Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squidguard on 2.0 final

    Scheduled Pinned Locked Moved pfSense Packages
    27 Posts 13 Posters 18.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      Nice debug. Congratulations! :)

      You can also Pull this request via github.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • K
        kalu
        last edited by

        Hi i tried what you said but it didn't helped me, but if clear the cache it does works.
        thanks. I have highlighted the change that i made i hope i did right.
        please suggest

        ontime

        $sg_acltag->items[] = "pass {$acl[F_DESTINATIONNAME]}";
                        if ($acl[F_RMOD] != RMOD_NONE)
                        # $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_REDIRECT], $acl[F_RMOD]);
                        $sg_acltag->items[] = "redirect " . "302:" . sg_redirector_base_url($acl[F_REDIRECT], $acl[F_RMOD]);

        # overtime
                        if ($acl[F_TIMENAME]) {
                            $sg_acltag->items[] = "} else {";
                            $sg_acltag->items[] = "pass {$acl[F_OVERDESTINATIONNAME]}";
                            if ($acl[F_REDIRECMODE] !== RMOD_NONE)
                                # $sg_acltag->items[] = "redirect " . sg_redirector_base_url($acl[F_OVERREDIRECT], $acl[F_RMOD]);
                              $sg_acltag->items[] = "redirect " . "302:" . sg_redirector_base_url($acl[F_OVERREDIRECT], $acl[F_RMOD])

        –- Default ---

        $sg_tag_def = new TSgTag;
            $sg_tag_def->set("default", "", "", "");
            $def = $squidguard_config[F_DEFAULT];
            sg_addlog("sg_create_config", "Add Default", SQUIDGUARD_INFO);
            if ($def) {
                $temp_str = '';

        # delete blacklist entries from 'pass' if blacklist disabled
                if ($squidguard_config[F_BLACKLISTENABLED] !== 'on')
                    acl_remove_blacklist_items(&$def[F_DESTINATIONNAME]);

        # not allowing IP in URL
                if ($def[F_NOTALLOWINGIP])
                    $def[F_DESTINATIONNAME] = "!in-addr " . $def[F_DESTINATIONNAME];

        # re-order acl pass (<allow><deny<all|none>)
                $def[F_DESTINATIONNAME] = sg_aclpass_reorder($def[F_DESTINATIONNAME]);

        # ! 'Default' must use without times !
                $sg_tag_def->items[] = "pass {$def[F_DESTINATIONNAME]}";
                if ($def[F_RMOD] !== RMOD_NONE)
                  $sg_tag_def->items[] = "redirect " . "302:" .  sg_redirector_base_url($def[F_REDIRECT], $def[F_RMOD]);
                if ($def[F_REWRITENAME])
                    $sg_tag_def->items[] = "rewrite {$def[F_REWRITENAME]}";
                if ($squidguard_config[F_ENABLELOG] == 'on' ) {
                    if ($def[F_LOG])
                        $sg_tag_def->items[] = "log " . SQUIDGUARD_LOGFILE;
                }
            } # <- if def
            else {
                $msg =  "ACL 'default' is empty, will use default 'block all'";
                $sg_tag_def->items[] = "# $msg";
                $sg_tag_def->items[] = "pass none";
              $sg_tag_def->items[] = "redirect " . "302:" . sg_redirector_base_url('', RMOD_INT_ERRORPAGE);
                sg_addlog("sg_create_config", "$msg.", SQUIDGUARD_ERROR);
            }</deny<all|none></allow>

        thanks
        kalu

        i love pfsense because i love open source.

        1 Reply Last reply Reply Quote 0
        • L
          LFCavalcanti
          last edited by

          Hello everyone!

          I'm from Brazil, so if my english is a little bad, forgive me.

          I've tested those suggested modifications on the file "squid_configurator.inc" and even modifying others arguments and attributes nothing went right.

          On my situation the only problem is with the browser cache.

          I needed to solve this right away so I said to users on the network to push F5 when a Website appears to be blocked. So far it's working but if you have any other things to try, just say.

          –

          Luiz Fernando Cavalcanti
          IT Manager
          Arriviera Technology Group

          1 Reply Last reply Reply Quote 0
          • D
            dmenezes
            last edited by

            there is no bug about that! the problem is how to redirect, don't need to change the file "squid_cofigurator.inc"
            as someone else said the "code" cache is 301 for permanent and 302 for temporary!

            you can see in the "squid_cofigurator.inc" file on line 1200

            "case RMOD_EXT_FOUND: $ rdr_path =" 302: $ rdr_info "break;"

            to use it you need to set, "Redirect mode: "ext url = found (enter URL)"

            using that it will included as "302:redirect" in your configuration and work normally!

            redirect_mode.png
            redirect_mode.png_thumb

            1 Reply Last reply Reply Quote 0
            • M
              mila76
              last edited by

              Caching problem not have nothing to do with this "bug"

              H2wk tried a new clean install of 2.0 and all work so i fixed removing and reinstalling squid and squidguard packages.
              Config not even touched during this "work", on reinstall is automatically restored and now all work as expected

              for the brazilian guy: i use dmeneze Redirect mode: "ext url" on my config, like dmenezes suggest, and not have big trouble with cache. only 1/2 times some crap browser/computer have some cache issue, but i'm not sure my oldoldold config use "ext url" when appen time ago.

              1 Reply Last reply Reply Quote 0
              • L
                LFCavalcanti
                last edited by

                I'll see if this redirection mode is activated on my server and post here later.

                About the "crap" computer, I desagree, the issue here is with Browsers… Firefox and Internet Explorer do this... Google Chrome does not... another fact I've found.

                –

                Luiz Fernando Cavalcanti
                IT Manager
                Arriviera Technology Group

                1 Reply Last reply Reply Quote 0
                • L
                  LFCavalcanti
                  last edited by

                  Hi Again!

                  It worked! Change the Redirect mode on the SquidGuard ACLs to "ext url found (enter URL)".

                  The problem with the Browser cache was solved.

                  Thanks for the help!

                  –

                  Luiz Fernando Cavalcanti
                  IT Manager
                  Arriviera Technology Group

                  1 Reply Last reply Reply Quote 0
                  • M
                    mcchin
                    last edited by

                    @LFCavalcanti:

                    Hi Again!

                    It worked! Change the Redirect mode on the SquidGuard ACLs to "ext url found (enter URL)".

                    The problem with the Browser cache was solved.

                    Thanks for the help!

                    How to change the Redirect mode on the SquidGuard ACLs to "ext url found (enter URL)". In which files and section? I can't find this line.

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      It's a gui option, not a file hack.

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • M
                        mila76
                        last edited by

                        i have again the same issue

                        nothing is changed on squidguard but now i can't use webpages on offtime.
                        same apply (or restart squidguard) behaviour

                        1 Reply Last reply Reply Quote 0
                        • L
                          LFCavalcanti
                          last edited by

                          Hi!

                          Like Marcelloc said… this option is in the GUI.

                          Common ACL and Group ACL in both this option is avaliable.

                          –

                          Luiz Fernando Cavalcanti
                          IT Manager
                          Arriviera Technology Group

                          1 Reply Last reply Reply Quote 0
                          • L
                            LFCavalcanti
                            last edited by

                            Hi mila76

                            I've 7 servers in production environments right now with this configuration even with Squid authenticating on Active Directory(Windows Server 208).

                            Let's do a step to step:
                            1 - Install a clean PFSense 2.0 RELEASE
                            2 - Install both Squid and SquidGuard
                            3 - Before everything: Download and update the SquidGuard BlackList, I suggest URL BlackList or Shalla List… your choice.
                            4 - I'll assume that you know how to implement and manage the options on cache and acces tabs of Squid Configurations and the concept of Proxy.
                            5 - Bring Squid Online with the configuration you want.
                            6 - Bring SquidGuard online
                            7 - Set the common ACL as you desire and in the bottom of the page set the Redirect Mode as "Ext URL Found", put some URL... could be a Webpage or a HTML file hosted on a webserver in your Intranet.
                            8 - Go to General tab on Squidguard configuration then click on save and after click on apply.

                            I've a much more complex configuration on my Servers so it will be hard to explain.
                            Above are the basics and I hope that will help you.

                            –

                            Luiz Fernando Cavalcanti
                            IT Manager
                            Arriviera Technology Group

                            1 Reply Last reply Reply Quote 0
                            • A
                              anagh
                              last edited by

                              Follow your instruction of ext url found but still page is not blocking Pls Help

                              1 Reply Last reply Reply Quote 0
                              • S
                                spillek
                                last edited by

                                @mila76:

                                i used squidguard in 1.2x to 2.0rc whiteout any issue. My config use whitelist, and times.

                                After upgrade to 2.0 (if squidguard upgrade too or only reinstall i don't know for sure) i have strange issue.
                                Times don't work anymore, and i can't understand why.
                                I check my config but nothing strange is come out.

                                Bug in squidguard binary? bug in config generations? I can't figure out.

                                If i click apply on off time (es from 12 to 13) all affected computer ignore whitelist (correct), but after 13 whitelist remain ignored (wrong).
                                If i click apply on on time (es after 13) all affected computer use whitelist (correct), but again, in offtime whitelist remains (wrong).

                                prior 2.0 final i have no issue at all

                                please help me to figure out this problem :(

                                same problem, my boss wants me fired because I can not automatically block facebook! nobody has any idea to solve?
                                ???

                                1 Reply Last reply Reply Quote 0
                                • marcellocM
                                  marcelloc
                                  last edited by

                                  You can workaround this restarting or reloading squidguard every day or at specific times.

                                  To handle cron schedules using gui, install cron package.

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    spillek
                                    last edited by

                                    Thanks I want test it…
                                    I have install Cron Package..
                                    what is the command to reload squidquard to add in the Cron table?

                                    thanks in advance!

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      spillek
                                      last edited by

                                      Hi, it work for now, thanks for your help.. with Cron and this command schedule every day:
                                      /usr/local/sbin/squid -k shutdown 
                                      /usr/local/sbin/squid

                                      restarting squid by night, the acl time based work fine without press "apply" in time or offtime to pass or block

                                      then with a alias with IP + apps.facebook.com and a schedule rule also https facebook access is possible only in pause time..

                                      only problem left is to cache browser that is not resolved also changing the squidguard_configurator.inc file but not a serious problem

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        makan
                                        last edited by

                                        @spillek:

                                        Hi, it work for now, thanks for your help.. with Cron and this command schedule every day:
                                        /usr/local/sbin/squid -k shutdown 
                                        /usr/local/sbin/squid

                                        restarting squid by night, the acl time based work fine without press "apply" in time or offtime to pass or block

                                        then with a alias with IP + apps.facebook.com and a schedule rule also https facebook access is possible only in pause time..

                                        only problem left is to cache browser that is not resolved also changing the squidguard_configurator.inc file but not a serious problem

                                        great workaround.
                                        it's save my time a lot. i should no click apply button for every "time" and "off-time" any more…  ;D

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          makan
                                          last edited by

                                          but i'm still curious about how to restart squidguard properly without restarting squid.
                                          what is script that button apply use at squidguard page?

                                          1 Reply Last reply Reply Quote 0
                                          • R
                                            rw
                                            last edited by

                                            @makan:

                                            but i'm still curious about how to restart squidguard properly without restarting squid.
                                            what is script that button apply use at squidguard page?

                                            In my experience a cronjob with "squid -k reconfigure" is enough, it will not kill squid and is enough to workaround the time problem.

                                            i did a ps -aux | grep squid on shell and got

                                            proxy  5813  0.0  0.1  9012  2612  ??  SN    1:06PM  0:02.27 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
                                            proxy  5903  0.0  0.1  9012  2612  ??  IN    1:06PM  0:00.21 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
                                            proxy  6195  0.0  0.1  9012  2612  ??  IN    1:06PM  0:00.08 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.conf (squidGuard)
                                            root  55758  0.0  0.1 15248  4652  ??  INs  12:56PM  0:00.00 /usr/local/sbin/squid -D

                                            as you can also see in "proxy server" configuration, squidguard is configured as a redirect program inside squid, not a deamon itself. I only know about pfsense, that i know nothing about pfsense so i may be wrong, but that's what i conclude.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.