Time Based restriction with Squid & Squid Guard
-
I am also facing the same problem with pfSense 2.0.1, squidGuard 1.4_2 pkg v.1.9.1 and squid 2.7.9 pkg v.4.3.1 on Atom D410 machine serving 300 users.
When squidGuard used to work properly, there were messages in the log file /var/squidGuard/log/squidGuard.log to that effect:
2012-02-29 11:26:33 [47310] Info: recalculating alarm in 3505 secondsBut now, it doesn't do it automatically. Also, I am seeing a lot of messages to by-pass attempts using multiple slashes:
2012-02-29 11:30:21 [47310] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.microsoft.com/genuine//static/images/wol/Win7TopLogo.png 2012-02-29 11:30:21 [47310] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.microsoft.com/genuine//static/images/wol/merged/gl_horizontal_grad_search.pngThe workaround for now is a script that restarts squidGuard every 30 minutes from a remote server by logging onto webGUI over https.
-
Yes, i'm thinking of a cron job to restart squidguard that executes at 9:00AM and 17:00PM
:( -
I'm sure I noticed this problem on V2.0 also - I don't think that it is a V2.0.1 regression.
-
Also having the same problem here running 2.0-RC1.
Squid: 2.7.9 pkg v.4.3.1
Squidguard: 1.4_2 pkg v.1.9.1I also get the logs about a 'Possible bypass attempt'.
Any news on a fix? Have been through this thread: http://forum.pfsense.org/index.php/topic,41747.msg222093.html#msg222093
But the fix did not work for me. -
Did you configured error response to 302?
http://forum.pfsense.org/index.php/topic,41747.msg225863.html#msg225863 -
No. It's set at "int error page (enter error message)"
It's not a browser cache issue. I have also tested simply doing
"telnet <ip-address>3128"
and requesting page with
"GET http://in.rediff.com HTTP/1.0"
<enter><enter>SquidGuard tells in the log whenever it kicks a scheduler by logging " recalculating alarm in xxx seconds" depending on how many seconds are remaining to kick on or off a scheduler.My observation is that it forgets about it's timekeeping job, until kicked with a reconfigure command.</enter></enter></ip-address>
-
i agree with codemarauder
-
Bumping just to see if there is any interest alive in resolving the issue.
I am still doing "Apply" every 30 mins to keep its scheduler sane.
-
You can workaround this with a script on cron until somebody finds what is wrong.
-
I am hoping to test soon on a 2.1DEV test system to see if FreeBSD 8.3 is any better or different. I am just having trouble getting Squid to install on 2.1 at the moment.
-
You can install squid using pkg_add.
Take a look on files.pfsense.org
After you copy squid link, just do Pkg_add -r link_to_squid_package from console
-
You can workaround this with a script on cron until somebody finds what is wrong.
What would the command be to restart squidguard?
-
On my test 2.1DEV 1G nanobsd system, I did:
pkg_add -r http://files.pfsense.org/packages/8/All/squid-2.7.9_1.tbz
It loads dependencies also, (cyrus, openldap, perl) spits out a lot of messages about things that don't exist during the perl phase. But none of this installs the pfSense-specific bits - the items on the web configurator menus and the php that goes with it. But, of course, it doesn't show up in "Installed Packages". So I can't configure Squid using the web configurator. It would be nice if the "Available Packages" list showed newer versions of the packages. But I have no idea how that list is loaded from a server somewhere.
Am I trying to do this all too early? Are the packages for 2.1DEV not up and running properly yet?
or
Are there more commands I can execute to install all the remaining pfSense bits of the package?Also, how do I know which version and type of packages are supposed to go with 2.1DEV?
There are new tbz packages available dated 5 March, but there are also pbi packages with the same version numbers that have been there a while. I guess that the pbi packages are intended for using pbi_add with future systems based on FreeBSD9.
How does the "Available Packages" page know which version to offer?
Sorry for all the questions - I think I now need to read up on the whole development environment to get involved with testing or debugging!
-
I think the way cino does to install packages on 2.1 on his 2.1 pfsense are
Install pfsense package with gui and then go to console
Install freebsd package with pkg_add. -
I started agaain with a freshly made CF card of 2.1-DEVELOPMENT. Although the "Available Packages" page just show 2.7.9, it actually fetches the 2.7.9_1 pbi file. I discovered that 2.1 is usig the pbi package system, so it is the pbi files that are used for this.
squid loads, I take all the defaults then just select "transparent proxy". It doesn't start, no "squid" user and no /var/squid/cache, so I didpw useradd -g proxy -s /sbin/nologin -d /var/squid -n squid
chown -R squid /var/squid
mkdir /var/squid/cache
squid -zThis makes the squid user, gives it rights to /var/squid, makes the cache dir and initialises the cache.
Now /var/squid/logs/cache.log has good-looking messages in it. A process starts, but thenn it is gone by the time I can look for it from the command line. So there is some other issue still with getting squid running on 2.1-DEVELOPMENT (at least with nanobsd).
I will post this in the more appropriate 2.1 forum topic.
-
any workaround on this problem ?
a cron job to restart squidguard or a fix on squidguard config it self ?
