Squidguard not working albeit properly configured
-
Finally got squid3 to install without messing up the entire platform (thanks to the people who worked hard to make the package install!) and also installed squidguard.
Then I configured the applications, in a nutshell like this:
Squid
General tab
Squid is enabled
Proxy interfaces: LAN and LAN2 (I have 2 lan interfaces)
Port 3128
Allow users on interface: YES
Transparent Proxy Interface(s): YES
Enable Access Logging: YES
URI Whitespace Characters Handling: stripRemote cache
Nothing modified here - No custom settingsLocal cache
Nothing modified here - No custom settingsAntivirus
Enabled
Enable manual config: disabled
Google safe browsing: YES
ClamAV update: every 1 hrACL's
Nothing modified here - No custom settingsTraffic Mgmt
Nothing modified here - No custom settingsAuthentication
Nothing modified here - No custom settingsUsers
Nothing modified here - No custom settingsSquidguard
General Settings
Enabled
Enable GUI log: YES
Enable log: YES
Enable log rotation: YES
Clean advert. YES
Blacklisrt: YES
Blacklist URL: http://www.shallalist.de/Downloads/shallalist.tar.gzCommon ACL
I selected misc target categories and my custom target categories are of course selected to DENY
Do not allow IP-Addresses in URL: YES
Redirect mode: ext URL
Redirect info: www.google.com
Rewrite: None
Log: CheckedGroups ACL
Nothing modified here - No custom settingsTarget categories
Here I have 2 categories: one for banned keywords and another with banned extensionsbanned keywords:
Order: –-----
Domain list: empty
URL List: empty
Regular expression: lots of words in the format of "mail|casino|game"
Reditect mode: int error page
Redirect: "Blocked by SG"
Log: CheckedTimes
Nothing modified here - No custom settingsRewrites
Nothing modified here - No custom settingsBlacklist:
http://www.shallalist.de/Downloads/shallalist.tar.gzThe problem is that the filter doesnt work at all. No exceptions, nothing works. The pfsense log is empty from squid errors, the squid log is being populated with entries which seems to indicate that the squid cache actually works, but the squidguard log is totally empty, even if I try to access pages with banned keywords.
Not sure why its not working. At least, how can I confirm without a doubt that the squid proxy server really works?
-
I actually tried to download a large file, let the download finish and tried to download the same file again, noticed a very marginal difference in speed (575kb/s the first round, about 615kb/s the second round).. So I think squid actually doesnt work or doesnt work well..
The logs are actually being populated real time, except for downloaded files. Maybe this is normal in squid?
-
Have you checked the integrations field on squid located under the general tab to make sure squidguard is there? What version of Squid and Squidguard are you using?
What version of PFSense as well? I didn't think transparent worked properly in 2.2.x versions?
I also suggest turning off the AV… it's horrible from what I can tell, and unless you have a very robust system, it can harm your connection bandwidth when multiple people are doing several things.
-
Sorry once again I failed to provide the version numbers…
pfsense 2.2.6-RELEASE (amd64)
SG 1.9.18
squid3 0.4.7The integrations field contains the following:
url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0I am not knowledgeable enough with squid to know what this does, so if you spot anything shady, please let me know! At least, there is some references to squidguard..
I hope transparent proxy with squid works with 2.2.X otherwise whats the point of having the option to do so? Plus it worked (somehow and not stable) in older versions of pfsense.
Regarding the antivirus, pfsense runs on a dual core CPU at 3.2GHz with 12GB RAM… So far it doesnt seem to be hindering bandwidth but I'll try to disable it to see if its faster.