SquidGuard Disable "Groups ACL" no work, bug?

sisko212

@freudyflc i am sorry... for your case, should be something else then.

viktor_g

@freudyflc Please provide your SquidGuard configuration for checking
WebGUI pages + /usr/local/etc/squidGuard/squidGuard.conf

FreudyFLC

@viktor_g said in SquidGuard Disable "Groups ACL" no work, bug?:

@freudyflc Please provide your SquidGuard configuration for checking
WebGUI pages + /usr/local/etc/squidGuard/squidGuard.conf

This is my squidGuard configuration:
(Excuse the Spanish, I am Cuban)

============================================================

SquidGuard configuration file

This file generated automaticly with SquidGuard configurator

(C)2006 Serg Dvoriancev

email: dv_serg@mail.ru

============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

Horario Para la Navegación

time Horario {
weekly * 07:00-18:00
}

dest blk_BL_adv {
domainlist blk_BL_adv/domains
urllist blk_BL_adv/urls
log block.log
}

dest blk_BL_aggressive {
domainlist blk_BL_aggressive/domains
urllist blk_BL_aggressive/urls
log block.log
}

dest blk_BL_alcohol {
domainlist blk_BL_alcohol/domains
urllist blk_BL_alcohol/urls
log block.log
}

dest blk_BL_anonvpn {
domainlist blk_BL_anonvpn/domains
urllist blk_BL_anonvpn/urls
log block.log
}

dest blk_BL_automobile_bikes {
domainlist blk_BL_automobile_bikes/domains
urllist blk_BL_automobile_bikes/urls
log block.log
}

dest blk_BL_automobile_boats {
domainlist blk_BL_automobile_boats/domains
urllist blk_BL_automobile_boats/urls
log block.log
}

dest blk_BL_automobile_cars {
domainlist blk_BL_automobile_cars/domains
urllist blk_BL_automobile_cars/urls
log block.log
}

dest blk_BL_automobile_planes {
domainlist blk_BL_automobile_planes/domains
urllist blk_BL_automobile_planes/urls
log block.log
}

dest blk_BL_chat {
domainlist blk_BL_chat/domains
urllist blk_BL_chat/urls
log block.log
}

dest blk_BL_costtraps {
domainlist blk_BL_costtraps/domains
urllist blk_BL_costtraps/urls
log block.log
}

dest blk_BL_dating {
domainlist blk_BL_dating/domains
urllist blk_BL_dating/urls
log block.log
}

dest blk_BL_downloads {
domainlist blk_BL_downloads/domains
urllist blk_BL_downloads/urls
log block.log
}

dest blk_BL_drugs {
domainlist blk_BL_drugs/domains
urllist blk_BL_drugs/urls
log block.log
}

dest blk_BL_dynamic {
domainlist blk_BL_dynamic/domains
urllist blk_BL_dynamic/urls
log block.log
}

dest blk_BL_education_schools {
domainlist blk_BL_education_schools/domains
urllist blk_BL_education_schools/urls
log block.log
}

dest blk_BL_finance_banking {
domainlist blk_BL_finance_banking/domains
urllist blk_BL_finance_banking/urls
log block.log
}

dest blk_BL_finance_insurance {
domainlist blk_BL_finance_insurance/domains
urllist blk_BL_finance_insurance/urls
log block.log
}

dest blk_BL_finance_moneylending {
domainlist blk_BL_finance_moneylending/domains
urllist blk_BL_finance_moneylending/urls
log block.log
}

dest blk_BL_finance_other {
domainlist blk_BL_finance_other/domains
urllist blk_BL_finance_other/urls
log block.log
}

dest blk_BL_finance_realestate {
domainlist blk_BL_finance_realestate/domains
urllist blk_BL_finance_realestate/urls
log block.log
}

dest blk_BL_finance_trading {
domainlist blk_BL_finance_trading/domains
urllist blk_BL_finance_trading/urls
log block.log
}

dest blk_BL_fortunetelling {
domainlist blk_BL_fortunetelling/domains
urllist blk_BL_fortunetelling/urls
log block.log
}

dest blk_BL_forum {
domainlist blk_BL_forum/domains
urllist blk_BL_forum/urls
log block.log
}

dest blk_BL_gamble {
domainlist blk_BL_gamble/domains
urllist blk_BL_gamble/urls
log block.log
}

dest blk_BL_government {
domainlist blk_BL_government/domains
urllist blk_BL_government/urls
log block.log
}

dest blk_BL_hacking {
domainlist blk_BL_hacking/domains
urllist blk_BL_hacking/urls
log block.log
}

dest blk_BL_hobby_cooking {
domainlist blk_BL_hobby_cooking/domains
urllist blk_BL_hobby_cooking/urls
log block.log
}

dest blk_BL_hobby_games-misc {
domainlist blk_BL_hobby_games-misc/domains
urllist blk_BL_hobby_games-misc/urls
log block.log
}

dest blk_BL_hobby_games-online {
domainlist blk_BL_hobby_games-online/domains
urllist blk_BL_hobby_games-online/urls
log block.log
}

dest blk_BL_hobby_gardening {
domainlist blk_BL_hobby_gardening/domains
urllist blk_BL_hobby_gardening/urls
log block.log
}

dest blk_BL_hobby_pets {
domainlist blk_BL_hobby_pets/domains
urllist blk_BL_hobby_pets/urls
log block.log
}

dest blk_BL_homestyle {
domainlist blk_BL_homestyle/domains
urllist blk_BL_homestyle/urls
log block.log
}

dest blk_BL_hospitals {
domainlist blk_BL_hospitals/domains
urllist blk_BL_hospitals/urls
log block.log
}

dest blk_BL_imagehosting {
domainlist blk_BL_imagehosting/domains
urllist blk_BL_imagehosting/urls
log block.log
}

dest blk_BL_isp {
domainlist blk_BL_isp/domains
urllist blk_BL_isp/urls
log block.log
}

dest blk_BL_jobsearch {
domainlist blk_BL_jobsearch/domains
urllist blk_BL_jobsearch/urls
log block.log
}

dest blk_BL_library {
domainlist blk_BL_library/domains
urllist blk_BL_library/urls
log block.log
}

dest blk_BL_military {
domainlist blk_BL_military/domains
urllist blk_BL_military/urls
log block.log
}

dest blk_BL_models {
domainlist blk_BL_models/domains
urllist blk_BL_models/urls
log block.log
}

dest blk_BL_movies {
domainlist blk_BL_movies/domains
urllist blk_BL_movies/urls
log block.log
}

dest blk_BL_music {
domainlist blk_BL_music/domains
urllist blk_BL_music/urls
log block.log
}

dest blk_BL_news {
domainlist blk_BL_news/domains
urllist blk_BL_news/urls
log block.log
}

dest blk_BL_podcasts {
domainlist blk_BL_podcasts/domains
urllist blk_BL_podcasts/urls
log block.log
}

dest blk_BL_politics {
domainlist blk_BL_politics/domains
urllist blk_BL_politics/urls
log block.log
}

dest blk_BL_porn {
domainlist blk_BL_porn/domains
urllist blk_BL_porn/urls
log block.log
}

dest blk_BL_radiotv {
domainlist blk_BL_radiotv/domains
urllist blk_BL_radiotv/urls
log block.log
}

dest blk_BL_recreation_humor {
domainlist blk_BL_recreation_humor/domains
urllist blk_BL_recreation_humor/urls
log block.log
}

dest blk_BL_recreation_martialarts {
domainlist blk_BL_recreation_martialarts/domains
urllist blk_BL_recreation_martialarts/urls
log block.log
}

dest blk_BL_recreation_restaurants {
domainlist blk_BL_recreation_restaurants/domains
urllist blk_BL_recreation_restaurants/urls
log block.log
}

dest blk_BL_recreation_sports {
domainlist blk_BL_recreation_sports/domains
urllist blk_BL_recreation_sports/urls
log block.log
}

dest blk_BL_recreation_travel {
domainlist blk_BL_recreation_travel/domains
urllist blk_BL_recreation_travel/urls
log block.log
}

dest blk_BL_recreation_wellness {
domainlist blk_BL_recreation_wellness/domains
urllist blk_BL_recreation_wellness/urls
log block.log
}

dest blk_BL_redirector {
domainlist blk_BL_redirector/domains
urllist blk_BL_redirector/urls
log block.log
}

dest blk_BL_religion {
domainlist blk_BL_religion/domains
urllist blk_BL_religion/urls
log block.log
}

dest blk_BL_remotecontrol {
domainlist blk_BL_remotecontrol/domains
urllist blk_BL_remotecontrol/urls
log block.log
}

dest blk_BL_ringtones {
domainlist blk_BL_ringtones/domains
urllist blk_BL_ringtones/urls
log block.log
}

dest blk_BL_science_astronomy {
domainlist blk_BL_science_astronomy/domains
urllist blk_BL_science_astronomy/urls
log block.log
}

dest blk_BL_science_chemistry {
domainlist blk_BL_science_chemistry/domains
urllist blk_BL_science_chemistry/urls
log block.log
}

dest blk_BL_searchengines {
domainlist blk_BL_searchengines/domains
urllist blk_BL_searchengines/urls
log block.log
}

dest blk_BL_sex_education {
domainlist blk_BL_sex_education/domains
urllist blk_BL_sex_education/urls
log block.log
}

dest blk_BL_sex_lingerie {
domainlist blk_BL_sex_lingerie/domains
urllist blk_BL_sex_lingerie/urls
log block.log
}

dest blk_BL_shopping {
domainlist blk_BL_shopping/domains
urllist blk_BL_shopping/urls
log block.log
}

dest blk_BL_socialnet {
domainlist blk_BL_socialnet/domains
urllist blk_BL_socialnet/urls
log block.log
}

dest blk_BL_spyware {
domainlist blk_BL_spyware/domains
urllist blk_BL_spyware/urls
log block.log
}

dest blk_BL_tracker {
domainlist blk_BL_tracker/domains
urllist blk_BL_tracker/urls
log block.log
}

dest blk_BL_updatesites {
domainlist blk_BL_updatesites/domains
urllist blk_BL_updatesites/urls
log block.log
}

dest blk_BL_urlshortener {
domainlist blk_BL_urlshortener/domains
urllist blk_BL_urlshortener/urls
log block.log
}

dest blk_BL_violence {
domainlist blk_BL_violence/domains
urllist blk_BL_violence/urls
log block.log
}

dest blk_BL_warez {
domainlist blk_BL_warez/domains
urllist blk_BL_warez/urls
log block.log
}

dest blk_BL_weapons {
domainlist blk_BL_weapons/domains
urllist blk_BL_weapons/urls
log block.log
}

dest blk_BL_webmail {
domainlist blk_BL_webmail/domains
urllist blk_BL_webmail/urls
log block.log
}

dest blk_BL_webphone {
domainlist blk_BL_webphone/domains
urllist blk_BL_webphone/urls
log block.log
}

dest blk_BL_webradio {
domainlist blk_BL_webradio/domains
urllist blk_BL_webradio/urls
log block.log
}

dest blk_BL_webtv {
domainlist blk_BL_webtv/domains
urllist blk_BL_webtv/urls
log block.log
}

Navegacion Nacional

dest Intranet {
expressionlist Intranet/expressions
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}

Bloqueo General

dest BL_Generales {
domainlist BL_Generales/domains
expressionlist BL_Generales/expressions
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}

Bloqueo de Correos

dest BL_Correos {
expressionlist BL_Correos/expressions
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}

Youtube

dest BL_Youtube {
domainlist BL_Youtube/domains
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}

rew safesearch {
s@(google../search?.q=.)@\1&safe=active@i
s@(google../images.q=.)@\1&safe=active@i
s@(google../groups.q=.)@\1&safe=active@i
s@(google../news.q=.)@\1&safe=active@i
s@(yandex../yandsearch?.text=.)@\1&fyandex=1@i
s@(search.yahoo../search.p=.)@\1&vm=r&v=1@i
s@(search.live../.q=.)@\1&adlt=strict@i
s@(search.msn../.q=.)@\1&adlt=strict@i
s@(.bing../.q=.)@\1&adlt=strict@i
s@(duckduckgo../?.q=.)@\1&kp=1@i
s@(rambler../?.query=.)@\1&adult=family@i
s@(qwant../?.q=.)@\1&s=2@i
s@(ecosia../search.q=.)@\1&safesearch=2@i
s@(onesearch../yhs/search.*)@\1&vm=r@i
log block.log
}

acl {
#
default {
pass !in-addr none
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
rewrite safesearch
log block.log
}
}

viktor_g

@freudyflc right, something wrong - I don't see src entries
Could you show your Group ACLs ?

FreudyFLC

@viktor_g said in SquidGuard Disable "Groups ACL" no work, bug?:

@freudyflc right, something wrong - I don't see src entries
Could you show your Group ACLs ?

<acls>
<0>
<name>Intranet</name>
<description><![CDATA[Usuarios con Acceso a Intranet]]></description>
<disabled></disabled>
<timename>Horario</timename>
<redirect>Acceso Denegado!!! Usuario de Intranet!!!</redirect>
<redirect_mode>rmod_int</redirect_mode>
<rewritename>safesearch</rewritename>
<log>on</log>
<notallowingip>on</notallowingip>
<order></order>
<overredirect>Acceso Denegado!!! Usuario de Intranet!!!</overredirect>
<overrewritename>safesearch</overrewritename>
<destname>Intranet none</destname>
<overdestname>none</overdestname>
</0>
<1>
<name>Internet</name>
<description><![CDATA[Usuarios con Acceso a Internet]]></description>
<disabled></disabled>
<timename>Horario</timename>
<redirect>Acceso Denegado!!! Usuario de Internet!!!</redirect>
<redirect_mode>rmod_int</redirect_mode>
<rewritename>safesearch</rewritename>
<log>on</log>
<notallowingip>on</notallowingip>
<order></order>
<overredirect>Acceso Denegado!!! Usuario de Internet!!!</overredirect>
<overrewritename>safesearch</overrewritename>
<destname>!BL_Generales !BL_Correos !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_chat !blk_BL_dating !blk_BL_drugs !blk_BL_finance_moneylending !blk_BL_finance_trading !blk_BL_gamble !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_military !blk_BL_movies !blk_BL_music !blk_BL_porn !blk_BL_recreation_humor !blk_BL_recreation_martialarts !blk_BL_recreation_restaurants !blk_BL_recreation_sports !blk_BL_recreation_travel !blk_BL_recreation_wellness !blk_BL_remotecontrol !blk_BL_ringtones !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_socialnet !blk_BL_spyware !blk_BL_violence !blk_BL_warez !blk_BL_weapons !blk_BL_webmail all</destname>
<overdestname>none</overdestname>
</1>
<2>
<name>Administradores</name>
<description><![CDATA[Usuarios Administradores]]></description>
<disabled></disabled>
<timename></timename>
<redirect>Acceso Denegado!!! Adminsitrador!!!</redirect>
<redirect_mode>rmod_none</redirect_mode>
<rewritename>safesearch</rewritename>
<log>on</log>
<notallowingip></notallowingip>
<order></order>
<overredirect>Acceso Denegado!!! Adminsitrador!!!</overredirect>
<overrewritename>safesearch</overrewritename>
<destname>!blk_BL_porn !blk_BL_sex_education !blk_BL_sex_lingerie all</destname>
<overdestname>!blk_BL_porn !blk_BL_sex_education !blk_BL_sex_lingerie all</overdestname>
</2>
</acls>
<default>
<name>default</name>
<description></description>
<disabled></disabled>
<timename></timename>
<redirect_mode>rmod_int</redirect_mode>
<redirect>USTED NO ESTA AUTORIZADO A ACCEDER A ESTE SITIO</redirect>
<rewritename>safesearch</rewritename>
<log>on</log>
<notallowingip>on</notallowingip>
<destname>none</destname>
</default>
<rewrite_children>16</rewrite_children>
<rewrite_children_startup>8</rewrite_children_startup>
<rewrite_children_idle>4</rewrite_children_idle>
<enablelog>on</enablelog>
<enableguilog>on</enableguilog>
<logrotation>on</logrotation>
<adv_blankimg>off</adv_blankimg>
<current_lan_ip>10.0.67.2</current_lan_ip>
<current_gui_port>8181</current_gui_port>
<current_gui_protocol>https</current_gui_protocol>
</squidGuard>

FreudyFLC

@viktor_g
I found the following difference:
In the Squid Folder the SquidGuard.conf file if you have the scr
But in the SquidGuard folder the file doesn't have it.
I will correct this error and see if it works

FreudyFLC

@viktor_g
Sorry for the inconvenience and my ignorance. The problem was with the squid integration with the squidGuard. I have solved the error and the ACLs are working without problems.

Thank you very much for attending me and helping me

ZaTTG

This post is deleted!

ZaTTG

ProxyConfig.txt
FilterConfig.txt

Here are my configs. It used to work fine on 2.4.5 redirecting users to google 403 error. The only change I recently made was swap shallalist in favor of UT1 because I read that Viktor had no problem with them. But no luck for me.
Hope you can help

Anderson_Sereno

@viktor_g https://forum.netgate.com/topic/162463/squidguard-1-16-18_17-not-filtering-pfsense-2-5?_=1616885707887

viktor_g

@anderson_sereno
https://redmine.pfsense.org/issues/11738#change-52706

Please wait for the next package version...

viktor_g

Fixed
Please update SquidGuard pkg to the latest version

ZaTTG

@viktor_g Updated this morning and tested now, so far is working fine as it was in 2.4.5, thanks @viktor_g .