Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard-squid3 и ограничение по времени

    Scheduled Pinned Locked Moved Russian
    1 Posts 1 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      D_Sergeevich
      last edited by

      Приветствую.
      Поставил чистый 2.1-RELEASE (i386), squid3 и squidGuard-squid3.
      В Times группу с временем 08:00-11:59 в Groups ACL создал группу с ip и указал там эту группу со временем в промежутке которого должен блокироваться интернет.
      Проблема в том что при наступлении 08:00 интернет не блокируется, нужно нажать в General settings кнопку Apply тогда время начинает действовать и доступ в инет закрыт, потом при наступлении 12:00 интернет также закрыт, нужно опять же нажать кнопку Apply и тогда все заработает. Т.е. он сам без рестарта не "открывает - закрывает" В чем проблема? такая проблема была также на версии 2.0.1 на другом железе.

      Привожу конфиги.

      # This file is automatically generated by pfSense
      # Do not edit manually !
      http_port 192.168.1.2:3128
      http_port 127.0.0.1:3128 intercept
      icp_port 7
      dns_v4_first off
      pid_filename /var/run/squid.pid
      cache_effective_user proxy
      cache_effective_group proxy
      error_default_language ru
      icon_directory /usr/pbi/squid-i386/etc/squid/icons
      visible_hostname localhost
      cache_mgr admin@localhost
      access_log /var/squid/logs/access.log
      cache_log /var/squid/logs/cache.log
      cache_store_log none
      sslcrtd_children 0
      logfile_rotate 60
      shutdown_lifetime 3 seconds
      # Allow local network(s) on interface(s)
      acl localnet src  192.168.1.0/24
      uri_whitespace strip
      
      acl dynamic urlpath_regex cgi-bin ?
      cache deny dynamic
      cache_mem 512 MB
      maximum_object_size_in_memory 32 KB
      memory_replacement_policy heap GDSF
      cache_replacement_policy heap LFUDA
      cache_dir ufs /var/squid/cache 3000 16 256
      minimum_object_size 0 KB
      maximum_object_size 4 KB
      offline_mode offcache_swap_low 90
      cache_swap_high 95
      
      # No redirector configured
      
      #Remote proxies
      
      # Setup some default acls
      acl allsrc src all
      acl localhost src 127.0.0.1/32
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
      acl sslports port 443 563  
      acl manager proto cache_object
      acl purge method PURGE
      acl connect method CONNECT
      
      # Define protocols used for redirects
      acl HTTP proto HTTP
      acl HTTPS proto HTTPS
      
      http_access allow manager localhost
      
      http_access deny manager
      http_access allow purge localhost
      http_access deny purge
      http_access deny !safeports
      http_access deny CONNECT !sslports
      
      # Always allow localhost connections
      http_access allow localhost
      
      request_body_max_size 0 KB
      delay_pools 1
      delay_class 1 2
      delay_parameters 1 -1/-1 -1/-1
      delay_initial_bucket_level 100
      delay_access 1 allow allsrc
      
      # Reverse Proxy settings
      
      # Package Integration
      redirect_program /usr/pbi/squidguard-squid3-i386/bin/squidGuard -c /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf
      redirector_bypass off
      url_rewrite_children 5
      
      # Custom options
      
      # Setup allowed acls
      # Allow local network(s) on interface(s)
      http_access allow localnet
      # Default block all to be sure
      http_access deny allsrc
      
      
      logdir /var/squidGuard/log
      dbhome /var/db/squidGuard
      
      # 
      time Block {
      	weekly * 08:00-11:59
      }
      
      # 
      src Block_time {
      	ip     192.168.1.11-192.168.1.18
      	ip     192.168.1.6
      }
      
      # 
      dest AllowUrl {
      	domainlist AllowUrl/domains
      }
      
      # 
      rew safesearch {
      	s@(google..*/search?.*q=.*)@&safe=active@i
      	s@(google..*/images.*q=.*)@&safe=active@i
      	s@(google..*/groups.*q=.*)@&safe=active@i
      	s@(google..*/news.*q=.*)@&safe=active@i
      	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
      	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
      	s@(search.live..*/.*q=.*)@&adlt=strict@i
      	s@(search.msn..*/.*q=.*)@&adlt=strict@i
      	s@(.bing..*/.*q=.*)@&adlt=strict@i
      }
      
      # 
      acl  {
      	# 
      	Block_time  within Block {
      		pass !in-addr AllowUrl none
      		} else {
      		pass !in-addr AllowUrl all
      		redirect http://192.168.1.2:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
      	}
      	# 
      	default  {
      		pass !in-addr all
      		redirect http://192.168.1.2:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
      	}
      }
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.