I have had it! Four hours and I cannot get squidguard to block anything

b08maz

The first command is invalid. There is no /var/db/squidGuard/usr -the black lists are in /var/db/squidGuard
The second part to that command "/local/etc/squidGuard" is actually in /usr/local/etc/squidGuard

So I ran chmod -R 755 /var/db/squidGuard /usr/local/etc/squidGuard
            chown -R proxy:proxy /var/db/squidGuard /usr/local/etc/squidGuard

The second commend had to be changed to the paths above also.

This did nothing, squidguard pops up in top then goes away.

Here's the squid config also
–-------------------------
/usr/local/etc/squid/squid.conf

Do not edit manually!

http_port 172.15.1.1:3128
http_port 10.172.2.1:3128
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
visible_hostname localhost
cache_mgr admin@chazxielvas.net

access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
shutdown_lifetime 3 seconds

Allow local network(s) on interface(s)

acl localnet src 172.15.1.0/255.255.255.0 10.172.2.0/255.255.255.240
uri_whitespace strip

cache_dir aufs /var/squid/cache 50000 16 256
cache_mem 512 MB
maximum_object_size 2 KB
minimum_object_size 0 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
offline_mode off

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0
acl localhost src 127.0.0.1
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 387 1025-65535
acl sslports port 443 563 387
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl allowed_subnets src 10.172.2.0/28 172.15.1.0/24
cache deny dynamic
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100

Throttle extensions matched in the url

acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny all

Allow local network(s) on interface(s)

http_access allow localnet
http_access allow allowed_subnets

Custom options

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

Default block all to be sure

http_access deny all

And here is the sg_configurator.log after trying the chmod/chown again.

/var/squidGuard/log/sg_configurator.log
02.05.2008 22:34:32 : sg_reconfigure_user_db: end.
02.05.2008 22:34:32 : sg_build_config: add sources
02.05.2008 22:34:32 : sg_build_config: add blacklist entries
02.05.2008 22:34:32 : sg_build_config: added:
blk_BL_adv; blk_BL_aggressive; blk_BL_automobile_bikes; blk_BL_automobile_boats; blk_BL_automobile_cars; blk_BL_automobile_planes; blk_BL_chat; blk_BL_dating; blk_BL_downloads; blk_BL_drugs; blk_BL_dynamic; blk_BL_finance_banking; blk_BL_finance_insurance; blk_BL_finance_moneylending; blk_BL_finance_other; blk_BL_finance_realestate; blk_BL_forum; blk_BL_gamble; blk_BL_hacking; blk_BL_hobby_cooking; blk_BL_hobby_games; blk_BL_hobby_pets; blk_BL_isp; blk_BL_jobsearch; blk_BL_models; blk_BL_movies; blk_BL_music; blk_BL_news; blk_BL_porn; blk_BL_recreation_humor; blk_BL_recreation_sports; blk_BL_recreation_travel; blk_BL_recreation_wellness; blk_BL_redirector; blk_BL_religion; blk_BL_ringtones; blk_BL_science_astronomy; blk_BL_science_chemistry; blk_BL_searchengines; blk_BL_sex_lingerie; blk_BL_shopping; blk_BL_socialnet; blk_BL_spyware; blk_BL_tracker; blk_BL_updatesites; blk_BL_violence; blk_BL_warez; blk_BL_weapons; blk_BL_webmail; blk_BL_webphone; blk_BL_webradio; blk_BL_webtv;

02.05.2008 22:34:32 : sg_build_config: add ACL
02.05.2008 22:34:32 : sg_build_config: added:
xielvas;

02.05.2008 22:34:32 : sg_build_config: add Default
02.05.2008 22:34:32 : sg_redirector_base_url: select redirector base url (https://172.15.1.1:387/sgerror.php?url=404%20Access%20Denied&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
02.05.2008 22:34:32 : sg_reconfigure: generate squidGuard config and save to /usr/local/etc/squidGuard/squidGuard.conf.
02.05.2008 22:34:32 : squid_reconfigure: remove old redirector options from Squid config.
02.05.2008 22:34:32 : squid_reconfigure: add new redirector options to Squid config.
02.05.2008 22:34:56 : sg_reconfigure_user_db: begin at '/var/db/squidGuard'
02.05.2008 22:34:56 : sg_reconfigure_user_db: STOPPED; User destinations list empty
02.05.2008 22:34:56 : sg_reconfigure_user_db: end.
02.05.2008 22:34:56 : sg_build_config: add sources
02.05.2008 22:34:56 : sg_build_config: add blacklist entries
02.05.2008 22:34:56 : sg_build_config: added:
blk_BL_adv; blk_BL_aggressive; blk_BL_automobile_bikes; blk_BL_automobile_boats; blk_BL_automobile_cars; blk_BL_automobile_planes; blk_BL_chat; blk_BL_dating; blk_BL_downloads; blk_BL_drugs; blk_BL_dynamic; blk_BL_finance_banking; blk_BL_finance_insurance; blk_BL_finance_moneylending; blk_BL_finance_other; blk_BL_finance_realestate; blk_BL_forum; blk_BL_gamble; blk_BL_hacking; blk_BL_hobby_cooking; blk_BL_hobby_games; blk_BL_hobby_pets; blk_BL_isp; blk_BL_jobsearch; blk_BL_models; blk_BL_movies; blk_BL_music; blk_BL_news; blk_BL_porn; blk_BL_recreation_humor; blk_BL_recreation_sports; blk_BL_recreation_travel; blk_BL_recreation_wellness; blk_BL_redirector; blk_BL_religion; blk_BL_ringtones; blk_BL_science_astronomy; blk_BL_science_chemistry; blk_BL_searchengines; blk_BL_sex_lingerie; blk_BL_shopping; blk_BL_socialnet; blk_BL_spyware; blk_BL_tracker; blk_BL_updatesites; blk_BL_violence; blk_BL_warez; blk_BL_weapons; blk_BL_webmail; blk_BL_webphone; blk_BL_webradio; blk_BL_webtv;

02.05.2008 22:34:56 : sg_build_config: add ACL
02.05.2008 22:34:56 : sg_build_config: added:
xielvas;

02.05.2008 22:34:56 : sg_build_config: add Default
02.05.2008 22:34:56 : sg_redirector_base_url: select redirector base url (https://172.15.1.1:387/sgerror.php?url=404%20Access%20Denied&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
02.05.2008 22:34:56 : sg_reconfigure: generate squidGuard config and save to /usr/local/etc/squidGuard/squidGuard.conf.
02.05.2008 22:34:56 : squid_reconfigure: remove old redirector options from Squid config.
02.05.2008 22:34:56 : squid_reconfigure: add new redirector options to Squid config.
02.05.2008 22:35:01 : sg_reconfigure_user_db: begin at '/var/db/squidGuard'
02.05.2008 22:35:01 : sg_reconfigure_user_db: STOPPED; User destinations list empty
02.05.2008 22:35:01 : sg_reconfigure_user_db: end.
02.05.2008 22:35:01 : sg_build_config: add sources
02.05.2008 22:35:01 : sg_build_config: add blacklist entries
02.05.2008 22:35:01 : sg_build_config: added:
blk_BL_adv; blk_BL_aggressive; blk_BL_automobile_bikes; blk_BL_automobile_boats; blk_BL_automobile_cars; blk_BL_automobile_planes; blk_BL_chat; blk_BL_dating; blk_BL_downloads; blk_BL_drugs; blk_BL_dynamic; blk_BL_finance_banking; blk_BL_finance_insurance; blk_BL_finance_moneylending; blk_BL_finance_other; blk_BL_finance_realestate; blk_BL_forum; blk_BL_gamble; blk_BL_hacking; blk_BL_hobby_cooking; blk_BL_hobby_games; blk_BL_hobby_pets; blk_BL_isp; blk_BL_jobsearch; blk_BL_models; blk_BL_movies; blk_BL_music; blk_BL_news; blk_BL_porn; blk_BL_recreation_humor; blk_BL_recreation_sports; blk_BL_recreation_travel; blk_BL_recreation_wellness; blk_BL_redirector; blk_BL_religion; blk_BL_ringtones; blk_BL_science_astronomy; blk_BL_science_chemistry; blk_BL_searchengines; blk_BL_sex_lingerie; blk_BL_shopping; blk_BL_socialnet; blk_BL_spyware; blk_BL_tracker; blk_BL_updatesites; blk_BL_violence; blk_BL_warez; blk_BL_weapons; blk_BL_webmail; blk_BL_webphone; blk_BL_webradio; blk_BL_webtv;

02.05.2008 22:35:01 : sg_build_config: add ACL
02.05.2008 22:35:01 : sg_build_config: added:
xielvas;

02.05.2008 22:35:01 : sg_build_config: add Default
02.05.2008 22:35:01 : sg_redirector_base_url: select redirector base url (https://172.15.1.1:387/sgerror.php?url=404%20Access%20Denied&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
02.05.2008 22:35:01 : sg_reconfigure: generate squidGuard config and save to /usr/local/etc/squidGuard/squidGuard.conf.
02.05.2008 22:35:01 : squid_reconfigure: remove old redirector options from Squid config.
02.05.2008 22:35:01 : squid_reconfigure: add new redirector options to Squid config.

Perry

Seems the best way is to upload the blacklist before SquidGuard is started.
Made a 10min wink video
Hope it helps.

b08maz

video is great, but Im not signing up just to watch it.

GruensFroeschli

You kind of missed the point of this site.

You can either sign up and pay to get faster downloads and no delay,
or you dont pay and have to wait 45 seconds for your download to start (the button "free download" that appears after the countdown finshed)

psychosematic

i followed through on the vid. the only think i did different was used the url instead of uploading. I can tell the rules are working … i am just not getting the request denied page. It just keeps on trying to load ... waiting for such and such site. Any remedies?

josh

b08maz

I waited 5 minutes, no file available. Firefox is blocking it I bet.

Perry

Hmm.. ??? It was kind of the point with video to show how you could do it if wanted it to work. As you can see adding the URLBlacklist takes a few sec.

I tried downloading the shallalist from the gui and it takes 5 min or so, while with URLBlacklist.com (none free) it made pfsense stop responding. So yes something is rotten in the state of Denmark and I'm sure dvserg will take a look at it.

It can be that you have paid for URLBlacklist.com access, but do remember that this addon to pfSense has been made by dvserg who don't get paid and have been using well over 100 hours on it.

b08maz

I got it going. The only thing you did different than I was you manually placed the blacklist.gz, where I put the URL into it.

b08maz

I paid for it. And the my uninstalling / reinstalling used up my four downloads for the damn month in 1 hour! I'm pissed. I also tried doing what you suggested in the video. It didn't work. I don't have the exact same list though I uploaded /var/tmp/shallailist.tar.gz and marked a couple of items and the deny column as well next to it. I assume Default Access (all) has to be checked, just not the deny access to the right of it. Any other tests I can do since I don't have the same blacklist you have.

b08maz

Nothing blocked. I tried a Domain from shallist affaire18.com, I had BL_dating checked and denied checked. I tried this with Default access [all] checked, Default access [all] deny access both checked and unchecked. I wanted to see if checking Default access [all] deny access on or off made a difference. It didn't make a difference. The domain was viewable in both cases.

b08maz

I would like to know how to manually install this. I dont think it is installing correct. Often times I have to hit apply three times and the save button to stop service or start it. I have tried everything in these forums and it just will not work.

Perry

reinstall pfSense

b08maz

over the top or new install and import config?

Perry

I would make a new install and only import a config from before any packages was installed. You don't want any trace of the old SquidGuard install.

b08maz

The clean reinstall worked. I just redid the whole system. Now my big question is will I be able to import the BlacklistURL.com blacklist without squidguard freaking out? Right now I have the Shallist loaded.

Perry

Yes if you copy the list over with winscp. I would also stop Squidguard before hitting the upload button.

wakeras

This how I did it.

1. install package squid and squidguard and go to console menu and press 8 to exit console menu.

2. chown of /var/squid and /var/squidGuard to proxy:proxy    (ex. chown -R proxy:proxy /var/squid)

3. create /download  directory

4. cd /download

5. pkg_add -r http://62.4.17.14/pub/FreeBSD/ports/i386/packages-6.2-release/All/wget-1.10.2.tbz

6. /usr/local/bin/wget http://www.shallalist.de/Downloads/shallalist.tar.gz    ( at least you can see download progress using this way)

7. click to Service>Proxy Content>General Setting

8. in Blacklist URL = /download/shallalist.tar.gz

see squidguard1.JPG

9. click save button

10. click Upload URL button

11. click save button (just to make sure)

12. although it says "SquidGuard service state: STARTED" just click apply button

13. GOTO Default tab

14. Follow my example using squidguard2.JPG and squidguard3.JPG or customize as you like but leave Default access [all]

15. click save

16. go to ACL tab and create new ACL (click the + button)

17. for "Source IP Address" put your network address/Masks bit (not ip address) example squidguard4.JPG

18. for "Destination" –--> customize as you like but leave Default access [all] and click save when finish. (squidguard5.JPG)

19. go to General Stting tab and click apply button to restart squid (and squidGuard too)

Note: Make sure in Service>Proxy server>Access Control –-->    the allow subnet is/are the same with (17)  (subnet = network address/Masks bit)

The End

BTW it took me about 3 to 4 months to figure this out by looking here and there in the forum.  :)