Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard redirectors configuration in GUI

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fneto
      last edited by

      Hi all!

      I'm writing to give a suggestion that I think maybe usefull for a lot of people and will help to get pfSense even better!

      We have some big networks behind pfsense (700 to 1500 pc's) and we use squid3 with squidguard to control the navigation of these users, but in this kind of installation the default number of squidguard redirectors that is configured in squid (5) isn't enough to handle all of those requests, then we need to manually edit this parameter in the squidguard_configurator.inc file.

      But the problem is if we update the package the default value come back and we need to make the manual customization again.

      So I'd like to suggest that you put these parameter as a configuration option in the GUI to make it easy to be adjusted and persistent across package updates ok!

      I don't know how exactly I can help inthis case but if it's possible I'll be very glad in help ok!

      Thanks!

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        I would suggest that, too, but it needs to be configured different for the different versions of squid.
        Until squid 3.1 the syntax was:

        url_rewrite_children 5
        

        Since version 3.2 and newer it is different:
        http://www.squid-cache.org/Doc/config/url_rewrite_children/

        It depends on what version you want to modify but you can find them here:
        https://github.com/pfsense/pfsense-packages/tree/master/config/squidGuard

        You probably need to modify:
        squidguard.inc
        squidguard.xml
        squidguard_configurator.inc

        1 Reply Last reply Reply Quote 0
        • T
          Tikimotel
          last edited by

          fneto,

          you can make it a bit easier by installing the "system patches" package.
          Here's my patch which I can apply to fix "SquidGuard_configuration.inc" without manual editing the file every time I update the 2.1RC install.

          I run Squid3-dev and squidGuard-squid3 packages.

          First install the "system patches" package.
          create a new patch in "System: Patches" ( the plus icon ).

          We are creating a manual patch (applying and testing with 2 mouse clicks instead of editing the file by hand every time)

          Edit Patch Entry
          Description: "squidGuard-squid3 fix"
          URL/Commit ID: "(leave empty, we are not using an URL)"
          patch contents:

          
          --- squidguard_configurator.inc.orig
          +++ squidguard_configurator.inc
          @@ -94,3 +94,3 @@
          -define('REDIRECTOR_OPTIONS_REM',   '# squidGuard options');
          -define('REDIRECTOR_PROGRAM_OPT',   'redirect_program');
          -define('REDIRECT_BYPASS_OPT',      'redirector_bypass');
          +define('REDIRECTOR_OPTIONS_REM',   '# squidGuard options');
          +define('REDIRECTOR_PROGRAM_OPT',   'url_rewrite_program');
          +define('REDIRECT_BYPASS_OPT',      'url_rewrite_bypass');
          @@ -98,1 +98,1 @@
          -define('REDIRECTOR_PROCESS_COUNT', '5'); # redirector processes count will started
          +define('REDIRECTOR_PROCESS_COUNT', '12 startup=8 idle=6 concurrency=0'); # redirector processes count will started
          
          

          Path Strip Count: 0
          Base Directory: "/usr/local/pkg/"
          (press Save)

          I've used 12 as a maximum, 8 on startup and 6 for idle, you can change it yourself first before testing and applying the patch.
          I'm assuming "concurrency=0", because squidguard is an older type of redirector program.

          Test it, then apply it!

          Need different options?
          Remember to first revert it, change the patch content then test it and apply it again.

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            @Tikimotel

            This is an interesting idea. Will save me some time when updating squid or squidguard. And I need to change sgerror.php after every upgrade so the system patches package could help me.

            My question is:
            How to get the diff file? I have the original and the modified - what command do I have to use to make a diff from that?
            This are probably Linux/BSD basics ;-)

            1 Reply Last reply Reply Quote 0
            • T
              Tikimotel
              last edited by

              I use winSCP to edit files and look at the line numbers and number of changed lines.
              The syntax I looked up from the github/bug database site (tab : activity).

              The test function will tell you if the patch can be applied and reverted safely.
              (and many test tries, before finally applying the patch)

              1 Reply Last reply Reply Quote 0
              • F
                fneto
                last edited by

                Hi Tikimotel, I have followed your instructions and I could create the patch to squidGuard redirectors and another patch to squid configuration to bypass proxy for some sites.

                But I have a question, my patch was correctly applied but I can't put the tab identation in the line. Do you know what character is the tab character to put in the begining of the line?

                Thanks!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.