Time Based restriction with Squid & Squid Guard
-
Hi
No, I'm not using custom error page. -
We (kalu and I) have made a custom error page with the code above and some text. It happily redirects there when the page is blocked. But still, SquidGuard does not change from blocking to unblocking and vice-versa at the nominated times. SquidGuard comes up correctly according to the system time when the system boots, or when we restart SquidGuard. But it doesn't seem to take any notice of the current system time as the date/time changes.
We are seeing this on all 4 of our pfSense systems running 2.0.1 nanobsd on Alix boards from NetGate. It seems that some people have this problem, but others do not. Maybe this is related to nanobsd? Maybe there is something in the way that SquidGuard knows the system time that is not working properly on nanobsd? Something related to directories that are readonly on nanoBSD? I am just guessing!
Does anyone have SquidGuard working with times on nanobsd?
The current workaround is to restart SquidGuard as we arrive in the morning and leave in the evening - at the rule time change points.
If anyone can see the problem with our settings, we will be grateful.
-
Same problem for me :-(
-
I am also facing the same problem with pfSense 2.0.1, squidGuard 1.4_2 pkg v.1.9.1 and squid 2.7.9 pkg v.4.3.1 on Atom D410 machine serving 300 users.
When squidGuard used to work properly, there were messages in the log file /var/squidGuard/log/squidGuard.log to that effect:
2012-02-29 11:26:33 [47310] Info: recalculating alarm in 3505 secondsBut now, it doesn't do it automatically. Also, I am seeing a lot of messages to by-pass attempts using multiple slashes:
2012-02-29 11:30:21 [47310] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.microsoft.com/genuine//static/images/wol/Win7TopLogo.png 2012-02-29 11:30:21 [47310] Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://www.microsoft.com/genuine//static/images/wol/merged/gl_horizontal_grad_search.pngThe workaround for now is a script that restarts squidGuard every 30 minutes from a remote server by logging onto webGUI over https.
-
Yes, i'm thinking of a cron job to restart squidguard that executes at 9:00AM and 17:00PM
:( -
I'm sure I noticed this problem on V2.0 also - I don't think that it is a V2.0.1 regression.
-
Also having the same problem here running 2.0-RC1.
Squid: 2.7.9 pkg v.4.3.1
Squidguard: 1.4_2 pkg v.1.9.1I also get the logs about a 'Possible bypass attempt'.
Any news on a fix? Have been through this thread: http://forum.pfsense.org/index.php/topic,41747.msg222093.html#msg222093
But the fix did not work for me. -
Did you configured error response to 302?
http://forum.pfsense.org/index.php/topic,41747.msg225863.html#msg225863 -
No. It's set at "int error page (enter error message)"
It's not a browser cache issue. I have also tested simply doing
"telnet <ip-address>3128"
and requesting page with
"GET http://in.rediff.com HTTP/1.0"
<enter><enter>SquidGuard tells in the log whenever it kicks a scheduler by logging " recalculating alarm in xxx seconds" depending on how many seconds are remaining to kick on or off a scheduler.My observation is that it forgets about it's timekeeping job, until kicked with a reconfigure command.</enter></enter></ip-address>
-
i agree with codemarauder
-
Bumping just to see if there is any interest alive in resolving the issue.
I am still doing "Apply" every 30 mins to keep its scheduler sane.
-
You can workaround this with a script on cron until somebody finds what is wrong.
-
I am hoping to test soon on a 2.1DEV test system to see if FreeBSD 8.3 is any better or different. I am just having trouble getting Squid to install on 2.1 at the moment.
-
You can install squid using pkg_add.
Take a look on files.pfsense.org
After you copy squid link, just do Pkg_add -r link_to_squid_package from console
-
You can workaround this with a script on cron until somebody finds what is wrong.
What would the command be to restart squidguard?
-
On my test 2.1DEV 1G nanobsd system, I did:
pkg_add -r http://files.pfsense.org/packages/8/All/squid-2.7.9_1.tbz
It loads dependencies also, (cyrus, openldap, perl) spits out a lot of messages about things that don't exist during the perl phase. But none of this installs the pfSense-specific bits - the items on the web configurator menus and the php that goes with it. But, of course, it doesn't show up in "Installed Packages". So I can't configure Squid using the web configurator. It would be nice if the "Available Packages" list showed newer versions of the packages. But I have no idea how that list is loaded from a server somewhere.
Am I trying to do this all too early? Are the packages for 2.1DEV not up and running properly yet?
or
Are there more commands I can execute to install all the remaining pfSense bits of the package?Also, how do I know which version and type of packages are supposed to go with 2.1DEV?
There are new tbz packages available dated 5 March, but there are also pbi packages with the same version numbers that have been there a while. I guess that the pbi packages are intended for using pbi_add with future systems based on FreeBSD9.
How does the "Available Packages" page know which version to offer?
Sorry for all the questions - I think I now need to read up on the whole development environment to get involved with testing or debugging!
-
I think the way cino does to install packages on 2.1 on his 2.1 pfsense are
Install pfsense package with gui and then go to console
Install freebsd package with pkg_add. -
I started agaain with a freshly made CF card of 2.1-DEVELOPMENT. Although the "Available Packages" page just show 2.7.9, it actually fetches the 2.7.9_1 pbi file. I discovered that 2.1 is usig the pbi package system, so it is the pbi files that are used for this.
squid loads, I take all the defaults then just select "transparent proxy". It doesn't start, no "squid" user and no /var/squid/cache, so I didpw useradd -g proxy -s /sbin/nologin -d /var/squid -n squid
chown -R squid /var/squid
mkdir /var/squid/cache
squid -zThis makes the squid user, gives it rights to /var/squid, makes the cache dir and initialises the cache.
Now /var/squid/logs/cache.log has good-looking messages in it. A process starts, but thenn it is gone by the time I can look for it from the command line. So there is some other issue still with getting squid running on 2.1-DEVELOPMENT (at least with nanobsd).
I will post this in the more appropriate 2.1 forum topic.
-
any workaround on this problem ?
a cron job to restart squidguard or a fix on squidguard config it self ?
