Group ACL in Squidguard behaving strangely

Vlee

Hello all,

I have 2 PC ips set in a group ACL. They both have the target rule to block webmail.
One pc blocks webmail while the other does not.

• Both PC IPs are set in the same exact Group ACL.
• I already checked to make sure the PC that is not blocking was not in another ACL. All other ACLs I have also blocks webmail and works.
• I have tested the ACL by adding different IPs in and the webmail does get blocked for those IPs.

What could be the issue?
Please let me know if there is some other info that I should post that might help.

Thank you

• Victoria

KOM

Have you verified that the PC that doesn't block webmail is actually using the proxy?  Are you running transparent or explicit?

Vlee

@KOM:

Have you verified that the PC that doesn't block webmail is actually using the proxy?  Are you running transparent or explicit?

The PC is using the proxy. It blocks other sites for different rules like the games or movies rule.

I am running transparent mode.

KOM

What happens if you take the IP addresses of two systems (one being the non-blockable), and switch them?  Does the problem follow the IP address or the system?

Post your squidguard filter config (Services - Squidguard - Log - Filter config) and the IP address of the misbehaving system.

Vlee

@KOM:

What happens if you take the IP addresses of two systems (one being the non-blockable), and switch them?  Does the problem follow the IP address or the system?

That's a good suggestion. I will test it out and let you know the results.

Below is my squidguard filter config.
The IP of the troubled system is 192.168.1.167

# ============================================================
# SquidGuard configuration file
# This file generated automaticly with SquidGuard configurator
# (C)2006 Serg Dvoriancev
# email: dv_serg@mail.ru
# ============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

# Fsc/Tech rule
src Fsc_Techs {
	ip     192.168.1.104
	ip     192.168.1.105
	ip     192.168.1.106
	ip     192.168.1.107
	log block.log
}

# Includes QA, Lab Computers
src Other {
	ip     192.168.1.77
	ip     192.168.1.125
	ip     192.168.1.167
	ip     192.168.1.144
	log block.log
}

# 
dest blk_BL_adv {
	domainlist blk_BL_adv/domains
	urllist blk_BL_adv/urls
	log block.log
}

# 
dest blk_BL_aggressive {
	domainlist blk_BL_aggressive/domains
	urllist blk_BL_aggressive/urls
	log block.log
}

# 
dest blk_BL_alcohol {
	domainlist blk_BL_alcohol/domains
	urllist blk_BL_alcohol/urls
	log block.log
}

# 
dest blk_BL_anonvpn {
	domainlist blk_BL_anonvpn/domains
	urllist blk_BL_anonvpn/urls
	log block.log
}

# 
dest blk_BL_automobile_bikes {
	domainlist blk_BL_automobile_bikes/domains
	urllist blk_BL_automobile_bikes/urls
	log block.log
}

# 
dest blk_BL_automobile_boats {
	domainlist blk_BL_automobile_boats/domains
	urllist blk_BL_automobile_boats/urls
	log block.log
}

# 
dest blk_BL_automobile_cars {
	domainlist blk_BL_automobile_cars/domains
	urllist blk_BL_automobile_cars/urls
	log block.log
}

# 
dest blk_BL_automobile_planes {
	domainlist blk_BL_automobile_planes/domains
	urllist blk_BL_automobile_planes/urls
	log block.log
}

# 
dest blk_BL_chat {
	domainlist blk_BL_chat/domains
	urllist blk_BL_chat/urls
	log block.log
}

# 
dest blk_BL_costtraps {
	domainlist blk_BL_costtraps/domains
	urllist blk_BL_costtraps/urls
	log block.log
}

# 
dest blk_BL_dating {
	domainlist blk_BL_dating/domains
	urllist blk_BL_dating/urls
	log block.log
}

# 
dest blk_BL_downloads {
	domainlist blk_BL_downloads/domains
	urllist blk_BL_downloads/urls
	log block.log
}

# 
dest blk_BL_drugs {
	domainlist blk_BL_drugs/domains
	urllist blk_BL_drugs/urls
	log block.log
}

# 
dest blk_BL_dynamic {
	domainlist blk_BL_dynamic/domains
	urllist blk_BL_dynamic/urls
	log block.log
}

# 
dest blk_BL_education_schools {
	domainlist blk_BL_education_schools/domains
	urllist blk_BL_education_schools/urls
	log block.log
}

# 
dest blk_BL_finance_banking {
	domainlist blk_BL_finance_banking/domains
	urllist blk_BL_finance_banking/urls
	log block.log
}

# 
dest blk_BL_finance_insurance {
	domainlist blk_BL_finance_insurance/domains
	urllist blk_BL_finance_insurance/urls
	log block.log
}

# 
dest blk_BL_finance_moneylending {
	domainlist blk_BL_finance_moneylending/domains
	urllist blk_BL_finance_moneylending/urls
	log block.log
}

# 
dest blk_BL_finance_other {
	domainlist blk_BL_finance_other/domains
	urllist blk_BL_finance_other/urls
	log block.log
}

# 
dest blk_BL_finance_realestate {
	domainlist blk_BL_finance_realestate/domains
	urllist blk_BL_finance_realestate/urls
	log block.log
}

# 
dest blk_BL_finance_trading {
	domainlist blk_BL_finance_trading/domains
	urllist blk_BL_finance_trading/urls
	log block.log
}

# 
dest blk_BL_fortunetelling {
	domainlist blk_BL_fortunetelling/domains
	urllist blk_BL_fortunetelling/urls
	log block.log
}

# 
dest blk_BL_forum {
	domainlist blk_BL_forum/domains
	urllist blk_BL_forum/urls
	log block.log
}

# 
dest blk_BL_gamble {
	domainlist blk_BL_gamble/domains
	urllist blk_BL_gamble/urls
	log block.log
}

# 
dest blk_BL_government {
	domainlist blk_BL_government/domains
	urllist blk_BL_government/urls
	log block.log
}

# 
dest blk_BL_hacking {
	domainlist blk_BL_hacking/domains
	urllist blk_BL_hacking/urls
	log block.log
}

# 
dest blk_BL_hobby_cooking {
	domainlist blk_BL_hobby_cooking/domains
	urllist blk_BL_hobby_cooking/urls
	log block.log
}

# 
dest blk_BL_hobby_games-misc {
	domainlist blk_BL_hobby_games-misc/domains
	urllist blk_BL_hobby_games-misc/urls
	log block.log
}

# 
dest blk_BL_hobby_games-online {
	domainlist blk_BL_hobby_games-online/domains
	urllist blk_BL_hobby_games-online/urls
	log block.log
}

# 
dest blk_BL_hobby_gardening {
	domainlist blk_BL_hobby_gardening/domains
	urllist blk_BL_hobby_gardening/urls
	log block.log
}

# 
dest blk_BL_hobby_pets {
	domainlist blk_BL_hobby_pets/domains
	urllist blk_BL_hobby_pets/urls
	log block.log
}

# 
dest blk_BL_homestyle {
	domainlist blk_BL_homestyle/domains
	urllist blk_BL_homestyle/urls
	log block.log
}

# 
dest blk_BL_hospitals {
	domainlist blk_BL_hospitals/domains
	urllist blk_BL_hospitals/urls
	log block.log
}

# 
dest blk_BL_imagehosting {
	domainlist blk_BL_imagehosting/domains
	urllist blk_BL_imagehosting/urls
	log block.log
}

# 
dest blk_BL_isp {
	domainlist blk_BL_isp/domains
	urllist blk_BL_isp/urls
	log block.log
}

# 
dest blk_BL_jobsearch {
	domainlist blk_BL_jobsearch/domains
	urllist blk_BL_jobsearch/urls
	log block.log
}

# 
dest blk_BL_library {
	domainlist blk_BL_library/domains
	urllist blk_BL_library/urls
	log block.log
}

# 
dest blk_BL_military {
	domainlist blk_BL_military/domains
	urllist blk_BL_military/urls
	log block.log
}

# 
dest blk_BL_models {
	domainlist blk_BL_models/domains
	urllist blk_BL_models/urls
	log block.log
}

# 
dest blk_BL_movies {
	domainlist blk_BL_movies/domains
	urllist blk_BL_movies/urls
	log block.log
}

# 
dest blk_BL_music {
	domainlist blk_BL_music/domains
	urllist blk_BL_music/urls
	log block.log
}

# 
dest blk_BL_news {
	domainlist blk_BL_news/domains
	urllist blk_BL_news/urls
	log block.log
}

# 
dest blk_BL_podcasts {
	domainlist blk_BL_podcasts/domains
	urllist blk_BL_podcasts/urls
	log block.log
}

# 
dest blk_BL_politics {
	domainlist blk_BL_politics/domains
	urllist blk_BL_politics/urls
	log block.log
}

# 
dest blk_BL_porn {
	domainlist blk_BL_porn/domains
	urllist blk_BL_porn/urls
	log block.log
}

# 
dest blk_BL_radiotv {
	domainlist blk_BL_radiotv/domains
	urllist blk_BL_radiotv/urls
	log block.log
}

# 
dest blk_BL_recreation_humor {
	domainlist blk_BL_recreation_humor/domains
	urllist blk_BL_recreation_humor/urls
	log block.log
}

# 
dest blk_BL_recreation_martialarts {
	domainlist blk_BL_recreation_martialarts/domains
	urllist blk_BL_recreation_martialarts/urls
	log block.log
}

# 
dest blk_BL_recreation_restaurants {
	domainlist blk_BL_recreation_restaurants/domains
	urllist blk_BL_recreation_restaurants/urls
	log block.log
}

# 
dest blk_BL_recreation_sports {
	domainlist blk_BL_recreation_sports/domains
	urllist blk_BL_recreation_sports/urls
	log block.log
}

# 
dest blk_BL_recreation_travel {
	domainlist blk_BL_recreation_travel/domains
	urllist blk_BL_recreation_travel/urls
	log block.log
}

# 
dest blk_BL_recreation_wellness {
	domainlist blk_BL_recreation_wellness/domains
	urllist blk_BL_recreation_wellness/urls
	log block.log
}

# 
dest blk_BL_redirector {
	domainlist blk_BL_redirector/domains
	urllist blk_BL_redirector/urls
	log block.log
}

# 
dest blk_BL_religion {
	domainlist blk_BL_religion/domains
	urllist blk_BL_religion/urls
	log block.log
}

# 
dest blk_BL_remotecontrol {
	domainlist blk_BL_remotecontrol/domains
	urllist blk_BL_remotecontrol/urls
	log block.log
}

# 
dest blk_BL_ringtones {
	domainlist blk_BL_ringtones/domains
	urllist blk_BL_ringtones/urls
	log block.log
}

# 
dest blk_BL_science_astronomy {
	domainlist blk_BL_science_astronomy/domains
	urllist blk_BL_science_astronomy/urls
	log block.log
}

# 
dest blk_BL_science_chemistry {
	domainlist blk_BL_science_chemistry/domains
	urllist blk_BL_science_chemistry/urls
	log block.log
}

# 
dest blk_BL_searchengines {
	domainlist blk_BL_searchengines/domains
	urllist blk_BL_searchengines/urls
	log block.log
}

# 
dest blk_BL_sex_education {
	domainlist blk_BL_sex_education/domains
	urllist blk_BL_sex_education/urls
	log block.log
}

# 
dest blk_BL_sex_lingerie {
	domainlist blk_BL_sex_lingerie/domains
	urllist blk_BL_sex_lingerie/urls
	log block.log
}

# 
dest blk_BL_shopping {
	domainlist blk_BL_shopping/domains
	urllist blk_BL_shopping/urls
	log block.log
}

# 
dest blk_BL_socialnet {
	domainlist blk_BL_socialnet/domains
	urllist blk_BL_socialnet/urls
	log block.log
}

# 
dest blk_BL_spyware {
	domainlist blk_BL_spyware/domains
	urllist blk_BL_spyware/urls
	log block.log
}

# 
dest blk_BL_tracker {
	domainlist blk_BL_tracker/domains
	urllist blk_BL_tracker/urls
	log block.log
}

# 
dest blk_BL_updatesites {
	domainlist blk_BL_updatesites/domains
	urllist blk_BL_updatesites/urls
	log block.log
}

# 
dest blk_BL_urlshortener {
	domainlist blk_BL_urlshortener/domains
	urllist blk_BL_urlshortener/urls
	log block.log
}

# 
dest blk_BL_violence {
	domainlist blk_BL_violence/domains
	urllist blk_BL_violence/urls
	log block.log
}

# 
dest blk_BL_warez {
	domainlist blk_BL_warez/domains
	urllist blk_BL_warez/urls
	log block.log
}

# 
dest blk_BL_weapons {
	domainlist blk_BL_weapons/domains
	urllist blk_BL_weapons/urls
	log block.log
}

# 
dest blk_BL_webmail {
	domainlist blk_BL_webmail/domains
	urllist blk_BL_webmail/urls
	log block.log
}

# 
dest blk_BL_webphone {
	domainlist blk_BL_webphone/domains
	urllist blk_BL_webphone/urls
	log block.log
}

# 
dest blk_BL_webradio {
	domainlist blk_BL_webradio/domains
	urllist blk_BL_webradio/urls
	log block.log
}

# 
dest blk_BL_webtv {
	domainlist blk_BL_webtv/domains
	urllist blk_BL_webtv/urls
	log block.log
}

# Dummy custom target categories
dest Dummy {
	log block.log
}

# 
dest Blacklist {
	domainlist Blacklist/domains
	log block.log
}

# Block downloads by file extension
dest file_ext {
	expressionlist file_ext/expressions
	log block.log
}

# 
dest Whitelist {
	domainlist Whitelist/domains
}

# 
dest Webmail_Block {
	domainlist Webmail_Block/domains
	log block.log
}

# 
rew safesearch {
	s@(google..*/search?.*q=.*)@
&safe=active@i
	s@(google..*/images.*q=.*)@
&safe=active@i
	s@(google..*/groups.*q=.*)@
&safe=active@i
	s@(google..*/news.*q=.*)@
&safe=active@i
	s@(yandex..*/yandsearch?.*text=.*)@
&fyandex=1@i
	s@(search.yahoo..*/search.*p=.*)@
&vm=r&v=1@i
	s@(search.live..*/.*q=.*)@
&adlt=strict@i
	s@(search.msn..*/.*q=.*)@
&adlt=strict@i
	s@(.bing..*/.*q=.*)@
&adlt=strict@i
	log block.log
}

# 
acl  {
	# Fsc/Tech rule
	Fsc_Techs  {
		pass Whitelist blk_BL_movies !Dummy !Blacklist !file_ext !Webmail_Block !blk_BL_aggressive !blk_BL_alcohol !blk_BL_chat !blk_BL_dating !blk_BL_downloads !blk_BL_forum !blk_BL_gamble !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_jobsearch !blk_BL_models !blk_BL_music !blk_BL_porn !blk_BL_radiotv !blk_BL_redirector !blk_BL_religion !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_shopping !blk_BL_socialnet !blk_BL_spyware !blk_BL_tracker !blk_BL_violence !blk_BL_warez !blk_BL_weapons !blk_BL_webmail !blk_BL_webphone !blk_BL_webradio !blk_BL_webtv all
		log block.log
	}
	# Includes QA, Lab Computers
	Other  {
		pass blk_BL_movies !in-addr !file_ext !Webmail_Block !blk_BL_aggressive !blk_BL_alcohol !blk_BL_chat !blk_BL_dating !blk_BL_downloads !blk_BL_gamble !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_models !blk_BL_music !blk_BL_porn !blk_BL_radiotv !blk_BL_redirector !blk_BL_religion !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_socialnet !blk_BL_spyware !blk_BL_tracker !blk_BL_urlshortener !blk_BL_violence !blk_BL_warez !blk_BL_weapons !blk_BL_webmail !blk_BL_webphone !blk_BL_webradio !blk_BL_webtv Whitelist blk_BL_jobsearch blk_BL_updatesites all
		log block.log
	}
	# 
	default  {
		pass Whitelist !Dummy !blk_BL_dating !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_models !blk_BL_porn !blk_BL_sex_lingerie !blk_BL_warez !blk_BL_weapons all
		redirect http://192.168.1.1:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
		log block.log
	}
}

pfSense is © 2004 - 2016 by Electric Sheep Fencing LLC. All Rights Reserved. [view license]

KOM

You appear to have 2 different WebMail entries, blk_BL_webmail and Webmail_Block.  Other than that, everything looks good to me.  What version of pfSense and squid/squidguard are you using?

Vlee

@KOM:

You appear to have 2 different WebMail entries, blk_BL_webmail and Webmail_Block.  Other than that, everything looks good to me.  What version of pfSense and squid/squidguard are you using?

Pfsense 2.3.2
Squid 0.4.21
Squidguard1.14_3
The blk_BL_webmail is  the original target rule.
Webmail_Block is a target category I created for a test and can be removed.

I took the two IPS (the non-blockable and blockable one) and switched them.
The results were strange.
The non-blockable computer was given the blockable IP but still behaved the same way. (It wouldn't block webmail)
The blockable computer given the non-blockable IP then behaved just like the non-blockable computer. (It also wouldn't block webmail)

When switched back behavior returned to the original state. (One blockable one non-blockable)

KOM

You have something very weird going on.  I couldn't even begin to guess at what it might be.  Please report back if you get to the bottom of it.

Vlee

@KOM:

You have something very weird going on.  I couldn't even begin to guess at what it might be.  Please report back if you get to the bottom of it.

Yes, I agree it is very strange. Thank you for trying to help.