SquidGuard não está bloqueando sites.



  • Boa tarde ai Gente!

    Eu não consigo fazer o SquidGuard bloquear sites. Aparentemente os usuários passam normalmente pelo squid, mas não pelo squidguard, já fiz testes de bloqueio somente pelo squid, e ai rola normal. Agora quando tenho criar uma regra de blacklist no squidguard, ele não bloqueia.

    Versões:

    Pfsense: 2.3.3 amd64
    Squid: 0.4.36_3
    SquidGuard: 1.16.2

    Uso proxy normal com autenticação via AD (Winbind NTLM) no Squid, e estou com a opção LDAP ativo no squidguard.
    Detalhe é que usei um script pd2ad para fazer o squid autenticar no AD e não exigir usuário e senha no proxy para o usuário. (já usando as credenciais do AD)

    verifiquei a integração do squid com o squiguard, mas parece que os usuários não passam pelo squidguard.

    Meu Squid.conf:

    http_port 135.20.1.100:3128
    icp_port 0
    digest_generation off
    dns_v4_first on
    pid_filename /var/run/squid/squid.pid
    cache_effective_user squid
    cache_effective_group proxy
    error_default_language pt-br
    icon_directory /usr/local/etc/squid/icons
    visible_hostname Ramed
    cache_mgr wagner@ramed.com.br
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    netdb_filename /var/squid/logs/netdb.state
    pinger_enable on
    pinger_program /usr/local/libexec/squid/pinger
    
    logfile_rotate 0
    debug_options rotate=0
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src  135.20.1.0/24
    forwarded_for on
    httpd_suppress_version_string on
    uri_whitespace strip
    
    cache_mem 64 MB
    maximum_object_size_in_memory 256 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    minimum_object_size 0 KB
    maximum_object_size 4 MB
    cache_dir ufs /var/squid/cache 1000 16 256
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95
    cache allow all
    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp:    1440  20%  10080
    refresh_pattern ^gopher:  1440  0%  1440
    refresh_pattern -i (/cgi-bin/|?) 0  0%  0
    refresh_pattern .    0  20%  4320
    
    #Remote proxies
    
    # Setup some default acls
    # ACLs all, manager, localhost, and to_localhost are predefined.
    acl allsrc src all
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535 
    acl sslports port 443 563  
    
    acl purge method PURGE
    acl connect method CONNECT
    
    # Define protocols used for redirects
    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    http_access allow manager localhost
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    http_access allow localhost
    
    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc
    
    # Reverse Proxy settings
    
    # Package Integration
    url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
    url_rewrite_bypass off
    url_rewrite_children 16 startup=8 idle=4 concurrency=0
    
    # Custom options before auth
    
    acl sglog url_regex -i sgr=ACCESSDENIED
    auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --domain=ramed.com.br --helper-protocol=squid-2.5-ntlmssp
    auth_param ntlm children 30
    auth_param ntlm keep_alive off
    auth_param basic program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-basic
    auth_param basic children 20
    auth_param basic realm Please enter your credentials to access the proxy
    auth_param basic credentialsttl 5 minutes
    acl password proxy_auth REQUIRED
    # Custom options after auth
    
    http_access deny password sglog
    http_access allow password localnet
    # Default block all to be sure
    http_access deny allsrc
    
    icap_enable on
    icap_send_client_ip on
    icap_send_client_username on
    icap_client_username_encode off
    icap_client_username_header X-Authenticated-User
    icap_preview_enable on
    icap_preview_size 1024
    
    icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squid_clamav bypass=off
    adaptation_access service_avi_req allow all
    icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squid_clamav bypass=on
    adaptation_access service_avi_resp allow all
    

    Mensagem no Cache Logs do Squid:

    Date-Time	Mensagem
    08.05.2017 14:55:50	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:50	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:50	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:45	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:45	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:45	Starting new ntlmauthenticator helpers...
    

    no Cache logs do squid guard não tem nada :s

    alguém tem alguma idéia do que esta acontecendo?

    valeu!



  • @Wagner:

    Boa tarde ai Gente!

    Eu não consigo fazer o SquidGuard bloquear sites. Aparentemente os usuários passam normalmente pelo squid, mas não pelo squidguard, já fiz testes de bloqueio somente pelo squid, e ai rola normal. Agora quando tenho criar uma regra de blacklist no squidguard, ele não bloqueia.

    Versões:

    Pfsense: 2.3.3 amd64
    Squid: 0.4.36_3
    SquidGuard: 1.16.2

    Uso proxy normal com autenticação via AD (Winbind NTLM) no Squid, e estou com a opção LDAP ativo no squidguard.
    Detalhe é que usei um script pd2ad para fazer o squid autenticar no AD e não exigir usuário e senha no proxy para o usuário. (já usando as credenciais do AD)

    verifiquei a integração do squid com o squiguard, mas parece que os usuários não passam pelo squidguard.

    Meu Squid.conf:

    http_port 135.20.1.100:3128
    icp_port 0
    digest_generation off
    dns_v4_first on
    pid_filename /var/run/squid/squid.pid
    cache_effective_user squid
    cache_effective_group proxy
    error_default_language pt-br
    icon_directory /usr/local/etc/squid/icons
    visible_hostname Ramed
    cache_mgr wagner@ramed.com.br
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    netdb_filename /var/squid/logs/netdb.state
    pinger_enable on
    pinger_program /usr/local/libexec/squid/pinger
    
    logfile_rotate 0
    debug_options rotate=0
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src  135.20.1.0/24
    forwarded_for on
    httpd_suppress_version_string on
    uri_whitespace strip
    
    cache_mem 64 MB
    maximum_object_size_in_memory 256 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    minimum_object_size 0 KB
    maximum_object_size 4 MB
    cache_dir ufs /var/squid/cache 1000 16 256
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95
    cache allow all
    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp:    1440  20%  10080
    refresh_pattern ^gopher:  1440  0%  1440
    refresh_pattern -i (/cgi-bin/|?) 0  0%  0
    refresh_pattern .    0  20%  4320
    
    #Remote proxies
    
    # Setup some default acls
    # ACLs all, manager, localhost, and to_localhost are predefined.
    acl allsrc src all
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535 
    acl sslports port 443 563  
    
    acl purge method PURGE
    acl connect method CONNECT
    
    # Define protocols used for redirects
    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    http_access allow manager localhost
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    http_access allow localhost
    
    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc
    
    # Reverse Proxy settings
    
    # Package Integration
    url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
    url_rewrite_bypass off
    url_rewrite_children 16 startup=8 idle=4 concurrency=0
    
    # Custom options before auth
    
    acl sglog url_regex -i sgr=ACCESSDENIED
    auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --domain=ramed.com.br --helper-protocol=squid-2.5-ntlmssp
    auth_param ntlm children 30
    auth_param ntlm keep_alive off
    auth_param basic program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-basic
    auth_param basic children 20
    auth_param basic realm Please enter your credentials to access the proxy
    auth_param basic credentialsttl 5 minutes
    acl password proxy_auth REQUIRED
    # Custom options after auth
    
    http_access deny password sglog
    http_access allow password localnet
    # Default block all to be sure
    http_access deny allsrc
    
    icap_enable on
    icap_send_client_ip on
    icap_send_client_username on
    icap_client_username_encode off
    icap_client_username_header X-Authenticated-User
    icap_preview_enable on
    icap_preview_size 1024
    
    icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squid_clamav bypass=off
    adaptation_access service_avi_req allow all
    icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squid_clamav bypass=on
    adaptation_access service_avi_resp allow all
    

    Mensagem no Cache Logs do Squid:

    Date-Time	Mensagem
    08.05.2017 14:55:50	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:50	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:50	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:45	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:45	Starting new ntlmauthenticator helpers...
    08.05.2017 14:55:45	Starting new ntlmauthenticator helpers...
    

    no Cache logs do squid guard não tem nada :s

    alguém tem alguma idéia do que esta acontecendo?

    valeu!

    Já foi respondido uma dúvida igual a sua aqui!!!

    https://forum.pfsense.org/index.php?topic=129617.new;topicseen#new



  • Já foi respondido uma dúvida igual a sua aqui!!!

    https://forum.pfsense.org/index.php?topic=129617.new;topicseen#new

    Obrigado! mas mesmo executando todos os passos descritos ainda não resolveu,
    deixei todos os campos de LDAP em branco, fiz testes usando 'nome.usuario' , usando apenas o IP da maquina e nada.

    veja o arquivo squidguard.conf :

    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard
    ldapbinddn 
    ldapbindpass 
    ldapprotover 2
    
    # 
    src Porno_facebook {
    	ip     135.20.1.41
    	log block.log
    }
    
    # 
    dest blk_BL_adv {
    	domainlist blk_BL_adv/domains
    	urllist blk_BL_adv/urls
    	log block.log
    }
    
    # 
    dest blk_BL_aggressive {
    	domainlist blk_BL_aggressive/domains
    	urllist blk_BL_aggressive/urls
    	log block.log
    }
    
    # 
    dest blk_BL_alcohol {
    	domainlist blk_BL_alcohol/domains
    	urllist blk_BL_alcohol/urls
    	log block.log
    }
    
    # 
    dest blk_BL_anonvpn {
    	domainlist blk_BL_anonvpn/domains
    	urllist blk_BL_anonvpn/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_bikes {
    	domainlist blk_BL_automobile_bikes/domains
    	urllist blk_BL_automobile_bikes/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_boats {
    	domainlist blk_BL_automobile_boats/domains
    	urllist blk_BL_automobile_boats/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_cars {
    	domainlist blk_BL_automobile_cars/domains
    	urllist blk_BL_automobile_cars/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_planes {
    	domainlist blk_BL_automobile_planes/domains
    	urllist blk_BL_automobile_planes/urls
    	log block.log
    }
    
    # 
    dest blk_BL_chat {
    	domainlist blk_BL_chat/domains
    	urllist blk_BL_chat/urls
    	log block.log
    }
    
    # 
    dest blk_BL_costtraps {
    	domainlist blk_BL_costtraps/domains
    	urllist blk_BL_costtraps/urls
    	log block.log
    }
    
    # 
    dest blk_BL_dating {
    	domainlist blk_BL_dating/domains
    	urllist blk_BL_dating/urls
    	log block.log
    }
    
    # 
    dest blk_BL_downloads {
    	domainlist blk_BL_downloads/domains
    	urllist blk_BL_downloads/urls
    	log block.log
    }
    
    # 
    dest blk_BL_drugs {
    	domainlist blk_BL_drugs/domains
    	urllist blk_BL_drugs/urls
    	log block.log
    }
    
    # 
    dest blk_BL_dynamic {
    	domainlist blk_BL_dynamic/domains
    	urllist blk_BL_dynamic/urls
    	log block.log
    }
    
    # 
    dest blk_BL_education_schools {
    	domainlist blk_BL_education_schools/domains
    	urllist blk_BL_education_schools/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_banking {
    	domainlist blk_BL_finance_banking/domains
    	urllist blk_BL_finance_banking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_insurance {
    	domainlist blk_BL_finance_insurance/domains
    	urllist blk_BL_finance_insurance/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_moneylending {
    	domainlist blk_BL_finance_moneylending/domains
    	urllist blk_BL_finance_moneylending/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_other {
    	domainlist blk_BL_finance_other/domains
    	urllist blk_BL_finance_other/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_realestate {
    	domainlist blk_BL_finance_realestate/domains
    	urllist blk_BL_finance_realestate/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_trading {
    	domainlist blk_BL_finance_trading/domains
    	urllist blk_BL_finance_trading/urls
    	log block.log
    }
    
    # 
    dest blk_BL_fortunetelling {
    	domainlist blk_BL_fortunetelling/domains
    	urllist blk_BL_fortunetelling/urls
    	log block.log
    }
    
    # 
    dest blk_BL_forum {
    	domainlist blk_BL_forum/domains
    	urllist blk_BL_forum/urls
    	log block.log
    }
    
    # 
    dest blk_BL_gamble {
    	domainlist blk_BL_gamble/domains
    	urllist blk_BL_gamble/urls
    	log block.log
    }
    
    # 
    dest blk_BL_government {
    	domainlist blk_BL_government/domains
    	urllist blk_BL_government/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hacking {
    	domainlist blk_BL_hacking/domains
    	urllist blk_BL_hacking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_cooking {
    	domainlist blk_BL_hobby_cooking/domains
    	urllist blk_BL_hobby_cooking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_games-misc {
    	domainlist blk_BL_hobby_games-misc/domains
    	urllist blk_BL_hobby_games-misc/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_games-online {
    	domainlist blk_BL_hobby_games-online/domains
    	urllist blk_BL_hobby_games-online/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_gardening {
    	domainlist blk_BL_hobby_gardening/domains
    	urllist blk_BL_hobby_gardening/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_pets {
    	domainlist blk_BL_hobby_pets/domains
    	urllist blk_BL_hobby_pets/urls
    	log block.log
    }
    
    # 
    dest blk_BL_homestyle {
    	domainlist blk_BL_homestyle/domains
    	urllist blk_BL_homestyle/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hospitals {
    	domainlist blk_BL_hospitals/domains
    	urllist blk_BL_hospitals/urls
    	log block.log
    }
    
    # 
    dest blk_BL_imagehosting {
    	domainlist blk_BL_imagehosting/domains
    	urllist blk_BL_imagehosting/urls
    	log block.log
    }
    
    # 
    dest blk_BL_isp {
    	domainlist blk_BL_isp/domains
    	urllist blk_BL_isp/urls
    	log block.log
    }
    
    # 
    dest blk_BL_jobsearch {
    	domainlist blk_BL_jobsearch/domains
    	urllist blk_BL_jobsearch/urls
    	log block.log
    }
    
    # 
    dest blk_BL_library {
    	domainlist blk_BL_library/domains
    	urllist blk_BL_library/urls
    	log block.log
    }
    
    # 
    dest blk_BL_military {
    	domainlist blk_BL_military/domains
    	urllist blk_BL_military/urls
    	log block.log
    }
    
    # 
    dest blk_BL_models {
    	domainlist blk_BL_models/domains
    	urllist blk_BL_models/urls
    	log block.log
    }
    
    # 
    dest blk_BL_movies {
    	domainlist blk_BL_movies/domains
    	urllist blk_BL_movies/urls
    	log block.log
    }
    
    # 
    dest blk_BL_music {
    	domainlist blk_BL_music/domains
    	urllist blk_BL_music/urls
    	log block.log
    }
    
    # 
    dest blk_BL_news {
    	domainlist blk_BL_news/domains
    	urllist blk_BL_news/urls
    	log block.log
    }
    
    # 
    dest blk_BL_podcasts {
    	domainlist blk_BL_podcasts/domains
    	urllist blk_BL_podcasts/urls
    	log block.log
    }
    
    # 
    dest blk_BL_politics {
    	domainlist blk_BL_politics/domains
    	urllist blk_BL_politics/urls
    	log block.log
    }
    
    # 
    dest blk_BL_porn {
    	domainlist blk_BL_porn/domains
    	urllist blk_BL_porn/urls
    	log block.log
    }
    
    # 
    dest blk_BL_radiotv {
    	domainlist blk_BL_radiotv/domains
    	urllist blk_BL_radiotv/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_humor {
    	domainlist blk_BL_recreation_humor/domains
    	urllist blk_BL_recreation_humor/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_martialarts {
    	domainlist blk_BL_recreation_martialarts/domains
    	urllist blk_BL_recreation_martialarts/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_restaurants {
    	domainlist blk_BL_recreation_restaurants/domains
    	urllist blk_BL_recreation_restaurants/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_sports {
    	domainlist blk_BL_recreation_sports/domains
    	urllist blk_BL_recreation_sports/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_travel {
    	domainlist blk_BL_recreation_travel/domains
    	urllist blk_BL_recreation_travel/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_wellness {
    	domainlist blk_BL_recreation_wellness/domains
    	urllist blk_BL_recreation_wellness/urls
    	log block.log
    }
    
    # 
    dest blk_BL_redirector {
    	domainlist blk_BL_redirector/domains
    	urllist blk_BL_redirector/urls
    	log block.log
    }
    
    # 
    dest blk_BL_religion {
    	domainlist blk_BL_religion/domains
    	urllist blk_BL_religion/urls
    	log block.log
    }
    
    # 
    dest blk_BL_remotecontrol {
    	domainlist blk_BL_remotecontrol/domains
    	urllist blk_BL_remotecontrol/urls
    	log block.log
    }
    
    # 
    dest blk_BL_ringtones {
    	domainlist blk_BL_ringtones/domains
    	urllist blk_BL_ringtones/urls
    	log block.log
    }
    
    # 
    dest blk_BL_science_astronomy {
    	domainlist blk_BL_science_astronomy/domains
    	urllist blk_BL_science_astronomy/urls
    	log block.log
    }
    
    # 
    dest blk_BL_science_chemistry {
    	domainlist blk_BL_science_chemistry/domains
    	urllist blk_BL_science_chemistry/urls
    	log block.log
    }
    
    # 
    dest blk_BL_searchengines {
    	domainlist blk_BL_searchengines/domains
    	urllist blk_BL_searchengines/urls
    	log block.log
    }
    
    # 
    dest blk_BL_sex_education {
    	domainlist blk_BL_sex_education/domains
    	urllist blk_BL_sex_education/urls
    	log block.log
    }
    
    # 
    dest blk_BL_sex_lingerie {
    	domainlist blk_BL_sex_lingerie/domains
    	urllist blk_BL_sex_lingerie/urls
    	log block.log
    }
    
    # 
    dest blk_BL_shopping {
    	domainlist blk_BL_shopping/domains
    	urllist blk_BL_shopping/urls
    	log block.log
    }
    
    # 
    dest blk_BL_socialnet {
    	domainlist blk_BL_socialnet/domains
    	urllist blk_BL_socialnet/urls
    	log block.log
    }
    
    # 
    dest blk_BL_spyware {
    	domainlist blk_BL_spyware/domains
    	urllist blk_BL_spyware/urls
    	log block.log
    }
    
    # 
    dest blk_BL_tracker {
    	domainlist blk_BL_tracker/domains
    	urllist blk_BL_tracker/urls
    	log block.log
    }
    
    # 
    dest blk_BL_updatesites {
    	domainlist blk_BL_updatesites/domains
    	urllist blk_BL_updatesites/urls
    	log block.log
    }
    
    # 
    dest blk_BL_urlshortener {
    	domainlist blk_BL_urlshortener/domains
    	urllist blk_BL_urlshortener/urls
    	log block.log
    }
    
    # 
    dest blk_BL_violence {
    	domainlist blk_BL_violence/domains
    	urllist blk_BL_violence/urls
    	log block.log
    }
    
    # 
    dest blk_BL_warez {
    	domainlist blk_BL_warez/domains
    	urllist blk_BL_warez/urls
    	log block.log
    }
    
    # 
    dest blk_BL_weapons {
    	domainlist blk_BL_weapons/domains
    	urllist blk_BL_weapons/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webmail {
    	domainlist blk_BL_webmail/domains
    	urllist blk_BL_webmail/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webphone {
    	domainlist blk_BL_webphone/domains
    	urllist blk_BL_webphone/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webradio {
    	domainlist blk_BL_webradio/domains
    	urllist blk_BL_webradio/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webtv {
    	domainlist blk_BL_webtv/domains
    	urllist blk_BL_webtv/urls
    	log block.log
    }
    
    # 
    dest Facebook {
    	domainlist Facebook/domains
    	redirect http://135.20.1.100:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    	log block.log
    }
    
    # 
    rew safesearch {
    	s@(google..*/search?.*q=.*)@&safe=active@i
    	s@(google..*/images.*q=.*)@&safe=active@i
    	s@(google..*/groups.*q=.*)@&safe=active@i
    	s@(google..*/news.*q=.*)@&safe=active@i
    	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
    	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
    	s@(search.live..*/.*q=.*)@&adlt=strict@i
    	s@(search.msn..*/.*q=.*)@&adlt=strict@i
    	s@(.bing..*/.*q=.*)@&adlt=strict@i
    	log block.log
    }
    
    # 
    acl  {
    	# 
    	Porno_facebook  {
    		pass !Facebook !blk_BL_porn all
    		redirect http://135.20.1.100:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    		rewrite safesearch
    		log block.log
    	}
    	# 
    	default  {
    		pass all
    		redirect http://135.20.1.100:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    	}
    }
    

    alguma outra sugestão????

    att,



  • agora aparece um erro no log do squid:

    08.05.2017 16:55:19	ERROR: URL-rewrite produces invalid request: GET ERR HTTP/1.1
    

Log in to reply