Squidguard doesn't work, please help…



  • Hi !

    I follow all the step by step procedures (founded here, like http://diskatel.narod.ru/sgquick.htm) to configure Squidguard but, unfortunately, it does not work. I mean, it does not filtering nothing.
    I uploaded blaklist (shallalist) and set default rules to deny all. Also, i made a destination rule for facebook.com but doesn't work..
    Can you help me, please ?

    Thanks a lot !



  • Show you SG settings.



  • Attached



    ![SquidGuard default 1.png](/public/imported_attachments/1/SquidGuard default 1.png)
    ![SquidGuard default 1.png_thumb](/public/imported_attachments/1/SquidGuard default 1.png_thumb)
    ![SquidGuard default 2.png](/public/imported_attachments/1/SquidGuard default 2.png)
    ![SquidGuard default 2.png_thumb](/public/imported_attachments/1/SquidGuard default 2.png_thumb)
    ![SquidGuard destinations.png](/public/imported_attachments/1/SquidGuard destinations.png)
    ![SquidGuard destinations.png_thumb](/public/imported_attachments/1/SquidGuard destinations.png_thumb)



  • Below squidguard config:

    webConfigurator
    pfsense.local

    *
          System
              o Advanced
              o Firmware
              o General Setup
              o Packages
              o Setup wizard
              o Static routes
        *
          Interfaces
              o (assign)
              o WAN
              o LAN
        *
          Firewall
              o Aliases
              o NAT
              o Rules
              o Schedules
              o Traffic Shaper
              o Virtual IPs
        *
          Services
              o Captive portal
              o DNS forwarder
              o DHCP relay
              o DHCP server
              o Dynamic DNS
              o Load Balancer
              o OLSR
              o PPPoE Server
              o RIP
              o SNMP
              o UPnP
              o OpenNTPD
              o Wake on LAN
              o Proxy server
              o Proxy filter
        *
          VPN
              o IPsec
              o OpenVPN
              o PPTP
        *
          Status
              o CARP (failover)
              o DHCP leases
              o Filter Reload Status
              o Interfaces
              o IPsec
              o Load Balancer
              o Package logs
              o Queues
              o RRD Graphs
              o Services
              o System
              o System logs
              o Traffic graph
              o UPnP
        *
          Diagnostics
              o ARP Tables
              o Backup/Restore
              o Command Prompt
              o Edit File
              o Factory defaults
              o Halt system
              o Ping
              o Reboot system
              o Routes
              o States
              o Traceroute
              o Packet Capture

    Proxy filter SquidGuard: Log

    General settings      Default      ACL      Destinations      Times      Rewrites      Log

    Log type
    /usr/local/etc/squidGuard/squidGuard.conf

    ============================================================

    SquidGuard configuration file

    This file generated automaticly with SquidGuard configurator

    (C)2006 Serg Dvoriancev

    email: dv_serg@mail.ru

    ============================================================

    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard

    dest blk_BL_adv {
    domainlist blk_BL_adv/domains
    urllist blk_BL_adv/urls
    log block.log
    }

    dest blk_BL_aggressive {
    domainlist blk_BL_aggressive/domains
    urllist blk_BL_aggressive/urls
    log block.log
    }

    dest blk_BL_alcohol {
    domainlist blk_BL_alcohol/domains
    urllist blk_BL_alcohol/urls
    log block.log
    }

    dest blk_BL_automobile_bikes {
    domainlist blk_BL_automobile_bikes/domains
    urllist blk_BL_automobile_bikes/urls
    log block.log
    }

    dest blk_BL_automobile_boats {
    domainlist blk_BL_automobile_boats/domains
    urllist blk_BL_automobile_boats/urls
    log block.log
    }

    dest blk_BL_automobile_cars {
    domainlist blk_BL_automobile_cars/domains
    urllist blk_BL_automobile_cars/urls
    log block.log
    }

    dest blk_BL_automobile_planes {
    domainlist blk_BL_automobile_planes/domains
    urllist blk_BL_automobile_planes/urls
    log block.log
    }

    dest blk_BL_chat {
    domainlist blk_BL_chat/domains
    urllist blk_BL_chat/urls
    log block.log
    }

    dest blk_BL_costtraps {
    domainlist blk_BL_costtraps/domains
    urllist blk_BL_costtraps/urls
    log block.log
    }

    dest blk_BL_dating {
    domainlist blk_BL_dating/domains
    urllist blk_BL_dating/urls
    log block.log
    }

    dest blk_BL_downloads {
    domainlist blk_BL_downloads/domains
    urllist blk_BL_downloads/urls
    log block.log
    }

    dest blk_BL_drugs {
    domainlist blk_BL_drugs/domains
    urllist blk_BL_drugs/urls
    log block.log
    }

    dest blk_BL_dynamic {
    domainlist blk_BL_dynamic/domains
    urllist blk_BL_dynamic/urls
    log block.log
    }

    dest blk_BL_education_schools {
    domainlist blk_BL_education_schools/domains
    urllist blk_BL_education_schools/urls
    log block.log
    }

    dest blk_BL_finance_banking {
    domainlist blk_BL_finance_banking/domains
    urllist blk_BL_finance_banking/urls
    log block.log
    }

    dest blk_BL_finance_insurance {
    domainlist blk_BL_finance_insurance/domains
    urllist blk_BL_finance_insurance/urls
    log block.log
    }

    dest blk_BL_finance_moneylending {
    domainlist blk_BL_finance_moneylending/domains
    urllist blk_BL_finance_moneylending/urls
    log block.log
    }

    dest blk_BL_finance_other {
    domainlist blk_BL_finance_other/domains
    urllist blk_BL_finance_other/urls
    log block.log
    }

    dest blk_BL_finance_realestate {
    domainlist blk_BL_finance_realestate/domains
    urllist blk_BL_finance_realestate/urls
    log block.log
    }

    dest blk_BL_finance_trading {
    domainlist blk_BL_finance_trading/domains
    urllist blk_BL_finance_trading/urls
    log block.log
    }

    dest blk_BL_fortunetelling {
    domainlist blk_BL_fortunetelling/domains
    urllist blk_BL_fortunetelling/urls
    log block.log
    }

    dest blk_BL_forum {
    domainlist blk_BL_forum/domains
    urllist blk_BL_forum/urls
    log block.log
    }

    dest blk_BL_gamble {
    domainlist blk_BL_gamble/domains
    urllist blk_BL_gamble/urls
    log block.log
    }

    dest blk_BL_government {
    domainlist blk_BL_government/domains
    urllist blk_BL_government/urls
    log block.log
    }

    dest blk_BL_hacking {
    domainlist blk_BL_hacking/domains
    urllist blk_BL_hacking/urls
    log block.log
    }

    dest blk_BL_hobby_cooking {
    domainlist blk_BL_hobby_cooking/domains
    urllist blk_BL_hobby_cooking/urls
    log block.log
    }

    dest blk_BL_hobby_games-misc {
    domainlist blk_BL_hobby_games-misc/domains
    urllist blk_BL_hobby_games-misc/urls
    log block.log
    }

    dest blk_BL_hobby_games-online {
    domainlist blk_BL_hobby_games-online/domains
    urllist blk_BL_hobby_games-online/urls
    log block.log
    }

    dest blk_BL_hobby_gardening {
    domainlist blk_BL_hobby_gardening/domains
    urllist blk_BL_hobby_gardening/urls
    log block.log
    }

    dest blk_BL_hobby_pets {
    domainlist blk_BL_hobby_pets/domains
    urllist blk_BL_hobby_pets/urls
    log block.log
    }

    dest blk_BL_homestyle {
    domainlist blk_BL_homestyle/domains
    urllist blk_BL_homestyle/urls
    log block.log
    }

    dest blk_BL_hospitals {
    domainlist blk_BL_hospitals/domains
    urllist blk_BL_hospitals/urls
    log block.log
    }

    dest blk_BL_imagehosting {
    domainlist blk_BL_imagehosting/domains
    urllist blk_BL_imagehosting/urls
    log block.log
    }

    dest blk_BL_isp {
    domainlist blk_BL_isp/domains
    urllist blk_BL_isp/urls
    log block.log
    }

    dest blk_BL_jobsearch {
    domainlist blk_BL_jobsearch/domains
    urllist blk_BL_jobsearch/urls
    log block.log
    }

    dest blk_BL_library {
    domainlist blk_BL_library/domains
    urllist blk_BL_library/urls
    log block.log
    }

    dest blk_BL_military {
    domainlist blk_BL_military/domains
    urllist blk_BL_military/urls
    log block.log
    }

    dest blk_BL_models {
    domainlist blk_BL_models/domains
    urllist blk_BL_models/urls
    log block.log
    }

    dest blk_BL_movies {
    domainlist blk_BL_movies/domains
    urllist blk_BL_movies/urls
    log block.log
    }

    dest blk_BL_music {
    domainlist blk_BL_music/domains
    urllist blk_BL_music/urls
    log block.log
    }

    dest blk_BL_news {
    domainlist blk_BL_news/domains
    urllist blk_BL_news/urls
    log block.log
    }

    dest blk_BL_podcasts {
    domainlist blk_BL_podcasts/domains
    urllist blk_BL_podcasts/urls
    log block.log
    }

    dest blk_BL_politics {
    domainlist blk_BL_politics/domains
    urllist blk_BL_politics/urls
    log block.log
    }

    dest blk_BL_porn {
    domainlist blk_BL_porn/domains
    urllist blk_BL_porn/urls
    log block.log
    }

    dest blk_BL_radiotv {
    domainlist blk_BL_radiotv/domains
    urllist blk_BL_radiotv/urls
    log block.log
    }

    dest blk_BL_recreation_humor {
    domainlist blk_BL_recreation_humor/domains
    urllist blk_BL_recreation_humor/urls
    log block.log
    }

    dest blk_BL_recreation_martialarts {
    domainlist blk_BL_recreation_martialarts/domains
    urllist blk_BL_recreation_martialarts/urls
    log block.log
    }

    dest blk_BL_recreation_restaurants {
    domainlist blk_BL_recreation_restaurants/domains
    urllist blk_BL_recreation_restaurants/urls
    log block.log
    }

    dest blk_BL_recreation_sports {
    domainlist blk_BL_recreation_sports/domains
    urllist blk_BL_recreation_sports/urls
    log block.log
    }

    dest blk_BL_recreation_travel {
    domainlist blk_BL_recreation_travel/domains
    urllist blk_BL_recreation_travel/urls
    log block.log
    }

    dest blk_BL_recreation_wellness {
    domainlist blk_BL_recreation_wellness/domains
    urllist blk_BL_recreation_wellness/urls
    log block.log
    }

    dest blk_BL_redirector {
    domainlist blk_BL_redirector/domains
    urllist blk_BL_redirector/urls
    log block.log
    }

    dest blk_BL_religion {
    domainlist blk_BL_religion/domains
    urllist blk_BL_religion/urls
    log block.log
    }

    dest blk_BL_remotecontrol {
    domainlist blk_BL_remotecontrol/domains
    urllist blk_BL_remotecontrol/urls
    log block.log
    }

    dest blk_BL_ringtones {
    domainlist blk_BL_ringtones/domains
    urllist blk_BL_ringtones/urls
    log block.log
    }

    dest blk_BL_science_astronomy {
    domainlist blk_BL_science_astronomy/domains
    urllist blk_BL_science_astronomy/urls
    log block.log
    }

    dest blk_BL_science_chemistry {
    domainlist blk_BL_science_chemistry/domains
    urllist blk_BL_science_chemistry/urls
    log block.log
    }

    dest blk_BL_searchengines {
    domainlist blk_BL_searchengines/domains
    urllist blk_BL_searchengines/urls
    log block.log
    }

    dest blk_BL_sex_education {
    domainlist blk_BL_sex_education/domains
    urllist blk_BL_sex_education/urls
    log block.log
    }

    dest blk_BL_sex_lingerie {
    domainlist blk_BL_sex_lingerie/domains
    urllist blk_BL_sex_lingerie/urls
    log block.log
    }

    dest blk_BL_shopping {
    domainlist blk_BL_shopping/domains
    urllist blk_BL_shopping/urls
    log block.log
    }

    dest blk_BL_socialnet {
    domainlist blk_BL_socialnet/domains
    urllist blk_BL_socialnet/urls
    log block.log
    }

    dest blk_BL_spyware {
    domainlist blk_BL_spyware/domains
    urllist blk_BL_spyware/urls
    log block.log
    }

    dest blk_BL_tracker {
    domainlist blk_BL_tracker/domains
    urllist blk_BL_tracker/urls
    log block.log
    }

    dest blk_BL_updatesites {
    domainlist blk_BL_updatesites/domains
    urllist blk_BL_updatesites/urls
    log block.log
    }

    dest blk_BL_violence {
    domainlist blk_BL_violence/domains
    urllist blk_BL_violence/urls
    log block.log
    }

    dest blk_BL_warez {
    domainlist blk_BL_warez/domains
    urllist blk_BL_warez/urls
    log block.log
    }

    dest blk_BL_weapons {
    domainlist blk_BL_weapons/domains
    urllist blk_BL_weapons/urls
    log block.log
    }

    dest blk_BL_webmail {
    domainlist blk_BL_webmail/domains
    urllist blk_BL_webmail/urls
    log block.log
    }

    dest blk_BL_webphone {
    domainlist blk_BL_webphone/domains
    urllist blk_BL_webphone/urls
    log block.log
    }

    dest blk_BL_webradio {
    domainlist blk_BL_webradio/domains
    urllist blk_BL_webradio/urls
    log block.log
    }

    dest blk_BL_webtv {
    domainlist blk_BL_webtv/domains
    urllist blk_BL_webtv/urls
    log block.log
    }

    dest Facebook {
    domainlist Facebook/domains
    redirect http://127.0.0.1:80/sgerror.php?url=403 Error&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }

    rew safesearch {
    s@(google../search?.q=.)@\1&safe=active@i
    s@(google..
    /images.q=.)@\1&safe=active@i
    s@(google../groups.q=.)@\1&safe=active@i
    s@(google..
    /news.q=.)@\1&safe=active@i
    s@(yandex../yandsearch?.text=.)@\1&fyandex=1@i
    s@(search.yahoo..
    /search.p=.)@\1&vm=r@i
    s@(search.live../.q=.)@\1&adlt=strict@i
    s@(search.msn..
    /.q=.)@\1&adlt=strict@i
    log block.log
    }

    acl {

    default {
    pass !in-addr none
    redirect http://127.0.0.1:80/sgerror.php?url=403 Error&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }
    }

    pfSense is © 2004 - 2009 by BSD Perimeter LLC. All Rights Reserved. [view license]
    [Commercial Support Available]



  • You are disable all access and dont allow Facebook.
    Now you HTTP are blocking



  • You can try and look at the traffic as it spools by using:
    tail -f /var/squid/log/access.log
    (using your console or ssh)

    if should show you all the squid traffic as it spools by and thus be able to see if you get any 200/403 messages. (200=allowed and 403=denied)

    Kind regards
    Aubrey



  • dvserg

    My http trafic it is not blocked. I can browse anywere. I think squidguard is not working….

    cyber7

    This folder /var/squid/log/ does not exist. You mean /var/squid/logs ? In this folder i found just cache.log.



  • @cipandales:

    dvserg

    My http trafic it is not blocked. I can browse anywere. I think squidguard is not working….

    cyber7

    This folder /var/squid/log/ does not exist. You mean /var/squid/logs ? In this folder i found just cache.log.

    Probably you configure transparent proxy.
    You are sure what you browser have HTTPaccess via squid ? Enter proxy options (ip/port) directly to the IE.



  • I don't use transparent proxy, as you see in attachament.
    And i don't use acl, either.

    But it doesn't work…

    Thank you for your patience.




  • You need squid for squid guard to work…it looks like nothing is set in squid.



  • Please be more specific.
    What do you mean with setting up squid ? I have installed squid before squidguard and yes, i didn't make any changes to squid.

    Is there anything to setup in squid ?

    Thank you !



  • I used tutorial from http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy and follow the instructions.
    I tried with transparent proxies checked and not checked, reboot etc.
    Still doesn't work.

    Can you help, please ?



  • Squidguard can works if squid does not use transparent proxies ?

    Thanks



  • You must configure squid package. Select interface/enable logging/enterproxy port


Log in to reply