Squidguard not blocking sites, http OR https (SSL squid MitM up) pfSense 2.3


  • Banned

    As stated in the Subject. My Squid & SquidGuard are up and running, blacklists (shallalist) downloading successfully, dummy rule enabled. But, squidguard won't block sites on http OR https. I'm posting pics of the squidguard settings that I've adjusted. I can post logs if helpful? I'm not a network guy and a total pfSense newbie.

    I've tried uninstalling Squid & SquidGuard, deleting squid & squidguard folders after uninstall via SSH using rm-rf:
    rm -rf /var/squid
    rm  -rf /var/squidGuard
    rm  -rf /logs/squid
    rm -rf /logs/squidGuard
    Rebooting, Reinstalling Squid then Squidguard (and opposite order) Rebooting again. Both packages show running, but squidguard still not blocking sites.

    Please tell me how to fix this! What am I doing wrong?












  • Hi,

    I have the same problem. Did you solve it?

    Regards
    Kalle


  • Banned

    I did get it working with MiTM, I ended up uninstalling all packages, removing all remaining folder, then reinstalling squidguard and squid. I had to uninstall and reinstall squid and squidguard multiple times before it worked. Seems like a pretty flaky solution, but I read somewhere on here that other users were able to get it working the same way.

    I quickly stopped using squid in transparent mode though, too many SSL sites were still inaccessible due to SSLv3 incompatibility.

    I tried explicit squid, but have had serious issues with it, if you're interested you can read about my issues with it here, https://forum.pfsense.org/index.php?topic=117194.0.

    I'm about ready to give up on squid, something to do with my installation (which as far as I can tell is not abnormal, and I have done a clean reinstall) causes squid to be extremely flaky for me.

    pfBlockerNG does everything that I want out of squid except for implementing shallalist blacklisting, and it justs works with no issues.

    Caching would have been nice, but with so much SSL out there and so many SSLv3 issues, not enough is being cached to make it worthwhile, IMO.



  • Hi,

    thank you for your answer.
    What is "MiTM"?
    I have had working on version 2.2 without any issue. On 2.3 I uninstalled squidguard and tried pfBlockerNG. But now I want squidguard back. ::)
    I will still try on it some time. Perhaps I will do it like you.

    Best regards



  • Ive found the solution for me.  ;D I simply reinstalled squid. Now its working properly.

    Cheers


Log in to reply