Pfsense + squid + squidguard block some ip's and others don't
-
Hi everyone, i have this issue:
When i fresh install pfsense + squid + squidguard non transparent, i create rules, download shallalist, asign ip by mac address, create squidguard groups, etc everything works well, i start to block users by groups.
But when the days passed, packages updates, create new ip users, etc, pfsense starts to load sites that have been blocked before on some users of blocked groups in squidguard. That drives me crazy a lot!
I don't know why pfsense is doing this, or why is doing this i would like to recover total control of blocked sites by ip again like fresh install. Is there a way to look what's going on, or a way to fix this?
Best regards
??? :-[
-
Check the squid access logs, check the squidguard log if you have enabled it, double-check your squid rules to ensure you don't user user overlap in multiple ACLs. Take a specific instance of the problem and check the details: which user accessed which site at which IP address against squid's access log and squidguard's log. If you haven't already done so, enabled general squidguard logging as well as logging for each ACL you are concerned about.
-
Thanks a lot KOM for the help, i already enabled squid and squidguard logs, i'll check them trying to find anything suspicious!
I hope to find anything!
Regards
-
This aside, there is another interesting aspect (or at least this is how this was working years ago): if Squidguard is not able to handle too many requests due to performance or settings issues, then some requests go "unfiltered"
For sure it would not have the impact you describe, linked to IP address, if I understand well but worth to check. -
if Squidguard is not able to handle too many requests due to performance or settings issues
Strange. squidguard has no notion of child threads or anything since it's called on-demand by squid. If squid doesn't have enough children, then processing should slow down but not just completely ignore the calls to squidguard to process the current URL.
Regardless, this can be addressed by increasing the number of child threads in squid's Advanced Options - Integrations:
url_rewrite_children 16
Bump it to a higher number if you have slow processing caused by lots of users.
