SquidGuard and blank redirects?
-
In the past I have had to reboot to make this change, can't say for extremely recent versions.
-
Thanks. I found and fix one problem: 'http%3A%2F%2Fwww.'
redirect https://192.168.1.1/sgerror.php?url=http%3A%2F%2Fwww.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%uReinstall new pease (ohm, difficalt new year ::) ).
-
Chris,
I was able to change my webGUI to HTTP. When I did, pfsense was smart enough to redirect to the HTTP on port 80.
dvserg,
It doesn't look like your coding of sgerror.php is complete. From the looks of it, you are adding different ways that sgerror.php can be called. I don't fully understand when or how that file would be called using the different parameters. All I know is that the only thing that I was getting displayed was the following:
url=&a=192.168.1.250&n=dlink.digitallachance.com&i=&s=default&t=porn&u=http://www.bikini.com/
Because the url parameter is blank, most of your logic was skipped. Given that the default redirect on the default tab of SG is always blank, that means that sgerror.php will never work.
I have modified sgerror.php to better suit my needs. Feel free to use/abuse ;D
http://lachance.gotomysite.com/sgerror.php
Unfortunately, this works only if you have your webGUI set to the standard port 80. As soon as I change back to HTTPS, it fails to open sgerror.php. Ultimately, I am trying to make sure that my webGUI is secure by using HTTPS on a non-standard port. If I have to stay with HTTP on port 80 in order to have the error page functionality in SquidGuard, then I will have to do without a nice error page.
Right now I get the following error when I turn HTTPS on:
ERROR
The requested URL could not be retrievedWhile trying to retrieve the URL: https://192.168.1.1/sgerror.php?
The following error was encountered:
* Connection to 192.168.1.1 Failed
The system returned:
(92) Protocol error
The remote host or network may be down. Please try the request again.
Your cache administrator is xxx@xxx.
Generated Wed, 16 Jan 2008 05:46:43 GMT by localhost (squid/2.6.STABLE5)Going directly to https://192.168.1.1/sgerror.php? displays the expected content.
Thanks for your hard work on this package dvserg!
-
Hello flachance.
I have a little comment about 'sgerror.php':
This file writed for squidGuard needs. If redirect options in config invalid or not accesible. then content passed SG in the not-dependence SG-rules. And, sgerror.php always accesible for squidGuard and handle all him's redirections.
Format sgerror.php:
Main and impotant 'sgerror.php?url=_my_url', all others included for retrieve client-info from squidGuard ('a n i s t u' - values). ANISTU used for error-page information (nothing any).
_my_url have 3 forms:- http://myself.errorpage or https://myself.errorpage - this only redirect to '//myself.errorpage'
example: 'sgerror.php?url=http://example.com&…' - errcode<space>text ('404 You cant access') - this display generated error page (or inplaced in IE error page)
example: 'sgerror.php?url=404%20You%20cant%20access&a=...' // << url encoding exists - tags 'blank' and 'blank_img' - blank page and blank img for replacing banners(i use this)
example: 'sgerror.php?url=blank&a=...' - display blank page</space>
- http://myself.errorpage or https://myself.errorpage - this only redirect to '//myself.errorpage'
-
DVSerg,
The line you gave me looks exactly like the line already in my file unless my eyes are deceiving me. How is the line different then what I already have?
flachance,
Did you have to reboot to make the change from https to http and what version of PFSense are you running?
Chris
-
You config have
redirect https://192.168.1.1/sgerror.php?url=http%3A%2F%2Fwww.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%uMust be
redirect https://192.168.1.1/sgerror.php?url=http://www.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%uBug already fixed for '%3A%2F%2F'
-
Oh, I understand. You want me to install the newest version of SG. I'll do that. Thanks.
Chris
-
Oh, I understand. You want me to install the newest version of SG. I'll do that. Thanks.
Chris
Language barrier in action :D
-
;D Yep ;D
-
No reboot required Chris.
-
hello!
I've upgraded squidguard to the latest version and i have pfsense webgui running in https mode.
Also squid is in trasparent mode.I've made a block list of domains on squidguard which works but instead of redirecting to a local web server ip it shows a error page like this:https://192.168.1.1/sgerror.php?
can anyone tell me how can i avoid this?
-
If you read this thread carefully, you'll see that is a problem that others have run into. There is something in this package that does not re-direct properly when you have your webGUID set to HTTPS. I am not aware of any work around.
dvserg, have you been able to reproduce this behavior? Do you have any idea what's going on with that? ???
Thanks!
-
I believe dvserg has fixed this issue, but I have not tried the newest version yet. It almost sounds to me like acidrop hasn't put anything in the Default Redirect section of the default tab. Have you entered in a URL in that section acidrop
Chris
-
hello ciarocci!
first of all i've read all articles but i didn't fully understood what's going on.. :)
secondly yes i've put in default redirect an url (a local web server address which points to a page that says: "this page is blocked by your admin") but instead of this appears the error that i told you before… -
acidrop, try putting your pfSense webGUI back on http and see what happens. You may have to apply changes again in SquidGuard after you do that. There might still be a problem with this working in HTTPS? DVSerg? I myself am unable to change my webGUI to port 80 because it just won't change no matter how many times I apply the change, but that is another issue and others have said they have no problem doing that. Give that a try and report back.
Chris
-
hi
I tried that and if i put webgui at port 80 everything works ok.Just on https is the problem….
Also i have another issue which isn't something new...when i restart pfsense squidguard service doesn't start
automatically although it's enabled..i have to press apply again to make it work -
Hi all
Still, the problem remains with HTTPS?
Please say - this problem bof modes: on transparent and on non-transparent?
–-
To acidrop - yes, this bug exists and i know about.PS thanks all for replaying. :)
-
hi dvserg !
I've checked it on both transparent and non transparent mode and the problem is the same.
-
Confirmed. On HTTPS the errors still persist.
-
Same problem for me :(