Help!!! SquidGuard barring Installs
-
….. squid blocks because in the installation process the user is not recognized by the application, I think.
The installation program runs on their PC, right ?
So how can "squid + squid guard" (running on pfSEnse) interfere with a process not running on the same device ?If you use a proxy setup on each PC and the installer process (you can't control what it does) doesn't use proxy settings on that device (PC), well … I can imagine it will get blocked.
Or, more basic : users haven't the "Administrator" rights to install whatever on their PC - and thus the problem isn't even pfSense related.
-
….. squid blocks because in the installation process the user is not recognized by the application, I think.
The installation program runs on their PC, right ?
So how can "squid + squid guard" (running on pfSEnse) interfere with a process not running on the same device ?If you use a proxy setup on each PC and the installer process (you can't control what it does) doesn't use proxy settings on that device (PC), well … I can imagine it will get blocked.
Or, more basic : users haven't the "Administrator" rights to install whatever on their PC - and thus the problem isn't even pfSense related.
but if I monitor the real time of squid, the address is seen blocked. Remember that these are programs that use an internet for installation.
-
Do you also have these users in other ACLs that are blocked?
-
@KOM:
Do you also have these users in other ACLs that are blocked?
No, my users are all in a single group that has default allow
-
What is the exact error they're getting?
-
@KOM:
What is the exact error they're getting?
When I try to install, the application is loading, or depending on the program a connection error. And when I look in the real time log appears: DENIED for the user "-"
-
And the reason for the denial?
-
-
That's an authentication problem, TCP_DENIED 407. I've read some other people lately with squid problems related to the ssl handshake.
-
@KOM:
That's an authentication problem, TCP_DENIED 407. I've read some other people lately with squid problems related to the ssl handshake.
but how squid will identify in which user is a skype.exe installing? It is possible?
-
Squid either knows the IP address, or IP address and user/pass depending on whether or not you have any user auth.
-
@KOM:
Squid either knows the IP address, or IP address and user/pass depending on whether or not you have any user auth.
Interesting. The total permission I gave to users was not by ip, but by users. But if squid can make this association, can you tell me how to solve it?
ps: I would not like to have to allow ip
-
What version of pfSense are you running? This might be helpful:
http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-DENIED-407-with-SSL-Sites-but-the-site-is-accessible-td2340748.html
I can't be more specific since I don't have user auth for my squid and I've never seen this problem before.
