Squidquard doesn't block anything, what did I miss?



  • I tried a few categories in ACL and nothing, then I just deny everything by default and still nothing blocks at all.

    Here's the log:
    http_port 192.168.20.1:3128
    http_port .x.x.x.x:3128
    http_port 127.0.0.1:3128 intercept
    icp_port 0
    digest_generation off
    dns_v4_first off
    pid_filename /var/run/squid/squid.pid
    cache_effective_user squid
    cache_effective_group proxy
    error_default_language en
    icon_directory /usr/local/etc/squid/icons
    visible_hostname localhost
    cache_mgr admin@localhost
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    netdb_filename /var/squid/logs/netdb.state
    pinger_enable on
    pinger_program /usr/local/libexec/squid/pinger

    logfile_rotate 0
    debug_options rotate=0
    shutdown_lifetime 3 seconds

    Allow local network(s) on interface(s)

    acl localnet src  192.168.20.0/24 x.x.x.x/30
    forwarded_for on
    uri_whitespace strip

    acl dynamic urlpath_regex cgi-bin ?
    cache deny dynamic

    cache_mem 64 MB
    maximum_object_size_in_memory 256 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    minimum_object_size 0 KB
    maximum_object_size 4 MB
    cache_dir ufs /var/squid/cache 100 16 256
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95
    cache allow all

    Add any of your own refresh_pattern entries above these.

    refresh_pattern ^ftp:    1440  20%  10080
    refresh_pattern ^gopher:  1440  0%  1440
    refresh_pattern -i (/cgi-bin/|?) 0  0%  0
    refresh_pattern .    0  20%  4320

    #Remote proxies

    Setup some default acls

    ACLs all, manager, localhost, and to_localhost are predefined.

    acl allsrc src all
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535
    acl sslports port 443 563

    acl purge method PURGE
    acl connect method CONNECT

    Define protocols used for redirects

    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    http_access allow manager localhost

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc

    Reverse Proxy settings

    Package Integration

    url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
    url_rewrite_bypass off
    url_rewrite_children 16 startup=8 idle=4 concurrency=0

    Custom options before auth

    acl sglog url_regex -i sgr=ACCESSDENIED
    http_access deny sglog

    Setup allowed ACLs

    Allow local network(s) on interface(s)

    http_access allow localnet

    Default block all to be sure

    http_access deny allsrc



  • I just did a proxy check and it says no proxy server detected but everything is turned on my pfsense. I am not sure whats going on, i am on 2.4.2 release.



  • Hi.

    Did you enable enable Transparent proxy and SSL filtering? Just in case follow the instructions in the following link.

    https://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-tutorial