Dansguardian + Squid 3 not passing traffic for all users
-
Hi guys
I have installed dansguardian and squid3 and configured it in transparent mode and tested it with a handful of users and it works great like other small sites that I have deployed this solution to, but the problem now is that the site I'm trying to deploy to has between 100 and 200 devices accessing the internet at any given time and a lot of users are getting errors when trying to browse the internet.
Because dansguardian is only filtering HTTP traffic we don't see any issue when accessing websites that use HTTPS and the problem also seems to be intermittent among some users, meaning that whilst some users can access one site fine and the squid real-time logs show that traffic is being passed other users will get a "Zero Response" error or timeouts in the browser when accessing the same site or other sites at the same time.
Not too sure why this is happening and wondered if anyone out there who has a working Dansguardian setup at a larger site can offer me some insight or at least point me in the right direction.
-
I would run it with dansguardian + squid unless you have some special need for squid3?
Your configuration gave me nothing but trouble.
-
I would run it with dansguardian + squid unless you have some special need for squid3?
Your configuration gave me nothing but trouble.
It's strange that I have no issues with smaller sites that I have it running at, but now it's a problem. Even adjusting the child processes made no difference, although I have now discovered there seems to be an issue with squid 3 now as well.
Usually I use Squid3 as I find in some cases it has better performance along with the LDAP auth not working as well in previous versions of squid, oh and not too forget the XMLRPC Sync is only in Squid 3 which in this instance is needed.I'm currently rebuilding the firewall and will go with your suggestion of sticking with squid and give a test before I upgrade to squid3
-
Yeah - Let me know how it goes.
-
Squid3 does not work well with dansguardian. I have tried many times, never got it to work.
-
Squid3 does not work well with dansguardian. I have tried many times, never got it to work.
If you feel like testing it again, try my modification in this thread. I had no luck setting up Dansguardian with Squid3 before figuring that out, and now they work great together.
-
Does dans clamd work with it as well?
-
I'm not sure of your issues with clamd asterix, but for me, it was glitchy at first.
Then I wiped my box, reloaded squid.
Then blew away and rebuild squid cache.
Then used squid in transparent mode on the interfaces I wanted. Saved settings. Re-started squid.
Then loaded dansguardian.
In pfsense, console updated freshclam.
Then ticked the little box to enable clam scan in dansguardian config.
Restarted dansguardian.
Never gave me another problem. I eventually did decide I just don't need it, but it always worked.
Thats with squid - not squid3
-
I've re-installed dansguardian and squid instead of squid3 and all is working okay.
Generally I've used dansguardian in the past for small sites along with squid3 but have never had any real issues (except the Web Upload issue, which is easily fixed) but when I say small sites I mean 10 - 20 users/devices max and for larger sites I've used SquidGuard. This was my first attempt at using Dansguardian at a large site.I've tested and used pfSense 2.1 RC1 and see there are squidguard packages for Squid3, I hope that there will be simular packages for dansguardian and can't wait for 2.1 to be released as dansguardian is so much better at filtering than SquidGuard.
-
Great. I hope that is trouble free for you.
-
Squid3 does not work well with dansguardian. I have tried many times, never got it to work.
If you feel like testing it again, try my modification in this thread. I had no luck setting up Dansguardian with Squid3 before figuring that out, and now they work great together.
I am planning to go 2.1 route again shortly. Thanks to VMs I can shut down my 2.0.3 instance and install a new one for testing. Will give dans and Squid3 another chance and see how it goes.
-
So I put up a new 2.1 instance with Dans and Squid3. Same issue.. dans wouldn't filter and clamd won't work. Created the missing directories and gave the permissions. freshclam download was even successful but the dans service itself wouldn't filter anything. Tried the code change in dans.inc file as well…
Will give another shot with Squid2 instead.
-
Can you see things coming through in your /var/log/dansguardian/access.log file? What about in /var/squid/logs/access.log?
-
Nothing there.. It is an amd64 package issue or maybe a VM issue for pfsense v2.1. Not sure yet. Folks with i386 dans have it working without any problem.
-
I have a working WPAD+Captive Portal+Squid3+Dansguardian setup on PFSense 2.1.
Dansguardian are blocking web sites as well as the built in Anti-Virus.
1. user connect to the AP and got an IP address from PFsense dhcp.
2. user opens browser and Captive Portal appears. It also download the wpad script to enable autoproxy.
3. user input credentials (username/password/voucher).
4. user can now browse to the internet thru squid3 proxy.
5. when the user goes to a prohibited site, Dansguandian blocked page appears.
6. when the user downloads file with virus, Dansguardian block page appears.p.s. tested on Apple IOS, Android, Windows browser (Chrome, Mozilla, IE)
regards,
emong
-
I have squid3-dev working fine with dansguardian.
set high values on dansguardian config for large sites.
