Squid Guard Proxy when admin port changed?

nfear24 · Oct 6, 2017, 1:30 AM

I have setup multiple pfsense netgate boxes. Im testing and playing around with squid and squid guard. On one pfsense box for example if I go to eicar.org and test the malware virus file it catches it and redirects me to the blocked virus page

https://pfsense.localdomain/squid_clwarn.php?url=http://www.eicar.org/download/eicar_com.zip&source=192.168.0.14&user=-&virus=stream:%20Eicar-Test-Signature%20FOUND

Now on the Second pfsense box I have changed the admin port to 8080 for administration. When that box blocks a virus test I get "this page can't be displayed" I notice that if I were to manually insert :8080 after the pfsense.localdomain:8080 like this it would work. So it looks like my pfsense box name won't resolve without the port 8080 for squid pages. What should I do to get around this and still leave admin port at 8080?

https://pfsense.localdomain/squid_clwarn.php?url=http://www.eicar.org/download/eicar_com.zip&source=192.168.0.220&user=-&virus=stream:%20Eicar-Test-Signature%20FOUND

nfear24 · Oct 9, 2017, 2:44 PM

For now I will just leave the admin port the default https instead of changing to 8080. Has anyone else changed there administrator port and does squid guard successfully load for example your virus block pages when detected.

kpa · Oct 9, 2017, 4:53 PM

You have to move the webgui admin port to some other port if ports 80 and 443 are going to be used by something else, let's say a proxy. It's not yet possible to control the listening ports used by the nginx webserver that implements the webgui, it will listen on all addresses and will conflict with another service that tries to use those ports.

nfear24 · Oct 11, 2017, 10:18 PM

@kpa:

You have to move the webgui admin port to some other port if ports 80 and 443 are going to be used by something else, let's say a proxy. It's not yet possible to control the listening ports used by the nginx webserver that implements the webgui, it will listen on all addresses and will conflict with another service that tries to use those ports.

I changed my admin port to 8080 and thats the problem. I can login like normal to the web administrator page. but it throws off the error pages for things like squid when it blocks a virus for example it can't load the block alert page. this is the link below it trys to load but can't

https://pfsense.localdomain/squid_clwarn.php?url=http://www.eicar.org/download/eicar_com.zip&source=192.168.0.220&user=-&virus=stream:%20Eicar-Test-Signature%20FOUND

now if I manually edit that link with https://pfsense.localdomain:8080/squid_clwarn.php

It then loads the blocked error page correctly. How do I get the firewall to handle this correctly?

Vorkbaard · Oct 31, 2017, 3:08 PM

For ClamAV in Squid: Services > Squid Proxy Server > Antivirus > Redirect url: <your web="" interface="" url="">/squid_clwarn.php
For example: https://pfsense.localdomain:8080/squid_clwarn.php

I'm now trying to do the same in squidGuard:
Services > SquidGuard Proxy Filter > Common ACL > Redirect mode: ext url err page (enter URL)
Services > SquidGuard Proxy Filter > Common ACL > Redirect info: https://pfsense.localdomain:8080/sgerror.php

But that throws me 'SSL_ERROR_RX_RECORD_TOO_LONG' errors.</your>