Squidguard user accounts



  • Hi,

    Today installed Squid & Squidguard.
    Most of the time, I was using this in transparant mode… so not much configuring about ;-)

    Today I need to add some users (I am using the local user database of Squid).
    I've added : 'admin', 'user' and 'guest'.

    I have added three ACL entries :

    'admin' & 'user' are allowed to almost anything
    'guest' has minimal acces (from the blocklist, let's say searchengines)
    ip-subnet has no access

    Into Squid itself, I have whitelisted "google.com", so that the main page is opened without a popup asking credentials (that is, if the users keep "google.com" as their default page)

    But when going to facebook.com, it asks my credentials... great, when I don't type a username, I get access denied - bet when entering guest... it just shows facebook... however, guest is in the blocklist of social networking...

    Any clues here ?



  • Probably ALC guest not catch guest user and default rules is work
    set deny all rule on Default tab



  • Hi, unfortunately I already tried that.
    The '!all' is already in that list… to check a bit further, I tried to add socialnetworks as 'deny' on the default tab as well.

    I have deleted the ACL rules, and added just two simple ones...
    Allow 'admin' and 'user' to almost anything
    Second rule : deny everything on that subnet.

    No guest rule in there (the guest is still in the list of squid users), and guest can access socialnet-sites.

    Maybe 'guest' is not such a good user... I'll try the dutch alternative, could it be picking up the 'guest' from somewhere else maybe... this is bedazzling me, but one never knows (i'll post my findings soon)



  • When removing the guest, the guest kept working when logging on…
    Tried to restart squid + squidguard, but both wouldn't start no more.

    Had to restart pfSense...

    Then guest didn't work anymore, but my newly created user (without access to facebook, via the ACL)... just could access facebook without an issue...
    So the problem is still there...

    I am using shalla's lists, might they be too large (the system is quite performant : it's a new HP proliant server (approx 6 months old now) with a Xeon 5440 cpu inside, and 2 disks in mirror configured)).


Locked