Squid & QuidGuard - Update webinterface after manual modifications
-
File /conf/config.xml
Section <squidguarddest>…</squidguarddest>, Copy From & Replace To -
Thanks for your quick answer.
I will dev a shell script to do this. -
Thanks for your quick answer.
I will dev a shell script to do this.Now, I would like to export my whitelist in all others pfsense.
I mean this is for copy 'Destinations' only.
-
Hi,
Yes, Destinations only.
Now, config.xml is updated successfuly, but when I refresh my web browser (F5), news URL are not present… ??? >:( >:( ???I proceeded like this :
1. Add news domains in /var/db/squidGuard/whitelist/domains (one domain by line)
2. Update domain.db (with /usr/local/bin/squidGuard -C domains)
3. Execute my script (whitch update /cf/conf/config.xml)
4. Restart squid (with /usr/etc/rc.d/squid.sh restart) -
UP.
Anyone help me ? -
Hi,
Yes, Destinations only.
Now, config.xml is updated successfuly, but when I refresh my web browser (F5), news URL are not present… ??? >:( >:( ???I proceeded like this :
1. Add news domains in /var/db/squidGuard/whitelist/domains (one domain by line)
2. Update domain.db (with /usr/local/bin/squidGuard -C domains)
3. Execute my script (whitch update /cf/conf/config.xml)
4. Restart squid (with /usr/etc/rc.d/squid.sh restart)This is not right. Explain what you want to achieve?
Exists blacklist (downloaded as is) and exists user-defined destinations (defined via WebGUI). -
I want to synchronize the whitelist of squid from my main pfsense to other pfsense.
To do this, the goal is :
1. Update whitelist on my main pfsense
2. Every day, launch a cronjob witch update all others pfsense ' whitelistsThis is impossible in graphic mode, that's why I want to do with rsync
My proxy as no blacklist definied…
Just 2 access : A VIP user (with no restriction), and a restricted user who access only to the whitelist -
I want to synchronize the whitelist of squid from my main pfsense to other pfsense.
To do this, the goal is :
1. Update whitelist on my main pfsense
2. Every day, launch a cronjob witch update all others pfsense ' whitelistsThis is impossible in graphic mode, that's why I want to do with rsync
My proxy as no blacklist definied…
Just 2 access : A VIP user (with no restriction), and a restricted user who access only to the whitelist1. You must create a Destination element with the same name in both pfSense's; Define ACL's and rules; Apply config.
2.
Way A.- Copy You /var/db/squidGuard/whitelist/domains from first pfSense to second pfsense
- Update domain.db (with /usr/local/bin/squidGuard -C domains)
- Restart squid (with /usr/etc/rc.d/squid.sh restart)
But this way up-to the first reboot or squidGuard Web-gui change.
Way B
- copy Destination (update /cf/conf/config.xml) from first pfSense to second pfSense
- Execute php script with
require_once ('/usr/local/pkg/squidguard.inc'); sg_reconfigure();This way the best.
-
For you, second solution is the best, but for me it's first.
I would like to have a bidirectional synchronization… but I tkink it will be impossible.
I have one person by site who update URL list of her pfsense.
When one of these persons update her URL whitelist, 24 hours later, all whitelist are updated.Site B ---->
Site C ----> rsync whitelist ----> Main site
Site D ----> |
etc... |
^ |
|_______________________________|
rsync new whitelistSorry for this horrible schema ;)
-
This my script :
update_whitelist.sh
while read ligne
do
newchaine=$newchaine$ligne' 'done < /var/db/squidGuard/listeblanche/domains
echo New Chain : $newchainesed "s/(<domains>)[^<]*/\1$newchaine/" /cf/conf/config.xml > /cf/conf/result
mv -f /cf/conf/result /cf/conf/config.xml/usr/local/bin/squidGuard -C domains
/usr/local/etc/rc.d/squid.sh restart</domains>1. In /var/db/squidGuard/listeblanche/domains I add new URL (one per line) on my main pfsense
2. Every day, I synchronize my file "domains" with cronjob (From my main pfsense to others pfsense)
3. Every day, after this synchronization, I launch the same script on others pfsense with a cronjob.It's okey on one pfsense. I have to test with others.
One problem stays.
I hope it will be possible to improve this process to do a bidirectional synchronization.