SquidGuard 1.16.18_19 update is borked
-
I decided to update packages today, the following are installed.
Avahi 2.1_1
bandwidthd 0.7.4_5
Cron 0.3.7_5
darkstat 3.1.3_5
Lightsquid 3.0.6_8
pfBlockerNG 2.1.4_26
RRD_Summary 2.0_1
Service_Watchdog 1.8.7_1
squid 0.4.45_4
squidGuard 1.16.18_19 (Actually as of now it's 1.16.18_18, but I can't find a way to revert the revision number more on that below...)After updating squidGuard, I noticed that it was no longer filtering traffic, at all. Even websites listed in a custom black list was allowed through.
At first I thought it was something with Chrome and forcing HTTPS, but it wasn't. I went through and did all that lovely MITM stuff, still no filtering, however, everything passed through SQUID just fine.
I decided, since I can't find an easy way to downgrade to 1.16.18_18(the previous release, not sure on version?) I would look up the changes at https://github.com/pfsense/FreeBSD-ports/commits/devel/www/pfSense-pkg-squidGuard
I decided I would just edit the files, and spent a good bit of time hunting them down, found they all, except for the makefile exist in /usr/local/pkg, which I suspect is used as a install file that gets discarded or something, not a package handler nor programmer, I just know how to get into trouble. :)
Files that I manually edited back to original are as follows (using the naming from Github)...
www/pfSense-pkg-squidGuard/files/usr/local/pkg/squidguard.inc
www/pfSense-pkg-squidGuard/files/usr/local/pkg/squidguard_configurator.inc
www/pfSense-pkg-squidGuard/files/usr/local/pkg/squidguard.xmlNot sure what exactly broke for me, nor why, just throwing this out there for anyone else that might be having issues with filtering suddenly stopping after this particular update.
-
This post is deleted! -
This post is deleted! -
Same Issue here.
@C0RR0SIVE Thanks for your detailed problem description.
I fixed it by reverting the following changes in /usr/local/pkg/squidguard_configurator.inc:changed: $acl[F_DESTINATIONNAME] = "^squidstatus !in-addr {$acl[F_DESTINATIONNAME]}"; $acl[F_OVERDESTINATIONNAME] = "^squidstatus !in-addr {$acl[F_OVERDESTINATIONNAME]}"; to: $acl[F_DESTINATIONNAME] = "!in-addr {$acl[F_DESTINATIONNAME]}"; $acl[F_OVERDESTINATIONNAME] = "!in-addr {$acl[F_OVERDESTINATIONNAME]}"; changed: $def[F_DESTINATIONNAME] = "^squidstatus !in-addr " . $def[F_DESTINATIONNAME]; to: $def[F_DESTINATIONNAME] = "!in-addr " . $def[F_DESTINATIONNAME]; -
I've run into the same issue with pfSense (ver. 2.5.2) proxy-filter (Squidguard 1.16.18_19).
The proxy server (Squid 0.4.45_4) seems to functioning normally in Transparent/SSL mode, but for some reason the filter function just stopped working since 2021-07-14 according to the log.
I've tried stopping/restarting the services, and the system, and uninstalling/reinstalling Squidguard, but the filter does not filter any content at all.
ref: https://redmine.pfsense.org/issues/12125
I was just wondering if you or someone else had found any resolution?
I am now considering restoring to an earlier configuration date, and re-configure changes from then to present.
-
@dansngfacc said in SquidGuard 1.16.18_19 update is borked:
onsidering restoring to an earlier con
I tried to restore to an earlier configuration, no go... Something is wrong somewhere in the actual Squid Guard files, read the previous posts, you're going to have to edit a few files it seems like. I am surprised there aren't several others with this issue.
-
@c0rr0sive
I've tried editing the "squidguard_configurator.inc" file as suggested in previous post, rebooted the system and filtering is still not functioning.
I will check again tomorrow, but getting frustrated with this problem.
Please reply if you have heard/found any other possible solutions.Thanks for your replies/input.
-
@dansngfacc
Did SquidGuard recreate the configuration file?
If not, you have to make some configurations changes and then reapply the settings.Please check the following file: /usr/local/etc/squidGuard1/squidGuard.conf
The ACLS' should no longer contain squidstatus.OK
foo { pass !in-addr bar none log block.log } #NOK
foo { pass squidstatus !in-addr bar none log block.log } # -
Thank you for the advice,
I've checked the squidGuard.conf file and it didn't contain "squidstatus !in-addr" or "bar none" in the acl section (see attached jpg image)
I tried adding the "!in-addr" portion to the config, but after stopping/restarting the SquidGuard service I found that it wasn't saved or reverted to default.Note that I'm using the Diagnostics/Edit File graphic editor.
The system still isn't filtering content.
Does the server need to be rebooted to reconfig? -
System Log shows "php-fpm 44155 /diag_reboot.php: The command '/usr/bin/killall 'squidGuard'' returned exit code '1', the output was 'No matching processes were found' " as last entry after re-installing SquidGuard 1.16.18_19 package (see attached jpg)
-
Fixed in 1.16.18_20
-
Thanks for the update,
I had proceeded to backdate config and uninstalled Squid/Squidguard temporarily. I will be re-installing from scratch, Squid-Proxy first (save config) and Squidguard-Filter second, when the update is available.
I will update post if issues continue at that time.
-
Reinstalled Squid & Squidguard 1.16.18_20 today and same issue is occuring. Squid Proxy Server works fine (transparent/ssl), then after installing Squidguard and configuring (Blacklist/target catagories), it initially filters content, then stops filtering any content.
(See attached system log)
Any help appreciated.
-
@dansngfacc said in SquidGuard 1.16.18_19 update is borked:
Reinstalled Squid & Squidguard 1.16.18_20 today and same issue is occuring. Squid Proxy Server works fine (transparent/ssl), then after installing Squidguard and configuring (Blacklist/target catagories), it initially filters content, then stops filtering any content.
(See attached system log)Any help appreciated.
looks like another issue
please attach/var/squid/logs/squidGuard.log -
Thank you for the promp reply,
Presently I'm just running Squid - Proxy Service.
Unfortuneately, I've removed Squidguard temporarily to avoid issues with Net Users.
I normally do diagnostics/net management on Fridays, so I will reinstall/try again and send log at that time, or sooner if possible.
