Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SquidGuard 1.16.18_19 update is borked

    Cache/Proxy
    4
    15
    725
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      C0RR0SIVE last edited by C0RR0SIVE

      I decided to update packages today, the following are installed.

      Avahi 2.1_1
      bandwidthd 0.7.4_5
      Cron 0.3.7_5
      darkstat 3.1.3_5
      Lightsquid 3.0.6_8
      pfBlockerNG 2.1.4_26
      RRD_Summary 2.0_1
      Service_Watchdog 1.8.7_1
      squid 0.4.45_4
      squidGuard 1.16.18_19 (Actually as of now it's 1.16.18_18, but I can't find a way to revert the revision number more on that below...)

      After updating squidGuard, I noticed that it was no longer filtering traffic, at all. Even websites listed in a custom black list was allowed through.

      At first I thought it was something with Chrome and forcing HTTPS, but it wasn't. I went through and did all that lovely MITM stuff, still no filtering, however, everything passed through SQUID just fine.

      I decided, since I can't find an easy way to downgrade to 1.16.18_18(the previous release, not sure on version?) I would look up the changes at https://github.com/pfsense/FreeBSD-ports/commits/devel/www/pfSense-pkg-squidGuard

      I decided I would just edit the files, and spent a good bit of time hunting them down, found they all, except for the makefile exist in /usr/local/pkg, which I suspect is used as a install file that gets discarded or something, not a package handler nor programmer, I just know how to get into trouble. :)

      Files that I manually edited back to original are as follows (using the naming from Github)...

      www/pfSense-pkg-squidGuard/files/usr/local/pkg/squidguard.inc
      www/pfSense-pkg-squidGuard/files/usr/local/pkg/squidguard_configurator.inc
      www/pfSense-pkg-squidGuard/files/usr/local/pkg/squidguard.xml

      Not sure what exactly broke for me, nor why, just throwing this out there for anyone else that might be having issues with filtering suddenly stopping after this particular update.

      D 1 Reply Last reply Reply Quote 2
      • M
        mki last edited by mki

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • M
          mki last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • M
            mki last edited by

            Same Issue here.
            @C0RR0SIVE Thanks for your detailed problem description.
            I fixed it by reverting the following changes in /usr/local/pkg/squidguard_configurator.inc:

            changed:
            $acl[F_DESTINATIONNAME]     = "^squidstatus !in-addr {$acl[F_DESTINATIONNAME]}";
            $acl[F_OVERDESTINATIONNAME] = "^squidstatus !in-addr {$acl[F_OVERDESTINATIONNAME]}";
            to:
            $acl[F_DESTINATIONNAME]     = "!in-addr {$acl[F_DESTINATIONNAME]}";
            $acl[F_OVERDESTINATIONNAME] = "!in-addr {$acl[F_OVERDESTINATIONNAME]}";
            
            changed:
            $def[F_DESTINATIONNAME] = "^squidstatus !in-addr " . $def[F_DESTINATIONNAME];
            to:
            $def[F_DESTINATIONNAME] = "!in-addr " . $def[F_DESTINATIONNAME];
            
            1 Reply Last reply Reply Quote 1
            • D
              DansNGFacc @C0RR0SIVE last edited by

              @c0rr0sive

              I've run into the same issue with pfSense (ver. 2.5.2) proxy-filter (Squidguard 1.16.18_19).

              The proxy server (Squid 0.4.45_4) seems to functioning normally in Transparent/SSL mode, but for some reason the filter function just stopped working since 2021-07-14 according to the log.

              I've tried stopping/restarting the services, and the system, and uninstalling/reinstalling Squidguard, but the filter does not filter any content at all.

              ref: https://redmine.pfsense.org/issues/12125

              I was just wondering if you or someone else had found any resolution?

              I am now considering restoring to an earlier configuration date, and re-configure changes from then to present.

              C 1 Reply Last reply Reply Quote 0
              • C
                C0RR0SIVE @DansNGFacc last edited by

                @dansngfacc said in SquidGuard 1.16.18_19 update is borked:

                onsidering restoring to an earlier con

                I tried to restore to an earlier configuration, no go... Something is wrong somewhere in the actual Squid Guard files, read the previous posts, you're going to have to edit a few files it seems like. I am surprised there aren't several others with this issue.

                D 1 Reply Last reply Reply Quote 0
                • D
                  DansNGFacc @C0RR0SIVE last edited by

                  @c0rr0sive
                  I've tried editing the "squidguard_configurator.inc" file as suggested in previous post, rebooted the system and filtering is still not functioning.
                  I will check again tomorrow, but getting frustrated with this problem.
                  Please reply if you have heard/found any other possible solutions.

                  Thanks for your replies/input.

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    mki @DansNGFacc last edited by

                    @dansngfacc
                    Did SquidGuard recreate the configuration file?
                    If not, you have to make some configurations changes and then reapply the settings.

                    Please check the following file: /usr/local/etc/squidGuard1/squidGuard.conf
                    The ACLS' should no longer contain squidstatus.

                    OK

                    	foo  {
                    		pass !in-addr bar none
                    		log block.log
                    	}
                    	#
                    

                    NOK

                    	foo  {
                    		pass squidstatus !in-addr bar none
                    		log block.log
                    	}
                    	#
                    
                    D 1 Reply Last reply Reply Quote 0
                    • D
                      DansNGFacc @mki last edited by

                      @mki

                      Thank you for the advice,

                      I've checked the squidGuard.conf file and it didn't contain "squidstatus !in-addr" or "bar none" in the acl section (see attached jpg image)
                      I tried adding the "!in-addr" portion to the config, but after stopping/restarting the SquidGuard service I found that it wasn't saved or reverted to default.

                      Note that I'm using the Diagnostics/Edit File graphic editor.
                      SquidGuard-Config_210728.jpg

                      The system still isn't filtering content.
                      Does the server need to be rebooted to reconfig?

                      D 1 Reply Last reply Reply Quote 0
                      • D
                        DansNGFacc @DansNGFacc last edited by DansNGFacc

                        System Log shows "php-fpm 44155 /diag_reboot.php: The command '/usr/bin/killall 'squidGuard'' returned exit code '1', the output was 'No matching processes were found' " as last entry after re-installing SquidGuard 1.16.18_19 package (see attached jpg)

                        SquidGuard-Log_210727.jpg

                        1 Reply Last reply Reply Quote 0
                        • viktor_g
                          viktor_g Netgate last edited by

                          Fixed in 1.16.18_20

                          D 1 Reply Last reply Reply Quote 1
                          • D
                            DansNGFacc @viktor_g last edited by

                            @viktor_g

                            Thanks for the update,

                            I had proceeded to backdate config and uninstalled Squid/Squidguard temporarily. I will be re-installing from scratch, Squid-Proxy first (save config) and Squidguard-Filter second, when the update is available.

                            I will update post if issues continue at that time.

                            1 Reply Last reply Reply Quote 0
                            • D
                              DansNGFacc last edited by

                              Reinstalled Squid & Squidguard 1.16.18_20 today and same issue is occuring. Squid Proxy Server works fine (transparent/ssl), then after installing Squidguard and configuring (Blacklist/target catagories), it initially filters content, then stops filtering any content.
                              (See attached system log)

                              SquidGuard-Log_210806.jpg

                              Any help appreciated.

                              viktor_g 1 Reply Last reply Reply Quote 0
                              • viktor_g
                                viktor_g Netgate @DansNGFacc last edited by

                                @dansngfacc said in SquidGuard 1.16.18_19 update is borked:

                                Reinstalled Squid & Squidguard 1.16.18_20 today and same issue is occuring. Squid Proxy Server works fine (transparent/ssl), then after installing Squidguard and configuring (Blacklist/target catagories), it initially filters content, then stops filtering any content.
                                (See attached system log)

                                SquidGuard-Log_210806.jpg

                                Any help appreciated.

                                looks like another issue
                                please attach /var/squid/logs/squidGuard.log

                                D 1 Reply Last reply Reply Quote 0
                                • D
                                  DansNGFacc @viktor_g last edited by

                                  @viktor_g

                                  Thank you for the promp reply,
                                  Presently I'm just running Squid - Proxy Service.
                                  Unfortuneately, I've removed Squidguard temporarily to avoid issues with Net Users.
                                  I normally do diagnostics/net management on Fridays, so I will reinstall/try again and send log at that time, or sooner if possible.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post