I was able to change my webGUI to HTTP. When I did, pfsense was smart enough to redirect to the HTTP on port 80.
dvserg,
It doesn't look like your coding of sgerror.php is complete. From the looks of it, you are adding different ways that sgerror.php can be called. I don't fully understand when or how that file would be called using the different parameters. All I know is that the only thing that I was getting displayed was the following:
url=&a=192.168.1.250&n=dlink.digitallachance.com&i=&s=default&t=porn&u=http://www.bikini.com/
Because the url parameter is blank, most of your logic was skipped. Given that the default redirect on the default tab of SG is always blank, that means that sgerror.php will never work.
I have modified sgerror.php to better suit my needs. Feel free to use/abuse ;D
http://lachance.gotomysite.com/sgerror.php
Unfortunately, this works only if you have your webGUI set to the standard port 80. As soon as I change back to HTTPS, it fails to open sgerror.php. Ultimately, I am trying to make sure that my webGUI is secure by using HTTPS on a non-standard port. If I have to stay with HTTP on port 80 in order to have the error page functionality in SquidGuard, then I will have to do without a nice error page.
Right now I get the following error when I turn HTTPS on:
ERROR
The requested URL could not be retrievedWhile trying to retrieve the URL: https://192.168.1.1/sgerror.php?
The following error was encountered:
* Connection to 192.168.1.1 Failed
The system returned:
(92) Protocol error
The remote host or network may be down. Please try the request again.
Your cache administrator is xxx@xxx.
Generated Wed, 16 Jan 2008 05:46:43 GMT by localhost (squid/2.6.STABLE5)Going directly to https://192.168.1.1/sgerror.php? displays the expected content.
Thanks for your hard work on this package dvserg!
-
Hello flachance.
I have a little comment about 'sgerror.php':
This file writed for squidGuard needs. If redirect options in config invalid or not accesible. then content passed SG in the not-dependence SG-rules. And, sgerror.php always accesible for squidGuard and handle all him's redirections.
Format sgerror.php:
Main and impotant 'sgerror.php?url=_my_url', all others included for retrieve client-info from squidGuard ('a n i s t u' - values). ANISTU used for error-page information (nothing any).
_my_url have 3 forms:- http://myself.errorpage or https://myself.errorpage - this only redirect to '//myself.errorpage'
example: 'sgerror.php?url=http://example.com&…' - errcode<space>text ('404 You cant access') - this display generated error page (or inplaced in IE error page)
example: 'sgerror.php?url=404%20You%20cant%20access&a=...' // << url encoding exists - tags 'blank' and 'blank_img' - blank page and blank img for replacing banners(i use this)
example: 'sgerror.php?url=blank&a=...' - display blank page</space>
- http://myself.errorpage or https://myself.errorpage - this only redirect to '//myself.errorpage'
-
DVSerg,
The line you gave me looks exactly like the line already in my file unless my eyes are deceiving me. How is the line different then what I already have?
flachance,
Did you have to reboot to make the change from https to http and what version of PFSense are you running?
Chris
-
You config have
redirect https://192.168.1.1/sgerror.php?url=http%3A%2F%2Fwww.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%uMust be
redirect https://192.168.1.1/sgerror.php?url=http://www.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%uBug already fixed for '%3A%2F%2F'
-
Oh, I understand. You want me to install the newest version of SG. I'll do that. Thanks.
Chris
-
Oh, I understand. You want me to install the newest version of SG. I'll do that. Thanks.
Chris
Language barrier in action :D
-
;D Yep ;D
-
No reboot required Chris.
-
hello!
I've upgraded squidguard to the latest version and i have pfsense webgui running in https mode.
Also squid is in trasparent mode.I've made a block list of domains on squidguard which works but instead of redirecting to a local web server ip it shows a error page like this:https://192.168.1.1/sgerror.php?
can anyone tell me how can i avoid this?
-
If you read this thread carefully, you'll see that is a problem that others have run into. There is something in this package that does not re-direct properly when you have your webGUID set to HTTPS. I am not aware of any work around.
dvserg, have you been able to reproduce this behavior? Do you have any idea what's going on with that? ???
Thanks!
-
I believe dvserg has fixed this issue, but I have not tried the newest version yet. It almost sounds to me like acidrop hasn't put anything in the Default Redirect section of the default tab. Have you entered in a URL in that section acidrop
Chris