Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    how to Configure squidGuard

    Scheduled Pinned Locked Moved Cache/Proxy
    13 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firefox
      last edited by

      Thanks
      The link was incorrect

      After I marked what to block and saved
      It still does not work

      What did I miss?

      Package Proxy filter SquidGuard General settings General settings.png Package Proxy filter SquidGuard Common Access Control List (ACL) Common ACL.png Package Proxy filter SquidGuard Groups Access Control List (ACL) Groups ACL.png Package SquidGuard Blacklists.png

      1 Reply Last reply Reply Quote 0
      • C
        coffeelover
        last edited by

        Squid is enabled and working?
        Have you clicked Save at the bottom and Apply at the top?

        Is there something in the log?

        1 Reply Last reply Reply Quote 0
        • F
          firefox
          last edited by

          @coffeelover said in how to Configure squidGuard:

          Squid is enabled and working?
          Have you clicked Save at the bottom and Apply at the top?

          Is there something in the log?

          yes i did

          In Services status it does not work
          Screenshot at 2020-07-29 19-20-47.png

          Screenshot at 2020-07-29 19-19-58.png

          Screenshot at 2020-07-29 19-24-10.png

          1 Reply Last reply Reply Quote 0
          • C
            coffeelover
            last edited by

            squidguard is started from squid, so if squid is not running, neither will squidguard.

            When I asked "Squid is enabled and working?" i really meant squid and not squidguard.

            A common issue at the beginning is the setting for the local cache.

            Please disable squidguard until you have squid running.

            1 Reply Last reply Reply Quote 1
            • F
              firefox
              last edited by

              problem
              I wanted to use pfBlockerNG
              But he did not work
              One or more servers are down

              That's why I switched to squidguard
              I'll try
              I do not know if Squid will work well
              pfsense is installed on a small 64GB ssd drive

              1 Reply Last reply Reply Quote 0
              • C
                coffeelover
                last edited by

                just to be clear:

                squid is a http proxy server
                squidguard is a filter that can be included in squid, it can not be used standalone

                So when you want to use squidguard, you have to use squid.
                And to be able to use squidguard, squid has to be configured and running.

                1 Reply Last reply Reply Quote 1
                • F
                  firefox
                  last edited by

                  I installed and config squid

                  now squidguard is Works but
                  It does not filter

                  Are these settings correct ?

                  this is
                  proxy config

                  # This file is automatically generated by pfSense
                  # Do not edit manually !
                  
                  http_port 192.168.1.1:3128
                  icp_port 0
                  digest_generation off
                  dns_v4_first off
                  pid_filename /var/run/squid/squid.pid
                  cache_effective_user squid
                  cache_effective_group proxy
                  error_default_language en
                  icon_directory /usr/local/etc/squid/icons
                  visible_hostname localhost
                  cache_mgr admin@localhost
                  access_log /dev/null
                  cache_log /var/squid/logs/cache.log
                  cache_store_log none
                  netdb_filename /var/squid/logs/netdb.state
                  pinger_enable on
                  pinger_program /usr/local/libexec/squid/pinger
                  
                  logfile_rotate 0
                  debug_options rotate=0
                  shutdown_lifetime 3 seconds
                  # Allow local network(s) on interface(s)
                  acl localnet src  192.168.1.0/24
                  forwarded_for on
                  uri_whitespace strip
                  
                  acl dynamic urlpath_regex cgi-bin ?
                  cache deny dynamic
                  
                  cache_mem 64 MB
                  maximum_object_size_in_memory 256 KB
                  memory_replacement_policy heap GDSF
                  cache_replacement_policy heap LFUDA
                  minimum_object_size 0 KB
                  maximum_object_size 4 MB
                  
                  offline_mode off
                  cache_swap_low 90
                  cache_swap_high 95
                  cache allow all
                  # Add any of your own refresh_pattern entries above these.
                  refresh_pattern ^ftp:    1440  20%  10080
                  refresh_pattern ^gopher:  1440  0%  1440
                  refresh_pattern -i (/cgi-bin/|?) 0  0%  0
                  refresh_pattern .    0  20%  4320
                  
                  
                  #Remote proxies
                  
                  
                  # Setup some default acls
                  # ACLs all, manager, localhost, and to_localhost are predefined.
                  acl allsrc src all
                  acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535 
                  acl sslports port 443 563  
                  
                  acl purge method PURGE
                  acl connect method CONNECT
                  
                  # Define protocols used for redirects
                  acl HTTP proto HTTP
                  acl HTTPS proto HTTPS
                  acl allowed_subnets src 192.168.1.0/24
                  http_access allow manager localhost
                  
                  http_access deny manager
                  http_access allow purge localhost
                  http_access deny purge
                  http_access deny !safeports
                  http_access deny CONNECT !sslports
                  
                  # Always allow localhost connections
                  http_access allow localhost
                  
                  request_body_max_size 0 KB
                  delay_pools 1
                  delay_class 1 2
                  delay_parameters 1 -1/-1 -1/-1
                  delay_initial_bucket_level 100
                  delay_access 1 allow allsrc
                  
                  # Reverse Proxy settings
                  
                  
                  # Package Integration
                  url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
                  url_rewrite_bypass off
                  url_rewrite_children 16 startup=8 idle=4 concurrency=0
                  
                  # Custom options before auth
                  
                  
                  # Setup allowed ACLs
                  # Allow local network(s) on interface(s)
                  http_access allow allowed_subnets
                  http_access allow localnet
                  # Default block all to be sure
                  http_access deny allsrc
                  
                  icap_enable on
                  icap_send_client_ip on
                  icap_send_client_username on
                  icap_client_username_encode off
                  icap_client_username_header X-Authenticated-User
                  icap_preview_enable on
                  icap_preview_size 1024
                  
                  icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squid_clamav bypass=off
                  adaptation_access service_avi_req allow all
                  icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squid_clamav bypass=on
                  adaptation_access service_avi_resp allow all
                  
                  1 Reply Last reply Reply Quote 0
                  • C
                    coffeelover
                    last edited by

                    The squid configuration looks ok to me. What do you mean by "it does not filter". You are not being redirected to sgerror.php, you get a browser warning or you the blocked site loads?

                    1 Reply Last reply Reply Quote 0
                    • F
                      firefox
                      last edited by

                      @coffeelover said in how to Configure squidGuard:

                      What do you mean by "it does not filter".

                      If I browse to a web page that appears on it
                      Advertisements or pop-ups related to the topic I chose to block

                      They still appear

                      1 Reply Last reply Reply Quote 0
                      • F
                        firefox
                        last edited by

                        you get a browser warning or you the blocked site loads?

                        Not getting a warning
                        i Get the blocked sites or blocked ads

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.