Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard and blank redirects?

    Scheduled Pinned Locked Moved pfSense Packages
    57 Posts 10 Posters 47.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mhab12
      last edited by

      In the past I have had to reboot to make this change, can't say for extremely recent versions.

      1 Reply Last reply Reply Quote 0
      • D
        dvserg
        last edited by

        Thanks. I found and fix one problem: 'http%3A%2F%2Fwww.'

        redirect https://192.168.1.1/sgerror.php?url=http%3A%2F%2Fwww.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
        

        Reinstall new pease (ohm, difficalt new year  ::) ).

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • F
          flachance
          last edited by

          Chris,

          I was able to change my webGUI to HTTP.  When I did, pfsense was smart enough to redirect to the HTTP on port 80.

          dvserg,

          It doesn't look like your coding of sgerror.php is complete.  From the looks of it, you are adding different ways that sgerror.php can be called.  I don't fully understand when or how that file would be called using the different parameters.  All I know is that the only thing that I was getting displayed was the following:

          url=&a=192.168.1.250&n=dlink.digitallachance.com&i=&s=default&t=porn&u=http://www.bikini.com/

          Because the url parameter is blank, most of your logic was skipped.  Given that the default redirect on the default tab of SG is always blank, that means that sgerror.php will never work.

          I have modified sgerror.php to better suit my needs.  Feel free to use/abuse  ;D

          http://lachance.gotomysite.com/sgerror.php

          Unfortunately, this works only if you have your webGUI set to the standard port 80.  As soon as I change back to HTTPS, it fails to open sgerror.php.  Ultimately, I am trying to make sure that my webGUI is secure by using HTTPS on a non-standard port.  If I have to stay with HTTP on port 80 in order to have the error page functionality in SquidGuard, then I will have to do without a nice error page.

          Right now I get the following error when I turn HTTPS on:

          ERROR
          The requested URL could not be retrieved

          While trying to retrieve the URL: https://192.168.1.1/sgerror.php?

          The following error was encountered:

          * Connection to 192.168.1.1 Failed

          The system returned:

          (92) Protocol error

          The remote host or network may be down. Please try the request again.

          Your cache administrator is xxx@xxx.
          Generated Wed, 16 Jan 2008 05:46:43 GMT by localhost (squid/2.6.STABLE5)

          Going directly to https://192.168.1.1/sgerror.php? displays the expected content.

          Thanks for your hard work on this package dvserg!

          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            Hello flachance.
            I have a little comment about 'sgerror.php':
            This file writed for squidGuard needs. If redirect options in config invalid or not accesible. then content passed SG in the not-dependence SG-rules. And, sgerror.php always accesible for squidGuard and handle all him's redirections.
            Format sgerror.php:
            Main and impotant 'sgerror.php?url=_my_url',  all others included for retrieve client-info from squidGuard ('a n i s t u' - values). ANISTU used for error-page information (nothing any).
            _my_url have 3 forms:

            • http://myself.errorpage or https://myself.errorpage - this only redirect to '//myself.errorpage'
              example: 'sgerror.php?url=http://example.com&…'
            • errcode<space>text ('404 You cant access') - this display generated error page (or inplaced in IE error page)
              example: 'sgerror.php?url=404%20You%20cant%20access&a=...' // << url encoding exists
            • tags 'blank' and 'blank_img' - blank page and blank img for replacing banners(i use this)
              example: 'sgerror.php?url=blank&a=...' - display blank page</space>

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • C
              ciarocci
              last edited by

              DVSerg,

              The line you gave me looks exactly like the line already in my file unless my eyes are deceiving me.  How is the line different then what I already have?

              flachance,

              Did you have to reboot to make the change from https to http and what version of PFSense are you running?

              Chris

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                You config have
                redirect https://192.168.1.1/sgerror.php?url=http%3A%2F%2Fwww.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

                Must be
                redirect https://192.168.1.1/sgerror.php?url=http://www.kmaconnect.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

                Bug already fixed for '%3A%2F%2F'

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • C
                  ciarocci
                  last edited by

                  Oh, I understand.  You want me to install the newest version of SG.  I'll do that.  Thanks.

                  Chris

                  1 Reply Last reply Reply Quote 0
                  • D
                    dvserg
                    last edited by

                    @ciarocci:

                    Oh, I understand.  You want me to install the newest version of SG.  I'll do that.  Thanks.

                    Chris

                    Language barrier in action  :D

                    SquidGuardDoc EN  RU Tutorial
                    Localization ru_PFSense

                    1 Reply Last reply Reply Quote 0
                    • C
                      ciarocci
                      last edited by

                      ;D Yep  ;D

                      1 Reply Last reply Reply Quote 0
                      • F
                        flachance
                        last edited by

                        No reboot required Chris.

                        1 Reply Last reply Reply Quote 0
                        • A
                          acidrop
                          last edited by

                          hello!

                          I've upgraded squidguard to the latest version and i have pfsense webgui running in https mode.
                          Also squid is in trasparent mode.I've made a block list of domains on squidguard which works but instead of redirecting to a local web server ip it shows a error page like this:

                          https://192.168.1.1/sgerror.php?

                          can anyone tell me how can i avoid this?

                          1 Reply Last reply Reply Quote 0
                          • F
                            flachance
                            last edited by

                            If you read this thread carefully, you'll see that is a problem that others have run into.  There is something in this package that does not re-direct properly when you have your webGUID set to HTTPS.  I am not aware of any work around.

                            dvserg, have you been able to reproduce this behavior?  Do you have any idea what's going on with that?  ???

                            Thanks!

                            1 Reply Last reply Reply Quote 0
                            • C
                              ciarocci
                              last edited by

                              I believe dvserg has fixed this issue, but I have not tried the newest version yet.  It almost sounds to me like acidrop hasn't put anything in the Default Redirect section of the default tab.  Have you entered in a URL in that section acidrop

                              Chris

                              1 Reply Last reply Reply Quote 0
                              • A
                                acidrop
                                last edited by

                                hello ciarocci!

                                first of all i've read all articles but i didn't fully understood what's going on.. :)
                                secondly yes i've put in default redirect an url (a local web server address which points to a page that says: "this page is blocked by your admin") but instead of this appears the error that i told you before…

                                1 Reply Last reply Reply Quote 0
                                • C
                                  ciarocci
                                  last edited by

                                  acidrop, try putting your pfSense webGUI back on http and see what happens.  You may have to apply changes again in SquidGuard after you do that.  There might still be a problem with this working in HTTPS?  DVSerg?  I myself am unable to change my webGUI to port 80 because it just won't change no matter how many times I apply the change, but that is another issue and others have said they have no problem doing that.  Give that a try and report back.

                                  Chris

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    acidrop
                                    last edited by

                                    hi

                                    I tried that and if i put webgui at port 80 everything works ok.Just on https is the problem….
                                    Also i have another issue which isn't something new...when i restart pfsense squidguard service doesn't start
                                    automatically although it's enabled..i have to press apply again to make it work

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dvserg
                                      last edited by

                                      Hi all
                                      Still, the problem remains with HTTPS?
                                      Please say - this problem bof modes: on transparent and on non-transparent?
                                      –-
                                      To acidrop - yes, this bug exists and i know about.

                                      PS thanks all for replaying.  :)

                                      SquidGuardDoc EN  RU Tutorial
                                      Localization ru_PFSense

                                      1 Reply Last reply Reply Quote 0
                                      • A
                                        acidrop
                                        last edited by

                                        hi dvserg !

                                        I've checked it on both transparent and non transparent mode and the problem is the same.

                                        1 Reply Last reply Reply Quote 0
                                        • C
                                          ciarocci
                                          last edited by

                                          Confirmed.  On HTTPS the errors still persist.

                                          1 Reply Last reply Reply Quote 0
                                          • D
                                            DarknessBBB
                                            last edited by

                                            Same problem for me :(

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.