Squidgard no bloquea trafico HTTP(80)



  • Hola, tengo un SG-3100 version 2.4.4-RELEASE-p2 configurado con squid + squidgard con SSL Splice ALL, la config de squid esta por default, al igual que la del squidgard, los bloqueos configurados en el squidgard funcionan correctamente para el trafico HTTPS, pero al accesar a sitios que funcionan con HTTP, no los bloquea, en el log del squidgard me muestra que los esta bloqueando pero en realidad los browsers si despliega la pagina, las reglas firewal solo tiene abierto el acceso de la lan al puerto 53 DNS de la ip del pfsense...

    alguna idea??

    saludos



  • What?



  • Sorry,

    Hello, I have an SG-3100 version 2.4.4-RELEASE-p2 configured with squid + squidgard with SSL Splice ALL, the squid config is by default, like the squidgard, the blocks configured in the squidgard work correctly for the HTTPS traffic, but when accessing sites that work with HTTP, it does not block them, in the squidgard log it shows me that they are blocking but in reality the browsers if the page is deployed, the rules firewal only has open the access of the lan to the port 53 DNS of the ip of the pfsense ...

    any ideas??

    greeting



  • Are you sure the browser isn't getting its data from it's cache or squid itself? Are these phones or PCs?



  • @kom said in Squidgard no bloquea trafico HTTP(80):

    Are you sure the browser isn't getting its data from it's cache or squid itself? Are these phones or PCs

    I'm sure, it's been tried with different browsers, chrome, firefox, ie and the result is the same all the port 80 traffic is not blocked

    the squidgard log shows that the traffic is blocked, but it is false

    09.01.2019 22:40:35 192.168.1.200/192.168.1.200 http://www.elchat.net/favicon.ico Request(BLACK_LIST/bloqueados/-) - GET REDIRECT



  • Are these phones or PCs?



  • both devices



  • Some phones will switch to data if they detect they're blocked on wifi. Squidguard log will show the block but then the device just switches to data and connects.



  • yes but this happens with pcs too ... what do you suggest



  • I don't have any suggestions as I've never seen this happen before. It could be that squidguard is somehow broken. Usually when people have problems with squid, it's to do with https sites. I don't know enough about your network or squid/squidguard config to even guess.


  • LAYER 8 Global Moderator

    That is just a favicon.ico -- it has nothing to do with serving up anything..

    Why don't you just sniff the traffic an see what is happening since you say its just http you should easy see the traffic.. More then likely its not using what you think its using to access the site your trying to block, etc.



  • How is sniffing the traffic going to help him figure out why it's not being blocked??

    Mike, post screenshots of your network config details and squid/squidguard config. Maybe something will jump out at us.



  • thanks for your help, I had to reset the equipment to factory values, reconfigure and function correctly, maybe, as KOM says, squidgard was broken