SquidGuard Disable "Groups ACL" no work, bug?
-
Hi.
Pfsense 2.5.0
"Common ACL" is DENY ALL
I have SquidGuard with 10 Groups Acl. When disable the firts ACL, SquidGuard disable ALL ACL. But The navigation is totally 100% free without restrictions .
When disable the sixth ACL, Squidguard disables 7,8,9 and 10 ACL. But The navigation is totally 100% free without restrictions.
Is a bug de Squidguard or the pfsense (php) ?
-
@j-sejo1 i have same issue after upgrade. And a pfsense fresh install and restore config from a backup didn't solve the issue.
Anyway i don't think is caused by the new pfsense relase. All my squidguards group logs has stopped to 01-31-2021 when my pfsense box was to previous 2.4 version. Looks like to be related to a specific version of squidguard package.
To partially solve the issue i had to leave active all groups acl -
Redmine issue created:
https://redmine.pfsense.org/issues/11696 -
@viktor_g Ready.
https://github.com/pfsense/FreeBSD-ports/commits/devel/www/pfSense-pkg-squidGuard
Thanks.
-
Hello, good afternoon
I have the same problem with the squidguard, currently no ACL works for me. How could I solve the problem ???? -
Same problem, are there any workarounds atm?
-
-
@viktor_g
Good morning, how do I implement what is in that link ????
I would be very grateful if you could help me.
I modified the second file by what is shown in the line of codes of the link, but the first one I do not know where to find it ...
Please help me -
@freudyflc A new upgraded package is already available, just go to package manager and update squidguard to latest 1.16.18_17.
-
@sisko212 It is the version that I have installed. But it has the bug
-
@freudyflc i am sorry... for your case, should be something else then.
-
@freudyflc Please provide your SquidGuard configuration for checking
WebGUI pages +/usr/local/etc/squidGuard/squidGuard.conf -
@viktor_g said in SquidGuard Disable "Groups ACL" no work, bug?:
@freudyflc Please provide your SquidGuard configuration for checking
WebGUI pages +/usr/local/etc/squidGuard/squidGuard.confThis is my squidGuard configuration:
(Excuse the Spanish, I am Cuban)============================================================
SquidGuard configuration file
This file generated automaticly with SquidGuard configurator
(C)2006 Serg Dvoriancev
email: dv_serg@mail.ru
============================================================
logdir /var/squidGuard/log
dbhome /var/db/squidGuardHorario Para la NavegaciĆ³n
time Horario {
weekly * 07:00-18:00
}dest blk_BL_adv {
domainlist blk_BL_adv/domains
urllist blk_BL_adv/urls
log block.log
}dest blk_BL_aggressive {
domainlist blk_BL_aggressive/domains
urllist blk_BL_aggressive/urls
log block.log
}dest blk_BL_alcohol {
domainlist blk_BL_alcohol/domains
urllist blk_BL_alcohol/urls
log block.log
}dest blk_BL_anonvpn {
domainlist blk_BL_anonvpn/domains
urllist blk_BL_anonvpn/urls
log block.log
}dest blk_BL_automobile_bikes {
domainlist blk_BL_automobile_bikes/domains
urllist blk_BL_automobile_bikes/urls
log block.log
}dest blk_BL_automobile_boats {
domainlist blk_BL_automobile_boats/domains
urllist blk_BL_automobile_boats/urls
log block.log
}dest blk_BL_automobile_cars {
domainlist blk_BL_automobile_cars/domains
urllist blk_BL_automobile_cars/urls
log block.log
}dest blk_BL_automobile_planes {
domainlist blk_BL_automobile_planes/domains
urllist blk_BL_automobile_planes/urls
log block.log
}dest blk_BL_chat {
domainlist blk_BL_chat/domains
urllist blk_BL_chat/urls
log block.log
}dest blk_BL_costtraps {
domainlist blk_BL_costtraps/domains
urllist blk_BL_costtraps/urls
log block.log
}dest blk_BL_dating {
domainlist blk_BL_dating/domains
urllist blk_BL_dating/urls
log block.log
}dest blk_BL_downloads {
domainlist blk_BL_downloads/domains
urllist blk_BL_downloads/urls
log block.log
}dest blk_BL_drugs {
domainlist blk_BL_drugs/domains
urllist blk_BL_drugs/urls
log block.log
}dest blk_BL_dynamic {
domainlist blk_BL_dynamic/domains
urllist blk_BL_dynamic/urls
log block.log
}dest blk_BL_education_schools {
domainlist blk_BL_education_schools/domains
urllist blk_BL_education_schools/urls
log block.log
}dest blk_BL_finance_banking {
domainlist blk_BL_finance_banking/domains
urllist blk_BL_finance_banking/urls
log block.log
}dest blk_BL_finance_insurance {
domainlist blk_BL_finance_insurance/domains
urllist blk_BL_finance_insurance/urls
log block.log
}dest blk_BL_finance_moneylending {
domainlist blk_BL_finance_moneylending/domains
urllist blk_BL_finance_moneylending/urls
log block.log
}dest blk_BL_finance_other {
domainlist blk_BL_finance_other/domains
urllist blk_BL_finance_other/urls
log block.log
}dest blk_BL_finance_realestate {
domainlist blk_BL_finance_realestate/domains
urllist blk_BL_finance_realestate/urls
log block.log
}dest blk_BL_finance_trading {
domainlist blk_BL_finance_trading/domains
urllist blk_BL_finance_trading/urls
log block.log
}dest blk_BL_fortunetelling {
domainlist blk_BL_fortunetelling/domains
urllist blk_BL_fortunetelling/urls
log block.log
}dest blk_BL_forum {
domainlist blk_BL_forum/domains
urllist blk_BL_forum/urls
log block.log
}dest blk_BL_gamble {
domainlist blk_BL_gamble/domains
urllist blk_BL_gamble/urls
log block.log
}dest blk_BL_government {
domainlist blk_BL_government/domains
urllist blk_BL_government/urls
log block.log
}dest blk_BL_hacking {
domainlist blk_BL_hacking/domains
urllist blk_BL_hacking/urls
log block.log
}dest blk_BL_hobby_cooking {
domainlist blk_BL_hobby_cooking/domains
urllist blk_BL_hobby_cooking/urls
log block.log
}dest blk_BL_hobby_games-misc {
domainlist blk_BL_hobby_games-misc/domains
urllist blk_BL_hobby_games-misc/urls
log block.log
}dest blk_BL_hobby_games-online {
domainlist blk_BL_hobby_games-online/domains
urllist blk_BL_hobby_games-online/urls
log block.log
}dest blk_BL_hobby_gardening {
domainlist blk_BL_hobby_gardening/domains
urllist blk_BL_hobby_gardening/urls
log block.log
}dest blk_BL_hobby_pets {
domainlist blk_BL_hobby_pets/domains
urllist blk_BL_hobby_pets/urls
log block.log
}dest blk_BL_homestyle {
domainlist blk_BL_homestyle/domains
urllist blk_BL_homestyle/urls
log block.log
}dest blk_BL_hospitals {
domainlist blk_BL_hospitals/domains
urllist blk_BL_hospitals/urls
log block.log
}dest blk_BL_imagehosting {
domainlist blk_BL_imagehosting/domains
urllist blk_BL_imagehosting/urls
log block.log
}dest blk_BL_isp {
domainlist blk_BL_isp/domains
urllist blk_BL_isp/urls
log block.log
}dest blk_BL_jobsearch {
domainlist blk_BL_jobsearch/domains
urllist blk_BL_jobsearch/urls
log block.log
}dest blk_BL_library {
domainlist blk_BL_library/domains
urllist blk_BL_library/urls
log block.log
}dest blk_BL_military {
domainlist blk_BL_military/domains
urllist blk_BL_military/urls
log block.log
}dest blk_BL_models {
domainlist blk_BL_models/domains
urllist blk_BL_models/urls
log block.log
}dest blk_BL_movies {
domainlist blk_BL_movies/domains
urllist blk_BL_movies/urls
log block.log
}dest blk_BL_music {
domainlist blk_BL_music/domains
urllist blk_BL_music/urls
log block.log
}dest blk_BL_news {
domainlist blk_BL_news/domains
urllist blk_BL_news/urls
log block.log
}dest blk_BL_podcasts {
domainlist blk_BL_podcasts/domains
urllist blk_BL_podcasts/urls
log block.log
}dest blk_BL_politics {
domainlist blk_BL_politics/domains
urllist blk_BL_politics/urls
log block.log
}dest blk_BL_porn {
domainlist blk_BL_porn/domains
urllist blk_BL_porn/urls
log block.log
}dest blk_BL_radiotv {
domainlist blk_BL_radiotv/domains
urllist blk_BL_radiotv/urls
log block.log
}dest blk_BL_recreation_humor {
domainlist blk_BL_recreation_humor/domains
urllist blk_BL_recreation_humor/urls
log block.log
}dest blk_BL_recreation_martialarts {
domainlist blk_BL_recreation_martialarts/domains
urllist blk_BL_recreation_martialarts/urls
log block.log
}dest blk_BL_recreation_restaurants {
domainlist blk_BL_recreation_restaurants/domains
urllist blk_BL_recreation_restaurants/urls
log block.log
}dest blk_BL_recreation_sports {
domainlist blk_BL_recreation_sports/domains
urllist blk_BL_recreation_sports/urls
log block.log
}dest blk_BL_recreation_travel {
domainlist blk_BL_recreation_travel/domains
urllist blk_BL_recreation_travel/urls
log block.log
}dest blk_BL_recreation_wellness {
domainlist blk_BL_recreation_wellness/domains
urllist blk_BL_recreation_wellness/urls
log block.log
}dest blk_BL_redirector {
domainlist blk_BL_redirector/domains
urllist blk_BL_redirector/urls
log block.log
}dest blk_BL_religion {
domainlist blk_BL_religion/domains
urllist blk_BL_religion/urls
log block.log
}dest blk_BL_remotecontrol {
domainlist blk_BL_remotecontrol/domains
urllist blk_BL_remotecontrol/urls
log block.log
}dest blk_BL_ringtones {
domainlist blk_BL_ringtones/domains
urllist blk_BL_ringtones/urls
log block.log
}dest blk_BL_science_astronomy {
domainlist blk_BL_science_astronomy/domains
urllist blk_BL_science_astronomy/urls
log block.log
}dest blk_BL_science_chemistry {
domainlist blk_BL_science_chemistry/domains
urllist blk_BL_science_chemistry/urls
log block.log
}dest blk_BL_searchengines {
domainlist blk_BL_searchengines/domains
urllist blk_BL_searchengines/urls
log block.log
}dest blk_BL_sex_education {
domainlist blk_BL_sex_education/domains
urllist blk_BL_sex_education/urls
log block.log
}dest blk_BL_sex_lingerie {
domainlist blk_BL_sex_lingerie/domains
urllist blk_BL_sex_lingerie/urls
log block.log
}dest blk_BL_shopping {
domainlist blk_BL_shopping/domains
urllist blk_BL_shopping/urls
log block.log
}dest blk_BL_socialnet {
domainlist blk_BL_socialnet/domains
urllist blk_BL_socialnet/urls
log block.log
}dest blk_BL_spyware {
domainlist blk_BL_spyware/domains
urllist blk_BL_spyware/urls
log block.log
}dest blk_BL_tracker {
domainlist blk_BL_tracker/domains
urllist blk_BL_tracker/urls
log block.log
}dest blk_BL_updatesites {
domainlist blk_BL_updatesites/domains
urllist blk_BL_updatesites/urls
log block.log
}dest blk_BL_urlshortener {
domainlist blk_BL_urlshortener/domains
urllist blk_BL_urlshortener/urls
log block.log
}dest blk_BL_violence {
domainlist blk_BL_violence/domains
urllist blk_BL_violence/urls
log block.log
}dest blk_BL_warez {
domainlist blk_BL_warez/domains
urllist blk_BL_warez/urls
log block.log
}dest blk_BL_weapons {
domainlist blk_BL_weapons/domains
urllist blk_BL_weapons/urls
log block.log
}dest blk_BL_webmail {
domainlist blk_BL_webmail/domains
urllist blk_BL_webmail/urls
log block.log
}dest blk_BL_webphone {
domainlist blk_BL_webphone/domains
urllist blk_BL_webphone/urls
log block.log
}dest blk_BL_webradio {
domainlist blk_BL_webradio/domains
urllist blk_BL_webradio/urls
log block.log
}dest blk_BL_webtv {
domainlist blk_BL_webtv/domains
urllist blk_BL_webtv/urls
log block.log
}Navegacion Nacional
dest Intranet {
expressionlist Intranet/expressions
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}Bloqueo General
dest BL_Generales {
domainlist BL_Generales/domains
expressionlist BL_Generales/expressions
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}Bloqueo de Correos
dest BL_Correos {
expressionlist BL_Correos/expressions
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}Youtube
dest BL_Youtube {
domainlist BL_Youtube/domains
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO%21%21%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}rew safesearch {
s@(google../search?.q=.)@\1&safe=active@i
s@(google../images.q=.)@\1&safe=active@i
s@(google../groups.q=.)@\1&safe=active@i
s@(google../news.q=.)@\1&safe=active@i
s@(yandex../yandsearch?.text=.)@\1&fyandex=1@i
s@(search.yahoo../search.p=.)@\1&vm=r&v=1@i
s@(search.live../.q=.)@\1&adlt=strict@i
s@(search.msn../.q=.)@\1&adlt=strict@i
s@(.bing../.q=.)@\1&adlt=strict@i
s@(duckduckgo../?.q=.)@\1&kp=1@i
s@(rambler../?.query=.)@\1&adult=family@i
s@(qwant../?.q=.)@\1&s=2@i
s@(ecosia../search.q=.)@\1&safesearch=2@i
s@(onesearch../yhs/search.*)@\1&vm=r@i
log block.log
}acl {
#
default {
pass !in-addr none
redirect https://10.0.67.2:8181/sgerror.php?url=403%20USTED%20NO%20ESTA%20AUTORIZADO%20A%20ACCEDER%20A%20ESTE%20SITIO&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
rewrite safesearch
log block.log
}
} -
@freudyflc right, something wrong - I don't see
srcentries
Could you show your Group ACLs ? -
@viktor_g said in SquidGuard Disable "Groups ACL" no work, bug?:
@freudyflc right, something wrong - I don't see
srcentries
Could you show your Group ACLs ?<acls>
<0>
<name>Intranet</name>
<description><![CDATA[Usuarios con Acceso a Intranet]]></description>
<disabled></disabled>
<timename>Horario</timename>
<redirect>Acceso Denegado!!! Usuario de Intranet!!!</redirect>
<redirect_mode>rmod_int</redirect_mode>
<rewritename>safesearch</rewritename>
<log>on</log>
<notallowingip>on</notallowingip>
<order></order>
<overredirect>Acceso Denegado!!! Usuario de Intranet!!!</overredirect>
<overrewritename>safesearch</overrewritename>
<destname>Intranet none</destname>
<overdestname>none</overdestname>
</0>
<1>
<name>Internet</name>
<description><![CDATA[Usuarios con Acceso a Internet]]></description>
<disabled></disabled>
<timename>Horario</timename>
<redirect>Acceso Denegado!!! Usuario de Internet!!!</redirect>
<redirect_mode>rmod_int</redirect_mode>
<rewritename>safesearch</rewritename>
<log>on</log>
<notallowingip>on</notallowingip>
<order></order>
<overredirect>Acceso Denegado!!! Usuario de Internet!!!</overredirect>
<overrewritename>safesearch</overrewritename>
<destname>!BL_Generales !BL_Correos !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_chat !blk_BL_dating !blk_BL_drugs !blk_BL_finance_moneylending !blk_BL_finance_trading !blk_BL_gamble !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_military !blk_BL_movies !blk_BL_music !blk_BL_porn !blk_BL_recreation_humor !blk_BL_recreation_martialarts !blk_BL_recreation_restaurants !blk_BL_recreation_sports !blk_BL_recreation_travel !blk_BL_recreation_wellness !blk_BL_remotecontrol !blk_BL_ringtones !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_socialnet !blk_BL_spyware !blk_BL_violence !blk_BL_warez !blk_BL_weapons !blk_BL_webmail all</destname>
<overdestname>none</overdestname>
</1>
<2>
<name>Administradores</name>
<description><![CDATA[Usuarios Administradores]]></description>
<disabled></disabled>
<timename></timename>
<redirect>Acceso Denegado!!! Adminsitrador!!!</redirect>
<redirect_mode>rmod_none</redirect_mode>
<rewritename>safesearch</rewritename>
<log>on</log>
<notallowingip></notallowingip>
<order></order>
<overredirect>Acceso Denegado!!! Adminsitrador!!!</overredirect>
<overrewritename>safesearch</overrewritename>
<destname>!blk_BL_porn !blk_BL_sex_education !blk_BL_sex_lingerie all</destname>
<overdestname>!blk_BL_porn !blk_BL_sex_education !blk_BL_sex_lingerie all</overdestname>
</2>
</acls>
<default>
<name>default</name>
<description></description>
<disabled></disabled>
<timename></timename>
<redirect_mode>rmod_int</redirect_mode>
<redirect>USTED NO ESTA AUTORIZADO A ACCEDER A ESTE SITIO</redirect>
<rewritename>safesearch</rewritename>
<log>on</log>
<notallowingip>on</notallowingip>
<destname>none</destname>
</default>
<rewrite_children>16</rewrite_children>
<rewrite_children_startup>8</rewrite_children_startup>
<rewrite_children_idle>4</rewrite_children_idle>
<enablelog>on</enablelog>
<enableguilog>on</enableguilog>
<logrotation>on</logrotation>
<adv_blankimg>off</adv_blankimg>
<current_lan_ip>10.0.67.2</current_lan_ip>
<current_gui_port>8181</current_gui_port>
<current_gui_protocol>https</current_gui_protocol>
</squidGuard> -
@viktor_g
I found the following difference:
In the Squid Folder the SquidGuard.conf file if you have the scr
But in the SquidGuard folder the file doesn't have it.
I will correct this error and see if it works -
@viktor_g
Sorry for the inconvenience and my ignorance. The problem was with the squid integration with the squidGuard. I have solved the error and the ACLs are working without problems.Thank you very much for attending me and helping me
-
This post is deleted! -
ProxyConfig.txt
FilterConfig.txtHere are my configs. It used to work fine on 2.4.5 redirecting users to google 403 error. The only change I recently made was swap shallalist in favor of UT1 because I read that Viktor had no problem with them. But no luck for me.
Hope you can help -
@viktor_g https://forum.netgate.com/topic/162463/squidguard-1-16-18_17-not-filtering-pfsense-2-5?_=1616885707887
