What Squid version and SquidGuard or DansGuardian?

marcelloc

Did you tried any changes on clamav/icap configuration, like improving exclusion, etc?

MrGlasspoole

Ok, step by step.

I have the problems with the clwarn.cgi.
First i changed redirect to:

https://192.168.0.1/clwarn.cgi

as it was suggested. But it's https so i need to accept the non trusted side in Firefox.
Can i use http?

Then my clwarn.cgi is just an empty side?

Next thing is that i get a Squid error site if a URL does not longer exist.
Is it possible to show the defaults browser page?
Or does it have advantages to see a Squid site in such a case?

Read Error
The system returned: (54) Connection reset by peer

Cino

@MrGlasspoole:

Ok, step by step.

I have the problems with the clwarn.cgi.
First i changed redirect to:

https://192.168.0.1/clwarn.cgi

as it was suggested. But it's https so i need to accept the non trusted side in Firefox.
Can i use http?

Then my clwarn.cgi is just an empty side?

try https://192.168.0.1/squid_clwarn.php

MrGlasspoole

@marcelloc:

Did you tried any changes on clamav/icap configuration, like improving exclusion, etc?

I quote myself from another thread:

Yes there are many scenarios but i think it would be nice if some users would post there basic home settings
or there would be some recommendations for example on stuff like Squid Memory cache size based on RAM.
I believe for home use the needs between people do not differentiate to much.
I think there are allot of people here who have experience on what works best.

I'm not sure what files to scan and which not.

@Cino:

try https://192.168.0.1/squid_clwarn.php

Ok, that works. But why does it not point to a php file from the beginning?
But still - is it normal that i need a certificate to show error warnings?

MrGlasspoole

From the log:

/usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log

but it's there and gets updated?

Then:

kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"

normal?

Then i saw:

kid1| WARNING: All 5/5 redirector processes are busy.
kid1| WARNING: 5 pending requests queued
kid1| WARNING: Consider increasing the number of redirector processes in your config file.
kid1| WARNING: All 5/5 redirector processes are busy.
kid1| WARNING: 5 pending requests queued
kid1| WARNING: Consider increasing the number of redirector processes in your config file.

after some google i changed in "/usr/local/pkg/squidguard_configurator.inc":

define('REDIRECTOR_PROCESS_COUNT', '5');

to 10.
Is this correct?

Then the log is full of "init domainlist" and "loading dbfile".
Is that normal?

cache.txt
cache.log.0.txt
squidGuard.txt

exograpix

Hi,

How to disable ramdisk in pfsense

MrGlasspoole

@exograpix:

How to disable ramdisk in pfsense

System > Advanced > Miscellaneous
But by default it's off.

exograpix

Hi,

Squidguard works at the time of first installation and after reboot though service is on, filtering is gone. using squid with transparent.

marcelloc

@MrGlasspoole:

Ok, that works. But why does it not point to a php file from the beginning?
But still - is it normal that i need a certificate to show error warnings?

Since pkg v0.2.4 it is. But if you came from older pkg versions, you may have old config files instead.

You can host it on other http web server or buy a certificate(there are some free too) to pfsense https.

MrGlasspoole

Ok, here is what i did.

I created "warning.mydomain.net" in the vHosts package and copied squid_clwarn.php
to "/usr/local/vhosts/warning.mydomain.net"

I also added "warning.mydomain.net" to the DNS Resolver Host Overrides.

In squidclamav.conf i changed to:

redirect http://warning.mydomain.net/squid_clwarn.php

No more certificate warnings!

What about the other stuff from my logs i was asking about?
And what someone share his Clamav settings for performance?