Squid Guard Group ACL is not working on pfsense 2.3.2-RELEASE



  • Hi all,

    I am using pfsense 2.3.2-RELEASE as proxy filter with squid 0.4.22 and SquidGuard 1.14_3.

    Now I have created two groups in squidguard one is local and one is super and allowed and blocked categories respectively.

    Now the problem is when I use Local authentication of squid and put that username in any of the squidguard group it works and blocks the site.

    But when I but the IP for bypass the authentication in squid and put that ip in any of groups as a client source in squidguard it divert me to common acl rather than the groups which I made.

    e.g. there are two users "local" and "super" in squid and two Groups in squid guard Local_Group and super_g.

    Now below are the cases.

    case 1.    When I put the usernames in the groups i.e. user "local" in Local_Group and user "super" in super_g group it works and process the filter.

    case 2.    When I bypass the ip for the authentication in squid and put that ip in any of the group i.e. Local_Group or super_g  it simply divert me to the common acl, which means the even after putting the ip address in client source in goups it is not recognizing it, however it showing me the correct config in the squidguard.conf which is as below.

    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard

    time AllowedSites {
            weekly sat 00:00-23:59
    time AllowedSites {
            weekly sat 00:00-23:59
    }

    src Local_Group {
            user  local
            log block.log
    }

    src super_g {
            ip    192.168.x.xx
            user  super
            log block.log
    }

    dest blk_BL_adv {
            domainlist blk_BL_adv/domains
            urllist blk_BL_adv/urls
            log block.log
    }

    Please suggest where I am going wrong.



  • Hi there,

    I found it…..... hopefully it will helpful to you in case if  you are stuck.

    In squid guard you cannot put the IP address and username in the custom created Group ACL, it will only pick the username.

    So I have created a same ACL twice , one with the client source as username, and other with the client source as IP only.

    Regards,

    Deepak


Log in to reply