Squid and squidGuard simply aren't usable
-
I'm curious to know how everyone else has their Squid and squidGuard set up?
Has everyone here that uses squidGuard to filter web sites and urls manually defined each destination through the GUI and then added in all the domains and urls for each destination?
If you browse to Services > Proxy Filter > Destinations: you can see all you defined destinations, their domains and urls, but this means every time I browse there to add a new category or domain/url entry this page will first load all of my destinations and their entries? This will make pfSense unusable as I have millions of entries to migrate over from our existing squidGuard box? Also squidGuard in pfSense won't accept IPs under a destination definition but this is support by squidGuard? Also pfSense doesn't like it if a domain I wish to filter ends with a TLD unknown to pfSense? What is the point in that?
pfSense seems to have ruined the functionality of squidGuard IMO because the web interface is interfering; How are others working around/with this?
-
English is not my native.
Can you describe your claim is more simply - by list?
1. …
2. ...
3. ...If you browse to Services > Proxy Filter > Destinations: you can see all you defined destinations, their domains and urls, but this means every time I browse there to add a new category or domain/url entry this page will first load all of my destinations and their entries? This will make pfSense unusable as I have millions of entries to migrate over from our existing squidGuard box?
You can download blacklist from the internet.
You can download blacklist with own the collection sites.
Via Gui must be added only some sites/domains.Also squidGuard in pfSense won't accept IPs under a destination definition but this is support by squidGuard?
This is a bug, what will be fixed. Now you can use expressions for IP - 10.30.0.1 > (10.30.0.1)
Thanks.
-
jamesb,
squid and squidGuard Do work on pfSense-1.2.3-RELEASE.
I was a newbie to pfSense about a year ago and found it daunting at the time.
Please post screenshots of both your squid , general settings,and also your 'destinations' page screen shot as well.
This lets other help you more so, than vague explanations.
Also post a couple screen shots of your squidGuard page(s) as well.
Seeing these I bet someone here can tell you exactly what you need to change to get these two working as they should.
My guess is (possibly) after doing all your settings as they appear to be correct you did NOT click the "APPLY" button on squidGuard,to 'kick' everything into motion
Voice of experience,talking here.Take Care,
Barry -
Sorry guys I think you aren't getting what I'm suggesting;
"If you browse to Services > Proxy Filter > Destinations: you can see all you defined destinations, their domains and urls, but this means every time I browse there to add a new category or domain/url entry this page will first load all of my destinations and their entries? This will make pfSense unusable as I have millions of entries to migrate over from our existing squidGuard box?"
Do you get what I'm saying? I have millions of entries to add, if the default behavior of pfSense is to display them all every time I go to add a new one, it will slow down the pfSense box, my browser and anyone surfing through the box at the same time.
"Also squidGuard in pfSense won't accept IPs under a destination definition but this is support by squidGuard?"
Again I thought I was being pretty clear but perhaps bot, I can't enter IP addresses in pfSense as a domain entry which IS something squidGuard supports as I current use this on our existing squidGuard box.
How are others filtering lists of IP addresses? How are others having large comprehensive block lists if pfSense displays your entire BL DB on the screen all the time if will surely kill your browser and slow pfSense down considerably?
-
jamesb, as dvserg mentioned not been able to add an IP address is a bug and that will be fixed. He has given a suggestion as to how to work around that in the interim.
As for your millions of entries - do you have millions of categories with multiple websites in each category?
-
Hello :)
At present 101 categories with 3.3M entries.
(TBH I have uninstalled squid and squidGaurd, I've set it up else where but I am still interested to hear what people have to say)
-
As I have already said that the bug with IP address will be corrected as soon as time permits.
Displays lists of destinations may also think to change.
I want to make a remark about the migration of large lists - you can take squidguard database and move it as its own Blacklist to another server. Need to look how such lists are formed on the Internet.–-
So, you have the opportunity to make their own version of the package and offer the community -
"you can take squidguard database and move it as its own Blacklist to another server."
I did think this also (I have done this with stand alone squidGuard installations, not part of a larger system like pfSense).
However with pfSense, all settings are stored within the xml files as well as the package configs (it appears) so I would have to some how add all these entries ass formated XML entries in the squidGuard xml file? Simply copying across the DB folder and squidGuard config, setting the correct permissions and restarting squidGuard had no effect (I tired this a number of times with no success).
-
Simply copying across the DB folder and squidGuard config, setting the correct permissions and restarting squidGuard had no effect (I tired this a number of times with no success).
About copying database nobody spoke. Blacklist - is a catalogs, packaged in the archive.It can be imported via webgui.
Also packages configs can be exported/imported from one to other pfSense boxes
-
About copying database nobody spoke.
Err, yeah, you mentioned it:
you can take squidguard database and move it as its own Blacklist to another server.
Anyway…Enough of this...I just wanted to point out based on my situation, squidGuard can't be migrated from a non-pfSense box to a pfSense box nor can squidGuard under pfSense be used for filtering anything other than on small scale (perhaps blocking ALL web access and just defining allowed web sites would have to be the way forward?).
Thanks for your time.
-
Anyway…Enough of this...I just wanted to point out based on my situation, squidGuard can't be migrated from a non-pfSense box to a pfSense box nor can squidGuard under pfSense be used for filtering anything other than on small scale (perhaps blocking ALL web access and just defining allowed web sites would have to be the way forward?).
Agreed - using the Shallalist which has about 72 categories isn't too bad and is manageable. However once going into the 100's things do become cosmetically less pleasing and less manageable. Ideally the gui should show probably provide a summarized view of the categories which then can be expanded and further fine tuned. Offering that view would be a little hard to put together, as the user has a choice on where they can get their own blacklist db from and the summarized view would need to know what to summarize on.
So as dvserg mentions patches/a new package is welcome :)
-
SquidGuard updated:
- Removed extra columns in Dest table
- Fixed support IP addresses in Dest-Domains.
*Note: Now 'Not use IP options' not affected for 'whitelist'.