SquidGuard redirectors configuration in GUI



  • Hi all!

    I'm writing to give a suggestion that I think maybe usefull for a lot of people and will help to get pfSense even better!

    We have some big networks behind pfsense (700 to 1500 pc's) and we use squid3 with squidguard to control the navigation of these users, but in this kind of installation the default number of squidguard redirectors that is configured in squid (5) isn't enough to handle all of those requests, then we need to manually edit this parameter in the squidguard_configurator.inc file.

    But the problem is if we update the package the default value come back and we need to make the manual customization again.

    So I'd like to suggest that you put these parameter as a configuration option in the GUI to make it easy to be adjusted and persistent across package updates ok!

    I don't know how exactly I can help inthis case but if it's possible I'll be very glad in help ok!

    Thanks!



  • I would suggest that, too, but it needs to be configured different for the different versions of squid.
    Until squid 3.1 the syntax was:

    url_rewrite_children 5
    

    Since version 3.2 and newer it is different:
    http://www.squid-cache.org/Doc/config/url_rewrite_children/

    It depends on what version you want to modify but you can find them here:
    https://github.com/pfsense/pfsense-packages/tree/master/config/squidGuard

    You probably need to modify:
    squidguard.inc
    squidguard.xml
    squidguard_configurator.inc



  • fneto,

    you can make it a bit easier by installing the "system patches" package.
    Here's my patch which I can apply to fix "SquidGuard_configuration.inc" without manual editing the file every time I update the 2.1RC install.

    I run Squid3-dev and squidGuard-squid3 packages.

    First install the "system patches" package.
    create a new patch in "System: Patches" ( the plus icon ).

    We are creating a manual patch (applying and testing with 2 mouse clicks instead of editing the file by hand every time)

    Edit Patch Entry
    Description: "squidGuard-squid3 fix"
    URL/Commit ID: "(leave empty, we are not using an URL)"
    patch contents:

    
    --- squidguard_configurator.inc.orig
    +++ squidguard_configurator.inc
    @@ -94,3 +94,3 @@
    -define('REDIRECTOR_OPTIONS_REM',   '# squidGuard options');
    -define('REDIRECTOR_PROGRAM_OPT',   'redirect_program');
    -define('REDIRECT_BYPASS_OPT',      'redirector_bypass');
    +define('REDIRECTOR_OPTIONS_REM',   '# squidGuard options');
    +define('REDIRECTOR_PROGRAM_OPT',   'url_rewrite_program');
    +define('REDIRECT_BYPASS_OPT',      'url_rewrite_bypass');
    @@ -98,1 +98,1 @@
    -define('REDIRECTOR_PROCESS_COUNT', '5'); # redirector processes count will started
    +define('REDIRECTOR_PROCESS_COUNT', '12 startup=8 idle=6 concurrency=0'); # redirector processes count will started
    
    

    Path Strip Count: 0
    Base Directory: "/usr/local/pkg/"
    (press Save)

    I've used 12 as a maximum, 8 on startup and 6 for idle, you can change it yourself first before testing and applying the patch.
    I'm assuming "concurrency=0", because squidguard is an older type of redirector program.

    Test it, then apply it!

    Need different options?
    Remember to first revert it, change the patch content then test it and apply it again.



  • @Tikimotel

    This is an interesting idea. Will save me some time when updating squid or squidguard. And I need to change sgerror.php after every upgrade so the system patches package could help me.

    My question is:
    How to get the diff file? I have the original and the modified - what command do I have to use to make a diff from that?
    This are probably Linux/BSD basics ;-)



  • I use winSCP to edit files and look at the line numbers and number of changed lines.
    The syntax I looked up from the github/bug database site (tab : activity).

    The test function will tell you if the patch can be applied and reverted safely.
    (and many test tries, before finally applying the patch)



  • Hi Tikimotel, I have followed your instructions and I could create the patch to squidGuard redirectors and another patch to squid configuration to bypass proxy for some sites.

    But I have a question, my patch was correctly applied but I can't put the tab identation in the line. Do you know what character is the tab character to put in the begining of the line?

    Thanks!