Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 issues related to dansguardian (ssl content filtering & xforwardedfor + squid)

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elemay
      last edited by

      Hi,

      i've got dansguardian running forwarding to squid on pfSense 2.0.1 amd 64

      dansguardian = LAN
      squid = loop

      i've 2 problems now :)

      1. if i want to enable ssl filtering i only got an error message like: sec_error_invalid_time

      i created the certs with cert manager in pfsense, all default options. one internal ca and one user cert.

      2. if i look at my lightsquid proxy report i only see localhost as the user requesting sites, i enabled use xforwardedfor in dansguardian (also tried use forwardedfor)

      any hints?

      thanks.

      1 Reply Last reply Reply Quote 0
      • E
        elemay
        last edited by

        OK :)

        SSL error seems related to http://forum.pfsense.org/index.php?topic=46207.0

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          You need to change squid log format to change real ip to xforward ip.

          The ssl is a issue I could not fix yet.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • E
            elemay
            last edited by

            Hi,

            and thanks to your fast reply :)

            How do i change the log behaviour?

            i couldn't find it on the webgui.

            is it right to use xforwardedfor in dansguardian?

            thanks again :)

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              This is the way to pass client real ip.

              I'm not sure if this log change can be done via squid gui.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • E
                elemay
                last edited by

                if i use the example method from squid-cache.org, edited to my needs

                acl localhost src 127.0.0.1;acl my_other_proxy srcdomain .workgroup.local;follow_x_forwarded_for allow localhost;follow_x_forwarded_for allow my_other_proxy;log_uses_indirect_client on;

                i can't access the internet anymore. squid tells me access denied.

                if anyone has an idea, i would be glad to hear :)

                1 Reply Last reply Reply Quote 0
                • E
                  elemay
                  last edited by

                  Hi,

                  found the solution.

                  add to squid custom options

                  log_uses_indirect_client on;follow_x_forwarded_for allow localhost;

                  and in dansguardian choose:

                  General -> useforwardedfor

                  if you have more subents using dansguardian and squid only listening to loop then add them to allowed subnets under access control in squid config tab.

                  have a nice day!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.