Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid keeps blocking ips thats not in my blacklist

    Scheduled Pinned Locked Moved Cache/Proxy
    4 Posts 2 Posters 714 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcmpayne
      last edited by

      I have Squid and squid guard installed and devices are using wpad or manual proxy for Android. My devices at times are getting all kinds of blocks but they are not in the block list. trying to understand why this is occuring

      Common ACL Target rules: !My_Blacklist ^My_Whitelist all

      MyBlackList
      Domain List: thestar.com thestar.ca
      URL List: thestar.com/ thestar.ca/

      • Do not allow IP-Addresses in URL: Enabled

      To make sure that people do not bypass the URL filter by simply using the IP-Addresses instead of the FQDN you can check this option. This option has no effect on the whitelist.
      I assume this is my issue???

      • Transparent Proxy Settings: Not enabled

      • HTTPS/SSL Interception: Enabled

      Block Logs -> Note the block logs are always IPs

      
      21.04.2018 14:44:39	192.168.0.166/rogerspixel.workgroup	http://216.58.196.14/generate_204	Request(default/in-addr/-) - GET REDIRECT
      21.04.2018 14:44:38	192.168.0.166/rogerspixel.workgroup	http://216.58.196.14/generate_204	Request(default/in-addr/-) - GET REDIRECT
      21.04.2018 14:43:30	192.168.0.166/rogerspixel.workgroup	http://192.168.0.155:7000/playback-info	Request(default/in-addr/-) - GET REDIRECT
      21.04.2018 14:43:30	192.168.0.166/rogerspixel.workgroup	http://192.168.0.127:7000/playback-info	Request(default/in-addr/-) - GET REDIRECT
      
      

      wpad and proxy.pac contents

      
      function FindProxyForURL(url,host)
      {
        if(isPlainHostName(host))
        {
          return "DIRECT";
        }
      
        if(isInNet(host,"127.0.0.1","255.255.255.0"))
        {
          return "DIRECT";
        }
      
        if(isInNet(host,"192.168.0.0","255.255.255.0"))
        {
          return "DIRECT"
        }
      
        return "PROXY 192.168.0.2:3128";
      }
      
      

      Update 1:
      Disabled Do not allow IP-Addresses in URL and still getting blocks from IPs internal and external

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        When you made your change, did you remember to go back to the General settings page and click Save then Apply?

        1 Reply Last reply Reply Quote 0
        • R
          rcmpayne
          last edited by

          No I did not. That fixed the internal and external IP bases issues. Still have issues with pac on Android tho, doesn't seem to work. Will keep testing.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Android doesn't support WPAD, IIRC.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.