Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid Guard Resets Each day - Time based ACLS

    pfSense Packages
    3
    4
    2880
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      H2wk last edited by

      Hey guys….

      Really weird issue... I have set up time based ACLS... these work 100% no problems at all... The only issues happen that some how the settings become un applied in squid each day sometime during the night...

      THe reason i say this is the each day i come into the  office the time based ACLs don't start automatically... i need to click apply each morning before the time based acls will kick in... Really confusing as they where working 100% for about a week after i upgraded from 1.2.1 to 2.0.

      Please help...

      P.s. I know there is a thread on hear somewhere that has similar issues but couldn't find it... Thanks...

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke last edited by

        This is the other thread:

        http://forum.pfsense.org/index.php/topic,41747.0/topicseen.html

        1 Reply Last reply Reply Quote 0
        • H
          H2wk last edited by

          @Nachtfalke:

          This is the other thread:

          http://forum.pfsense.org/index.php/topic,41747.0/topicseen.html

          unfortunately that doesn't help… i have check my system time setting and this has made no difference... the times work great. its not an issue of time... its an issue of having to click apply each morning when i come into the office...

          hmmm...

          here are the proxy config settings...

          
           # Do not edit manually !
          http_port 10.2.0.1:3128
          icp_port 0
          
          pid_filename /var/run/squid.pid
          cache_effective_user proxy
          cache_effective_group proxy
          error_directory /usr/local/etc/squid/errors/English
          icon_directory /usr/local/etc/squid/icons
          visible_hostname tablemountian
          cache_mgr andrew@tsctech.com
          access_log /var/squid/log/access.log
          cache_log /var/squid/log/cache.log
          cache_store_log none
          shutdown_lifetime 3 seconds
          # Allow local network(s) on interface(s)
          acl localnet src  10.2.0.0/255.255.255.0
          forwarded_for off
          via off
          httpd_suppress_version_string on
          uri_whitespace strip
          
          cache_mem 800 MB
          maximum_object_size_in_memory 32 KB
          memory_replacement_policy heap GDSF
          cache_replacement_policy heap LFUDA
          cache_dir ufs /var/squid/cache 100000 16 256
          minimum_object_size 0 KB
          maximum_object_size 4 KB
          offline_mode off
          cache_swap_low 90
          cache_swap_high 95
          
          # No redirector configured
          
          # Setup some default acls
          acl all src 0.0.0.0/0.0.0.0
          acl localhost src 127.0.0.1/255.255.255.255
          acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
          acl sslports port 443 563  
          acl manager proto cache_object
          acl purge method PURGE
          acl connect method CONNECT
          acl dynamic urlpath_regex cgi-bin ?
          acl allowed_subnets src 10.2.0.0/24 
          acl unrestricted_hosts src '/var/squid/acl/unrestricted_hosts.acl'
          cache deny dynamic
          http_access allow manager localhost
          
          http_access deny manager
          http_access allow purge localhost
          http_access deny purge
          http_access deny !safeports
          http_access deny CONNECT !sslports
          
          # Always allow localhost connections
          http_access allow localhost
          
          request_body_max_size 0 KB
          reply_body_max_size 0 deny all
          delay_pools 1
          delay_class 1 2
          delay_parameters 1 -1/-1 -1/-1
          delay_initial_bucket_level 100
          delay_access 1 allow all
          
          # Custom options
          redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
          redirector_bypass on
          redirect_children 3
          # These hosts do not have any restrictions
          http_access allow unrestricted_hosts
          # Setup allowed acls
          # Allow local network(s) on interface(s)
          http_access allow allowed_subnets
          http_access allow localnet
          # Default block all to be sure
          http_access deny all
          
          
          1 Reply Last reply Reply Quote 0
          • N
            nl last edited by

            Same issue. Need to click on "Apply". Perhaps, a poor solution would be to set a cronjob ….

            1 Reply Last reply Reply Quote 0
            • First post
              Last post