SquidGuard settings not saving/updating

  • I'm seeing this … "weird" behaviour on a new pfsense HA pair. I have Squid and SquidGuard installed on both pfsense hosts; a CARP IP defined. The CARP IP is a listening IP in Squid advanced settings (http_port CARPIP:3128).

    I have configured XMLRPC sync on the primary, directing to the secondary for both the main configuration and the package configurations; this WAS working and may be only broken since upgrading to 2.4.2 - but I certainly cannot be sure. I have not configured replication from the secondary back to the primary for anything other than pf socket state.

    Any settings I now define on the primary, using the primary dedicated address, are not saved, and are not replicated. For example, I have updated the SquidGuard policy to deny the Tracking category from the shallalist.de database; but this is not saved to any of the squidGuard.conf files I can find and is not replicated to the secondary. It's not even reflected in the behaviour of squidGuard.

    I have these two files:

    [2.4.2-RELEASE][root@pf1]/usr/local/www: find / -name squidGuard.conf -exec ls -la {} \;
    -rw-r--r--  1 squid  proxy  10027 Nov 26 23:46 /usr/local/etc/squid/squidGuard.conf
    -rwxr-xr-x  1 squid  squid  10056 Nov 27 00:07 /usr/local/etc/squidGuard/squidGuard.conf

    However, I updated the configuration via the web at 12:12am - and the change is not in either file. If I change the squidGuard.conf referred to in squid.conf (/usr/local/etc/squidGuard/squidGuard.conf) I don't see the changes reflect in the UI, but it does seem to take effect on the service after a restart. I'm still testing, but it then seems that settings from config.xml?? are pushed back to the daemon as it reverts at least partially to previous configurations (such as the block page URL / method).

    Any hints on logs I can look at to find the root cause here?

  • Squidguard is a funny helper that requires you to not only save your changes on any tab you edit, but you must then go back to the General settings tab and click Apply.

  • Oh. My. God. I read that as I configured it the first time and assumed it was a one time deal to do with initial setup.

    And all I needed was one more click. I hate me sometimes…

    Thank you.

  • I hate me sometimes…

    I hate inconsistent interfaces.  The way squidguard does this is completely different from every other part of pfSense.  No other option makes you go back to a different page to apply the settings like squidguard.  It catches people all the time like it did to you.

Log in to reply