Squidguard, 2 ACL with diffrent Times, not working ???
-
Hello.
Im running a PfSense Firewall with Squid and Squidguard installed, with 2 Configured ACL's for the same network (172.16.0.0/16)
First one block for, porn/gambling etc. in work hours 07.30-15.30
Second one i want to block for facebook all working hours except 07.30-08.00 and 11.30-12.00 i got the time schedules right, but only one of the ACL's are active at a time :/If i set the Facebook one first, it blocks just fine, but opens for everything else and if i switch them it opens for facebook but block to other content.
Any suggestions? ???
-
Must exists one ACL per network.
Use Second RuleSet for manage access at out of hours. -
I have the same problem too. Here is my squidguard.conf:
/usr/local/etc/squidGuard/squidGuard.conf # ============================================================ # SquidGuard configuration file # This file generated automaticly with SquidGuard configurator # (C)2006 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ logdir /var/squidGuard/log dbhome /var/db/squidGuard # time time_FB_TW_DENY { weekly * 08:31-11:29 weekly * 13:31-16:59 } # time time_FB_TW_ALLOW { weekly sat 00:00-23:59 weekly sun 00:00-23:59 weekly * 00:00-08:30 weekly * 11:30-13:30 weekly * 17:00-23:59 } # src acl_FB_TW_DENY { ip 172.16.0.0/16 log block.log } # src acl_FB_TW_ALLOW { ip 172.16.0.0/16 log block.log } # dest bl_FB_TW { domainlist bl_FB_TW/domains log block.log } # rew safesearch { s@(google\..*/search?.*q=.*)@\1\&safe=active@i s@(google\..*/images.*q=.*)@\1\&safe=active@i s@(google\..*/groups.*q=.*)@\1\&safe=active@i s@(google\..*/news.*q=.*)@\1\&safe=active@i s@(yandex\..*/yandsearch?.*text=.*)@\1\&fyandex=1@i s@(search\.yahoo\..*/search.*p=.*)@\1\&vm=r@i s@(search\.live\..*/.*q=.*)@\1\&adlt=strict@i s@(search\.msn\..*/.*q=.*)@\1\&adlt=strict@i log block.log } # acl { # acl_FB_TW_DENY within time_FB_TW_DENY { pass all redirect http://172.16.4.254:8080/sgerror.php?url=403%20Tidak%20boleh%20akses%20Facebook%20atau%20Twitter%20disaat%20jam%20kerja%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } else { pass !bl_FB_TW all redirect http://172.16.4.254:8080/sgerror.php?url=403%20Tidak%20boleh%20akses%20Facebook%20atau%20Twitter%20disaat%20jam%20kerja%20%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } # acl_FB_TW_ALLOW within time_FB_TW_ALLOW { pass all log block.log } else { pass bl_FB_TW all redirect http://172.16.4.254:8080/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } # default { pass none redirect http://172.16.4.254:8080/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } }
only the acl_FB_TW_DENY is working.
-
http://diskatel.narod.ru/sgquick.htm