SquidGuard Group Acl not working

tanniit

I have pfsense 2.1.3-RELEASE (amd64) running on squid3 transparent mode with squidGuard-dev-squid3.
I get the blacklist from www.shallalist.de, and everything work fine in Common Acl (the Default access, I set to "allow").
I have tested the filtering on "Common Acl" and it works. I created a new Group Acl with a Target Categories to blacklist a site
with the "Default access" set to "allow" and the Target Categories set to "deny".
I do "Save" and "Apply". I tested it, it doesn't seem to work. Tried many times even clear cache, restart pfsense etc.

The strange thing is, if I block using the "Common Acl"'s target list for that Target Categories blacklist, it works. But it doesn't work
with Group Acl.

Can someone help?

golmaal

Can you share the group acl? I would suspect that the group acl query is not resolving as intended. Also, the target categories on the right side are related to time restrictions. I made that mistake once and took long time to figure it out.

tanniit

Sure.

Group ACL
Name: GBL
Client: 192.168.0.0/24
Time: none
Target rules: !BL all [ !BL all]
Redirect mod: int error page

Target categories
name: BL
Domain List: mangapanda.com
URL list: www.mangapanda.com/
Regular expression: mangapanda

tanniit

Anyone have a success story to tell about Group Acl?

KOM

I don't use Squid3, but I thought you couldn't use any of the Int pages if you were using Transparent mode?

Maybe some screenshots of your setup would help.

tanniit

Attached herewith the screen shot. Just can't get the Group Acl working.

![Screen Shot 07-15-14 at 11.41 AM.PNG](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM.PNG)
![Screen Shot 07-15-14 at 11.41 AM.PNG_thumb](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM.PNG_thumb)
![Screen Shot 07-15-14 at 11.41 AM 001.PNG](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM 001.PNG)
![Screen Shot 07-15-14 at 11.41 AM 001.PNG_thumb](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM 001.PNG_thumb)
![Screen Shot 07-15-14 at 11.41 AM 002.PNG](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM 002.PNG)
![Screen Shot 07-15-14 at 11.41 AM 002.PNG_thumb](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM 002.PNG_thumb)

KOM

I played with it and I couldn't get it to work either.

golmaal

I use older version of Squid and it works. Something in firewall rules that bypass proxy for the particular subnet? Sounds stupid recommendation but it has to be some configuration mistake; it just has to work.

KOM

it just has to work

You've never played with squid3, have you? ;D

tanniit

At first I suspect the db corrupted, then I tested in the "acl default", it works just fine.
I manually changing the squidGuard.conf file to
acl {
GBL {
pass !BL all
redirect ….
log GBL.log <- changed from block.log to GBL.log
....

I reload the squid and it reads this file correctly, the GBL.log created...but the log file doesn't logged anything.
It seems squidguard doesn't read the Group Acl for filtering. It could be a bug in v3.

niko2

For those who have not reached to get it working : here is the trick (working on pfsense 2.3) :
in general settings tab of squidguard, there is an "apply" button.
it is mandatory to click after any changes, event on other tabs.
ACL groups work for me !
hopes this help :)

leeratanak

@niko2:

For those who have not reached to get it working : here is the trick (working on pfsense 2.3) :
in general settings tab of squidguard, there is an "apply" button.
it is mandatory to click after any changes, event on other tabs.
ACL groups work for me !
hopes this help :)

Work like a charm !!!