Squidguard working but cannot access PFSense GUI



  • I am using Squid in transparent Proxy mode listening on port 3128 and set the default squidguard allow/deny settings and enabled Squidguard.  These are working fine, however when I type in the LAN port address of 192.168.1.1 to access the PFSense GUI, I get the following:

    Request denied by pfSense proxy: 403 Forbidden
    Reason: Error: Access denied Client address: 192.168.1.97
    Client group: default
    Target group: in-addr
    URL: http://192.168.1.1/

    Is there any way from the shell on the actual PFSense box that I can fix this problem so I can again access the GUI?

    Also, is there a guide to setting up the Squid Proxy server, as this was left to the defaults with the only changes being the selection of my LAN and wireless OPTI as the port interfaces, ticking allow users, ticking transparent proxy and putting in the port number of 3128.

    The other alternative is to turn off the proxy for the opti port.  Again, can this be done from the PFSense shell?

    Thanks

    Bruce



  • Possible you use 'Not to allow IP addresses in URL' option
    Type from shell 'killall -HUP squid' and access to gui without proxy setting in browser
    OR delete '/usr/local/etc/squidGuard/squidGuard.conf' and restart squid 'squid -k reconfigure'



  • Thankyou very much for the post.  You were right about the "Not to allow IP addrtesses in URL" - not sure what I was thinking.  Anyway, I typed the killall -HUP squid in the shell and could then gain access to PFSense GUI to untick the above box.

    If after I save and apply, I then reboot PFSense, will Squid and Squidguard be functioning again, as it was prior to entering the killall comand?

    Bruce



  • Disable 'Not to allow IP addrtesses in URL' option and press Apply button in SG
    Also in squid GUI press Save on main page - that's all.
    Option 'Not to allow IP addrtesses in URL' conflict with transparent redirection in squid (i known't why) & for stable work you must off 'Not to allow IP addrtesses in URL' option.


Locked