Squidguard, 2 ACL with diffrent Times, not working ???



  • Hello.

    Im running a PfSense Firewall with Squid and Squidguard installed, with 2 Configured ACL's for the same network (172.16.0.0/16)
    First one block for, porn/gambling etc. in work hours 07.30-15.30
    Second one i want to block for facebook all working hours except 07.30-08.00 and 11.30-12.00 i got the time schedules right, but only one of the ACL's are active at a time :/

    If i set the Facebook one first, it blocks just fine, but opens for everything else and if i switch them it opens for facebook but block to other content.

    Any suggestions?  ???



  • Must exists one ACL per network.
    Use Second RuleSet for manage access at out of hours.



  • I have the same problem too. Here is my squidguard.conf:

    
    /usr/local/etc/squidGuard/squidGuard.conf
    # ============================================================
    # SquidGuard configuration file
    # This file generated automaticly with SquidGuard configurator
    # (C)2006 Serg Dvoriancev
    # email: dv_serg@mail.ru
    # ============================================================
    
    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard
    
    #
    time time_FB_TW_DENY {
    weekly * 08:31-11:29
    weekly * 13:31-16:59
    }
    
    #
    time time_FB_TW_ALLOW {
    weekly sat 00:00-23:59
    weekly sun 00:00-23:59
    weekly * 00:00-08:30
    weekly * 11:30-13:30
    weekly * 17:00-23:59
    }
    
    #
    src acl_FB_TW_DENY {
    ip 172.16.0.0/16
    log block.log
    }
    
    #
    src acl_FB_TW_ALLOW {
    ip 172.16.0.0/16
    log block.log
    }
    
    #
    dest bl_FB_TW {
    domainlist bl_FB_TW/domains
    log block.log
    }
    
    #
    rew safesearch {
    s@(google\..*/search?.*q=.*)@\1\&safe=active@i
    s@(google\..*/images.*q=.*)@\1\&safe=active@i
    s@(google\..*/groups.*q=.*)@\1\&safe=active@i
    s@(google\..*/news.*q=.*)@\1\&safe=active@i
    s@(yandex\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i
    s@(search\.yahoo\..*/search.*p=.*)@\1\&vm=r@i
    s@(search\.live\..*/.*q=.*)@\1\&adlt=strict@i
    s@(search\.msn\..*/.*q=.*)@\1\&adlt=strict@i
    log block.log
    }
    
    #
    acl {
    #
    acl_FB_TW_DENY within time_FB_TW_DENY {
    pass all
    redirect http://172.16.4.254:8080/sgerror.php?url=403%20Tidak%20boleh%20akses%20Facebook%20atau%20Twitter%20disaat%20jam%20kerja%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    } else {
    pass !bl_FB_TW all
    redirect http://172.16.4.254:8080/sgerror.php?url=403%20Tidak%20boleh%20akses%20Facebook%20atau%20Twitter%20disaat%20jam%20kerja%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }
    #
    acl_FB_TW_ALLOW within time_FB_TW_ALLOW {
    pass all
    log block.log
    } else {
    pass bl_FB_TW all
    redirect http://172.16.4.254:8080/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }
    #
    default {
    pass none
    redirect http://172.16.4.254:8080/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }
    }
    
    

    only the acl_FB_TW_DENY is working.




Log in to reply