Squid + squidguard No respeta cambios.



  • Que tal a todos,

    Tengo problemas con squid +squidguard, si recuerdan hace poco lo implemente en la empresa en la que trabajo.

    Esta configurado transparente, pero cuando bloqueo una pagina, por ejemplo mercadolibre.. y despues la quiero desbloquear, squid no respeta los cambios a la blacklist que hago.

    Intente deteniendo el servicio, y reiniciandolo. Nada.
    Reiniciando el servicio. Nada
    Reiniciando el firewall. Nada.

    Se tiene que hacer algo distinto para que respete los cambios hechos ?



  • Eso se discutió hace tiempo. Hay un comentario en el configurador de squidGuard que dice que hay que hacer Save y después reiniciar.



  • Doy click en save..

    De hecho la lista la muestra con los nuevos valores, pero cuando intentas entrar a la pagina desde los clientes sigue mandando la pantalla de bloqueo.

    Ya limpie cache del cliente tambien. y Nada.



  • Parece que los cambios no son inmediatos….

    Tarda unos minutos en realizarlos.

    Ya funciona.

    Gracias Bellera!



  • ¡Me alegro!

    Llego tarde, pero ahí está la explicación que no encontraba… pero recordaba...

    https://forum.pfsense.org/index.php?topic=56560.msg305579#msg305579

    Si tienes listas muy largas, efectivamente, el proceso dura minutos.

    En un proxy bastante grande que manejo fuera de pfSense hago los cambios durante el día y una tarea programada hace el resto por la noche.

    Así no mareo la instalación durante las horas de trabajo…



  • Que tal revivo este post,

    Sigue presentando la misma falla…. despues de hacer cambios, guardar y reiniciar servicios el bloque persiste.

    _Request denied by pfSense proxy: 403 Forbidden

    Reason:
    Client address: ********
    Client name: ******.local
    Client group: default
    Target group: in-addr
    URL: http://*******2/cfd/web/ticketNumber.aspx_

    En terminos generales, que se hace en estos casos ?

    Recuerdo hace algunos años haber trabajado para una empresa que utilizaba squid y en funcionamientos "raros" del proxy desistalaban y reinstalaban (borraban cache) todo,
    En pfsense no se si sea una buena opcion.
    Y no tengo idea como hacerlo…

    Se borra todo el paquete ? y se instala de nuevo ?



  • in-addr

    Tienes denegado el acceso por IP en squidGuard.

    Proxy filter SquidGuard: Common Access Control List (ACL): Do not allow IP-Addresses in URL

    una empresa que utilizaba squid y en funcionamientos "raros" del proxy desistalaban y reinstalaban (borraban cache) todo

    Afortunadamente, nunca he tenido problemas de ese tipo con FreeBSD + squid + squidGuard.

    Sigue presentando la misma falla…. despues de hacer cambios, guardar y reiniciar servicios el bloque persiste.

    Por favor, postea versión de pfSense y de cada uno de los paquetes (squid y squidGuard). A ver si te podemos orientar de cómo auditar tu instalación.



  • Adjunto pantallazos de los solicitado,

    Gracias de antemano.



    ![Sin títulow.png](/public/imported_attachments/1/Sin títulow.png)
    ![Sin títulow.png_thumb](/public/imported_attachments/1/Sin títulow.png_thumb)



  • Veo que tienes listas negras como whilelist

    Esas listas están pensadas para deny o –-- (nada).

    Ver imagen.

    Modifica eso, haz [Save] para guardar los cambios y [Apply] para cerrar/reabrir los procesos de squidGuard.

    Si sigues igual, ve a Proxy filter SquidGuard: Log page: Filter config y copia/pega el contenido de squidGuard.conf

    Márcalo comopara que lo podamos ver mejor.

    ![Captura de 2014-04-05 21:07:15.png](/public/imported_attachments/1/Captura de 2014-04-05 21:07:15.png)
    ![Captura de 2014-04-05 21:07:15.png_thumb](/public/imported_attachments/1/Captura de 2014-04-05 21:07:15.png_thumb)



  • Estaba pensando que supongo que tu lista termina con Default access [all] allow

    Ver imagen

    ![Captura de 2014-04-05 21:18:04.png_thumb](/public/imported_attachments/1/Captura de 2014-04-05 21:18:04.png_thumb)
    ![Captura de 2014-04-05 21:18:04.png](/public/imported_attachments/1/Captura de 2014-04-05 21:18:04.png)



  • Así es Bellera,

    La lista termina con Default access [all] allow

    Por otro lado, no entendí tu recomendación de los deny / –--

    Todo tiene q estar seteado como "deny" ? todas las opciones de la lista ?

    de cualquier manera pego mi configuración:

    # This file is automatically generated by pfSense
    # Do not edit manually !
    http_port 192.168.5.254:3128
    http_port 127.0.0.1:3128 intercept
    icp_port 7
    dns_v4_first off
    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_default_language es
    icon_directory /usr/pbi/squid-amd64/etc/squid/icons
    visible_hostname pfsense
    cache_mgr admin@al
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    sslcrtd_children 0
    logfile_rotate 7
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src  192.168.5.0/24
    httpd_suppress_version_string on
    uri_whitespace strip
    
    acl dynamic urlpath_regex cgi-bin ?
    cache deny dynamic
    cache_mem 1024 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir aufs /var/squid/cache 8000 16 256
    minimum_object_size 0 KB
    maximum_object_size 4 KB
    offline_mode offcache_swap_low 90
    cache_swap_high 95
    
    # No redirector configured
    
    #Remote proxies
    
    # Setup some default acls
    acl allsrc src all
    acl localhost src 127.0.0.1/32
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
    acl sslports port 443 563  
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    
    # Define protocols used for redirects
    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    
    acl allowed_subnets src 192.168.5.0/24
    acl unrestricted_hosts src '/var/squid/acl/unrestricted_hosts.acl'
    acl blacklist dstdom_regex -i '/var/squid/acl/blacklist.acl'
    http_access allow manager localhost
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    http_access allow localhost
    
    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc
    
    # Reverse Proxy settings
    
    # Package Integration
    redirect_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
    redirector_bypass off
    url_rewrite_children 5
    
    # Custom options
    
    # These hosts do not have any restrictions
    http_access allow unrestricted_hosts
    # Block access to blacklist domains
    http_access deny blacklist
    # Setup allowed acls
    # Allow local network(s) on interface(s)
    http_access allow allowed_subnets
    http_access allow localnet
    # Default block all to be sure
    http_access deny allsrc
    
    


  • @bellera:

    Veo que tienes listas negras como whitelist

    Esas listas están pensadas para deny o –-- (nada).

    Ver imagen.

    En Deny o –-- (no activada). Tienes listas negras en Allow y eso no tiene sentido.

    @bellera:

    Si sigues igual, ve a Proxy filter SquidGuard: Log page: Filter config y copia/pega el contenido de squidGuard.conf

    Posteaste Proxy config, no Filter config.

    Ha ido bien la confusión porque en squid.conf tienes mal la integración de squidGuard. Está con sintaxis squid2.

    https://forum.pfsense.org/index.php?topic=73740.0

    Resuelve eso, que debe ser lo que ocasiona el mal funcionamiento.



  • Bueno siguiendo tus consejos estimado Bellera, persiste el problema

    Posteo lo que tengo:

    # ============================================================
    # SquidGuard configuration file
    # This file generated automaticly with SquidGuard configurator
    # (C)2006 Serg Dvoriancev
    # email: dv_serg@mail.ru
    # ============================================================
    
    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard
    
    # 
    dest blk_BL_adv {
    	domainlist blk_BL_adv/domains
    	urllist blk_BL_adv/urls
    	redirect http://192.168.5.254:80/sgerror.php?url=blank_img&msg=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    	log block.log
    }
    
    # 
    dest blk_BL_aggressive {
    	domainlist blk_BL_aggressive/domains
    	urllist blk_BL_aggressive/urls
    	log block.log
    }
    
    # 
    dest blk_BL_alcohol {
    	domainlist blk_BL_alcohol/domains
    	urllist blk_BL_alcohol/urls
    	log block.log
    }
    
    # 
    dest blk_BL_anonvpn {
    	domainlist blk_BL_anonvpn/domains
    	urllist blk_BL_anonvpn/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_bikes {
    	domainlist blk_BL_automobile_bikes/domains
    	urllist blk_BL_automobile_bikes/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_boats {
    	domainlist blk_BL_automobile_boats/domains
    	urllist blk_BL_automobile_boats/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_cars {
    	domainlist blk_BL_automobile_cars/domains
    	urllist blk_BL_automobile_cars/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_planes {
    	domainlist blk_BL_automobile_planes/domains
    	urllist blk_BL_automobile_planes/urls
    	log block.log
    }
    
    # 
    dest blk_BL_chat {
    	domainlist blk_BL_chat/domains
    	urllist blk_BL_chat/urls
    	log block.log
    }
    
    # 
    dest blk_BL_costtraps {
    	domainlist blk_BL_costtraps/domains
    	urllist blk_BL_costtraps/urls
    	log block.log
    }
    
    # 
    dest blk_BL_dating {
    	domainlist blk_BL_dating/domains
    	urllist blk_BL_dating/urls
    	log block.log
    }
    
    # 
    dest blk_BL_downloads {
    	domainlist blk_BL_downloads/domains
    	urllist blk_BL_downloads/urls
    	log block.log
    }
    
    # 
    dest blk_BL_drugs {
    	domainlist blk_BL_drugs/domains
    	urllist blk_BL_drugs/urls
    	log block.log
    }
    
    # 
    dest blk_BL_dynamic {
    	domainlist blk_BL_dynamic/domains
    	urllist blk_BL_dynamic/urls
    	log block.log
    }
    
    # 
    dest blk_BL_education_schools {
    	domainlist blk_BL_education_schools/domains
    	urllist blk_BL_education_schools/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_banking {
    	domainlist blk_BL_finance_banking/domains
    	urllist blk_BL_finance_banking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_insurance {
    	domainlist blk_BL_finance_insurance/domains
    	urllist blk_BL_finance_insurance/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_moneylending {
    	domainlist blk_BL_finance_moneylending/domains
    	urllist blk_BL_finance_moneylending/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_other {
    	domainlist blk_BL_finance_other/domains
    	urllist blk_BL_finance_other/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_realestate {
    	domainlist blk_BL_finance_realestate/domains
    	urllist blk_BL_finance_realestate/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_trading {
    	domainlist blk_BL_finance_trading/domains
    	urllist blk_BL_finance_trading/urls
    	log block.log
    }
    
    # 
    dest blk_BL_fortunetelling {
    	domainlist blk_BL_fortunetelling/domains
    	urllist blk_BL_fortunetelling/urls
    	log block.log
    }
    
    # 
    dest blk_BL_forum {
    	domainlist blk_BL_forum/domains
    	urllist blk_BL_forum/urls
    	log block.log
    }
    
    # 
    dest blk_BL_gamble {
    	domainlist blk_BL_gamble/domains
    	urllist blk_BL_gamble/urls
    	log block.log
    }
    
    # 
    dest blk_BL_government {
    	domainlist blk_BL_government/domains
    	urllist blk_BL_government/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hacking {
    	domainlist blk_BL_hacking/domains
    	urllist blk_BL_hacking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_cooking {
    	domainlist blk_BL_hobby_cooking/domains
    	urllist blk_BL_hobby_cooking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_games-misc {
    	domainlist blk_BL_hobby_games-misc/domains
    	urllist blk_BL_hobby_games-misc/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_games-online {
    	domainlist blk_BL_hobby_games-online/domains
    	urllist blk_BL_hobby_games-online/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_gardening {
    	domainlist blk_BL_hobby_gardening/domains
    	urllist blk_BL_hobby_gardening/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_pets {
    	domainlist blk_BL_hobby_pets/domains
    	urllist blk_BL_hobby_pets/urls
    	log block.log
    }
    
    # 
    dest blk_BL_homestyle {
    	domainlist blk_BL_homestyle/domains
    	urllist blk_BL_homestyle/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hospitals {
    	domainlist blk_BL_hospitals/domains
    	urllist blk_BL_hospitals/urls
    	log block.log
    }
    
    # 
    dest blk_BL_imagehosting {
    	domainlist blk_BL_imagehosting/domains
    	urllist blk_BL_imagehosting/urls
    	log block.log
    }
    
    # 
    dest blk_BL_isp {
    	domainlist blk_BL_isp/domains
    	urllist blk_BL_isp/urls
    	log block.log
    }
    
    # 
    dest blk_BL_jobsearch {
    	domainlist blk_BL_jobsearch/domains
    	urllist blk_BL_jobsearch/urls
    	log block.log
    }
    
    # 
    dest blk_BL_library {
    	domainlist blk_BL_library/domains
    	urllist blk_BL_library/urls
    	log block.log
    }
    
    # 
    dest blk_BL_military {
    	domainlist blk_BL_military/domains
    	urllist blk_BL_military/urls
    	log block.log
    }
    
    # 
    dest blk_BL_models {
    	domainlist blk_BL_models/domains
    	urllist blk_BL_models/urls
    	log block.log
    }
    
    # 
    dest blk_BL_movies {
    	domainlist blk_BL_movies/domains
    	urllist blk_BL_movies/urls
    	log block.log
    }
    
    # 
    dest blk_BL_music {
    	domainlist blk_BL_music/domains
    	urllist blk_BL_music/urls
    	log block.log
    }
    
    # 
    dest blk_BL_news {
    	domainlist blk_BL_news/domains
    	urllist blk_BL_news/urls
    	log block.log
    }
    
    # 
    dest blk_BL_podcasts {
    	domainlist blk_BL_podcasts/domains
    	urllist blk_BL_podcasts/urls
    	log block.log
    }
    
    # 
    dest blk_BL_politics {
    	domainlist blk_BL_politics/domains
    	urllist blk_BL_politics/urls
    	log block.log
    }
    
    # 
    dest blk_BL_porn {
    	domainlist blk_BL_porn/domains
    	urllist blk_BL_porn/urls
    	log block.log
    }
    
    # 
    dest blk_BL_radiotv {
    	domainlist blk_BL_radiotv/domains
    	urllist blk_BL_radiotv/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_humor {
    	domainlist blk_BL_recreation_humor/domains
    	urllist blk_BL_recreation_humor/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_martialarts {
    	domainlist blk_BL_recreation_martialarts/domains
    	urllist blk_BL_recreation_martialarts/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_restaurants {
    	domainlist blk_BL_recreation_restaurants/domains
    	urllist blk_BL_recreation_restaurants/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_sports {
    	domainlist blk_BL_recreation_sports/domains
    	urllist blk_BL_recreation_sports/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_travel {
    	domainlist blk_BL_recreation_travel/domains
    	urllist blk_BL_recreation_travel/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_wellness {
    	domainlist blk_BL_recreation_wellness/domains
    	urllist blk_BL_recreation_wellness/urls
    	log block.log
    }
    
    # 
    dest blk_BL_redirector {
    	domainlist blk_BL_redirector/domains
    	urllist blk_BL_redirector/urls
    	log block.log
    }
    
    # 
    dest blk_BL_religion {
    	domainlist blk_BL_religion/domains
    	urllist blk_BL_religion/urls
    	log block.log
    }
    
    # 
    dest blk_BL_remotecontrol {
    	domainlist blk_BL_remotecontrol/domains
    	urllist blk_BL_remotecontrol/urls
    	log block.log
    }
    
    # 
    dest blk_BL_ringtones {
    	domainlist blk_BL_ringtones/domains
    	urllist blk_BL_ringtones/urls
    	log block.log
    }
    
    # 
    dest blk_BL_science_astronomy {
    	domainlist blk_BL_science_astronomy/domains
    	urllist blk_BL_science_astronomy/urls
    	log block.log
    }
    
    # 
    dest blk_BL_science_chemistry {
    	domainlist blk_BL_science_chemistry/domains
    	urllist blk_BL_science_chemistry/urls
    	log block.log
    }
    
    # 
    dest blk_BL_searchengines {
    	domainlist blk_BL_searchengines/domains
    	urllist blk_BL_searchengines/urls
    	log block.log
    }
    
    # 
    dest blk_BL_sex_education {
    	domainlist blk_BL_sex_education/domains
    	urllist blk_BL_sex_education/urls
    	log block.log
    }
    
    # 
    dest blk_BL_sex_lingerie {
    	domainlist blk_BL_sex_lingerie/domains
    	urllist blk_BL_sex_lingerie/urls
    	log block.log
    }
    
    # 
    dest blk_BL_shopping {
    	domainlist blk_BL_shopping/domains
    	urllist blk_BL_shopping/urls
    	log block.log
    }
    
    # 
    dest blk_BL_socialnet {
    	domainlist blk_BL_socialnet/domains
    	urllist blk_BL_socialnet/urls
    	log block.log
    }
    
    # 
    dest blk_BL_spyware {
    	domainlist blk_BL_spyware/domains
    	urllist blk_BL_spyware/urls
    	log block.log
    }
    
    # 
    dest blk_BL_tracker {
    	domainlist blk_BL_tracker/domains
    	urllist blk_BL_tracker/urls
    	log block.log
    }
    
    # 
    dest blk_BL_updatesites {
    	domainlist blk_BL_updatesites/domains
    	urllist blk_BL_updatesites/urls
    	log block.log
    }
    
    # 
    dest blk_BL_urlshortener {
    	domainlist blk_BL_urlshortener/domains
    	urllist blk_BL_urlshortener/urls
    	log block.log
    }
    
    # 
    dest blk_BL_violence {
    	domainlist blk_BL_violence/domains
    	urllist blk_BL_violence/urls
    	log block.log
    }
    
    # 
    dest blk_BL_warez {
    	domainlist blk_BL_warez/domains
    	urllist blk_BL_warez/urls
    	log block.log
    }
    
    # 
    dest blk_BL_weapons {
    	domainlist blk_BL_weapons/domains
    	urllist blk_BL_weapons/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webmail {
    	domainlist blk_BL_webmail/domains
    	urllist blk_BL_webmail/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webphone {
    	domainlist blk_BL_webphone/domains
    	urllist blk_BL_webphone/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webradio {
    	domainlist blk_BL_webradio/domains
    	urllist blk_BL_webradio/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webtv {
    	domainlist blk_BL_webtv/domains
    	urllist blk_BL_webtv/urls
    	log block.log
    }
    
    # 
    rew safesearch {
    	s@(google..*/search?.*q=.*)@&safe=active@i
    	s@(google..*/images.*q=.*)@&safe=active@i
    	s@(google..*/groups.*q=.*)@&safe=active@i
    	s@(google..*/news.*q=.*)@&safe=active@i
    	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
    	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
    	s@(search.live..*/.*q=.*)@&adlt=strict@i
    	s@(search.msn..*/.*q=.*)@&adlt=strict@i
    	s@(.bing..*/.*q=.*)@&adlt=strict@i
    	log block.log
    }
    
    # 
    acl  {
    	# 
    	default  {
    		pass !blk_BL_adv !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_chat !blk_BL_costtraps !blk_BL_dating !blk_BL_drugs !blk_BL_dynamic !blk_BL_gamble !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_movies !blk_BL_porn !blk_BL_recreation_martialarts !blk_BL_recreation_wellness !blk_BL_ringtones !blk_BL_sex_lingerie !blk_BL_socialnet !blk_BL_spyware !blk_BL_tracker !blk_BL_violence !blk_BL_warez !blk_BL_weapons !blk_BL_webtv blk_BL_sex_education blk_BL_urlshortener all
    		redirect http://192.168.5.254:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    		rewrite safesearch
    		log block.log
    	}
    }
    
    
    # This file is automatically generated by pfSense
    # Do not edit manually !
    http_port 192.168.5.254:3128
    http_port 127.0.0.1:3128 intercept
    icp_port 7
    dns_v4_first off
    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_default_language es
    icon_directory /usr/pbi/squid-amd64/etc/squid/icons
    visible_hostname pfsense
    cache_mgr admin@arrentrac.local
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    sslcrtd_children 0
    logfile_rotate 7
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src  192.168.5.0/24
    httpd_suppress_version_string on
    uri_whitespace strip
    
    acl dynamic urlpath_regex cgi-bin ?
    cache deny dynamic
    cache_mem 1024 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir aufs /var/squid/cache 8000 16 256
    minimum_object_size 0 KB
    maximum_object_size 4 KB
    offline_mode offcache_swap_low 90
    cache_swap_high 95
    
    # No redirector configured
    
    #Remote proxies
    
    # Setup some default acls
    acl allsrc src all
    acl localhost src 127.0.0.1/32
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
    acl sslports port 443 563  
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    
    # Define protocols used for redirects
    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    
    acl allowed_subnets src 192.168.5.0/24
    acl unrestricted_hosts src '/var/squid/acl/unrestricted_hosts.acl'
    acl blacklist dstdom_regex -i '/var/squid/acl/blacklist.acl'
    http_access allow manager localhost
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    http_access allow localhost
    
    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc
    
    # Reverse Proxy settings
    
    # Package Integration
    url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
    url_rewrite_bypass off
    url_rewrite_children 16 startup=8 idle=4 concurrency=0
    
    # Custom options
    
    # These hosts do not have any restrictions
    http_access allow unrestricted_hosts
    # Block access to blacklist domains
    http_access deny blacklist
    # Setup allowed acls
    # Allow local network(s) on interface(s)
    http_access allow allowed_subnets
    http_access allow localnet
    # Default block all to be sure
    http_access deny allsrc
    
    

    Me llama la atencion, que siguiendo el tutorial para setear correctamente squid3+squidguard no me da el resultado que a ti, me refiero concretamente a la parte los procesos corriendo al momento de terminar (ver pantallazo)

    Y releyendo el tutorial veo la siguiente linea:

    define('REDIRECTOR_PROCESS_COUNT', '[b]16[/b] startup=8 idle=4 concurrency=0');#redirector processes count will started
    

    Y en mi pantalla, veo 16 procesos corriendo, en negritas puse el 16…. esta correto ?]?

    Gracias!

    ![Sin título.png_thumb](/public/imported_attachments/1/Sin título.png_thumb)
    ![Sin título.png](/public/imported_attachments/1/Sin título.png)



  • Y en mi pantalla, veo 16 procesos corriendo, en negritas puse el 16…. esta correto ?

    url_rewrite_children 16 startup=8 idle=4 concurrency=0

    Esto quiere decir que cuando se pone en marcha squid se abren 8 procesos squidGuard. Si hay uso se irá subiendo hasta un máximo de 16. Y si no hay uso se irá bajando hacia un mínimo de 4. Y que squidGuard no admite peticiones concurrentes en un mismo proceso.

    Podría ser que no fuese suficiente. En ese caso aparece en cache.log,

    Consider increasing the number of redirector processes in your config file.
    

    Eso hay que resolverlo tocando el código de integración de nuevo:

    define('REDIRECTOR_PROCESS_COUNT', '32 startup=16 idle=8 concurrency=0');#redirector processes count will started



  • These hosts do not have any restrictions

    http_access allow unrestricted_hosts

    Block access to blacklist domains

    http_access deny blacklist

    Tienes algo puesto en Proxy server: ACLs

    No tiene demasiado sentido tener cosas ahí si empleas squidGuard. Prueba a quitarlo, a ver si se resuelve el problema.



  • pass !blk_BL_adv !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_chat !blk_BL_costtraps !blk_BL_dating !blk_BL_drugs !blk_BL_dynamic !blk_BL_gamble !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_movies !blk_BL_porn !blk_BL_recreation_martialarts !blk_BL_recreation_wellness !blk_BL_ringtones !blk_BL_sex_lingerie !blk_BL_socialnet !blk_BL_spyware !blk_BL_tracker !blk_BL_violence !blk_BL_warez !blk_BL_weapons !blk_BL_webtv blk_BL_sex_education blk_BL_urlshortener all

    Aunque no viene de ahí el problema…

    Insisto en que no tiene sentido tener como whitelist las listas negras blk_BL_sex_education blk_BL_urlshortener

    Fíjate que todas las listas negras tienen ! delante. Eso significa precisamente que lo que está dentro de niega.



  • # ============================================================
    # SquidGuard configuration file
    # This file generated automaticly with SquidGuard configurator
    # (C)2006 Serg Dvoriancev
    # email: dv_serg@mail.ru
    # ============================================================
    
    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard
    
    # 
    dest blk_BL_adv {
    	domainlist blk_BL_adv/domains
    	urllist blk_BL_adv/urls
    	redirect http://192.168.5.254:80/sgerror.php?url=blank_img&msg=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    	log block.log
    }
    
    # 
    dest blk_BL_aggressive {
    	domainlist blk_BL_aggressive/domains
    	urllist blk_BL_aggressive/urls
    	log block.log
    }
    
    # 
    dest blk_BL_alcohol {
    	domainlist blk_BL_alcohol/domains
    	urllist blk_BL_alcohol/urls
    	log block.log
    }
    
    # 
    dest blk_BL_anonvpn {
    	domainlist blk_BL_anonvpn/domains
    	urllist blk_BL_anonvpn/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_bikes {
    	domainlist blk_BL_automobile_bikes/domains
    	urllist blk_BL_automobile_bikes/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_boats {
    	domainlist blk_BL_automobile_boats/domains
    	urllist blk_BL_automobile_boats/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_cars {
    	domainlist blk_BL_automobile_cars/domains
    	urllist blk_BL_automobile_cars/urls
    	log block.log
    }
    
    # 
    dest blk_BL_automobile_planes {
    	domainlist blk_BL_automobile_planes/domains
    	urllist blk_BL_automobile_planes/urls
    	log block.log
    }
    
    # 
    dest blk_BL_chat {
    	domainlist blk_BL_chat/domains
    	urllist blk_BL_chat/urls
    	log block.log
    }
    
    # 
    dest blk_BL_costtraps {
    	domainlist blk_BL_costtraps/domains
    	urllist blk_BL_costtraps/urls
    	log block.log
    }
    
    # 
    dest blk_BL_dating {
    	domainlist blk_BL_dating/domains
    	urllist blk_BL_dating/urls
    	log block.log
    }
    
    # 
    dest blk_BL_downloads {
    	domainlist blk_BL_downloads/domains
    	urllist blk_BL_downloads/urls
    	log block.log
    }
    
    # 
    dest blk_BL_drugs {
    	domainlist blk_BL_drugs/domains
    	urllist blk_BL_drugs/urls
    	log block.log
    }
    
    # 
    dest blk_BL_dynamic {
    	domainlist blk_BL_dynamic/domains
    	urllist blk_BL_dynamic/urls
    	log block.log
    }
    
    # 
    dest blk_BL_education_schools {
    	domainlist blk_BL_education_schools/domains
    	urllist blk_BL_education_schools/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_banking {
    	domainlist blk_BL_finance_banking/domains
    	urllist blk_BL_finance_banking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_insurance {
    	domainlist blk_BL_finance_insurance/domains
    	urllist blk_BL_finance_insurance/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_moneylending {
    	domainlist blk_BL_finance_moneylending/domains
    	urllist blk_BL_finance_moneylending/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_other {
    	domainlist blk_BL_finance_other/domains
    	urllist blk_BL_finance_other/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_realestate {
    	domainlist blk_BL_finance_realestate/domains
    	urllist blk_BL_finance_realestate/urls
    	log block.log
    }
    
    # 
    dest blk_BL_finance_trading {
    	domainlist blk_BL_finance_trading/domains
    	urllist blk_BL_finance_trading/urls
    	log block.log
    }
    
    # 
    dest blk_BL_fortunetelling {
    	domainlist blk_BL_fortunetelling/domains
    	urllist blk_BL_fortunetelling/urls
    	log block.log
    }
    
    # 
    dest blk_BL_forum {
    	domainlist blk_BL_forum/domains
    	urllist blk_BL_forum/urls
    	log block.log
    }
    
    # 
    dest blk_BL_gamble {
    	domainlist blk_BL_gamble/domains
    	urllist blk_BL_gamble/urls
    	log block.log
    }
    
    # 
    dest blk_BL_government {
    	domainlist blk_BL_government/domains
    	urllist blk_BL_government/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hacking {
    	domainlist blk_BL_hacking/domains
    	urllist blk_BL_hacking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_cooking {
    	domainlist blk_BL_hobby_cooking/domains
    	urllist blk_BL_hobby_cooking/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_games-misc {
    	domainlist blk_BL_hobby_games-misc/domains
    	urllist blk_BL_hobby_games-misc/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_games-online {
    	domainlist blk_BL_hobby_games-online/domains
    	urllist blk_BL_hobby_games-online/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_gardening {
    	domainlist blk_BL_hobby_gardening/domains
    	urllist blk_BL_hobby_gardening/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hobby_pets {
    	domainlist blk_BL_hobby_pets/domains
    	urllist blk_BL_hobby_pets/urls
    	log block.log
    }
    
    # 
    dest blk_BL_homestyle {
    	domainlist blk_BL_homestyle/domains
    	urllist blk_BL_homestyle/urls
    	log block.log
    }
    
    # 
    dest blk_BL_hospitals {
    	domainlist blk_BL_hospitals/domains
    	urllist blk_BL_hospitals/urls
    	log block.log
    }
    
    # 
    dest blk_BL_imagehosting {
    	domainlist blk_BL_imagehosting/domains
    	urllist blk_BL_imagehosting/urls
    	log block.log
    }
    
    # 
    dest blk_BL_isp {
    	domainlist blk_BL_isp/domains
    	urllist blk_BL_isp/urls
    	log block.log
    }
    
    # 
    dest blk_BL_jobsearch {
    	domainlist blk_BL_jobsearch/domains
    	urllist blk_BL_jobsearch/urls
    	log block.log
    }
    
    # 
    dest blk_BL_library {
    	domainlist blk_BL_library/domains
    	urllist blk_BL_library/urls
    	log block.log
    }
    
    # 
    dest blk_BL_military {
    	domainlist blk_BL_military/domains
    	urllist blk_BL_military/urls
    	log block.log
    }
    
    # 
    dest blk_BL_models {
    	domainlist blk_BL_models/domains
    	urllist blk_BL_models/urls
    	log block.log
    }
    
    # 
    dest blk_BL_movies {
    	domainlist blk_BL_movies/domains
    	urllist blk_BL_movies/urls
    	log block.log
    }
    
    # 
    dest blk_BL_music {
    	domainlist blk_BL_music/domains
    	urllist blk_BL_music/urls
    	log block.log
    }
    
    # 
    dest blk_BL_news {
    	domainlist blk_BL_news/domains
    	urllist blk_BL_news/urls
    	log block.log
    }
    
    # 
    dest blk_BL_podcasts {
    	domainlist blk_BL_podcasts/domains
    	urllist blk_BL_podcasts/urls
    	log block.log
    }
    
    # 
    dest blk_BL_politics {
    	domainlist blk_BL_politics/domains
    	urllist blk_BL_politics/urls
    	log block.log
    }
    
    # 
    dest blk_BL_porn {
    	domainlist blk_BL_porn/domains
    	urllist blk_BL_porn/urls
    	log block.log
    }
    
    # 
    dest blk_BL_radiotv {
    	domainlist blk_BL_radiotv/domains
    	urllist blk_BL_radiotv/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_humor {
    	domainlist blk_BL_recreation_humor/domains
    	urllist blk_BL_recreation_humor/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_martialarts {
    	domainlist blk_BL_recreation_martialarts/domains
    	urllist blk_BL_recreation_martialarts/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_restaurants {
    	domainlist blk_BL_recreation_restaurants/domains
    	urllist blk_BL_recreation_restaurants/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_sports {
    	domainlist blk_BL_recreation_sports/domains
    	urllist blk_BL_recreation_sports/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_travel {
    	domainlist blk_BL_recreation_travel/domains
    	urllist blk_BL_recreation_travel/urls
    	log block.log
    }
    
    # 
    dest blk_BL_recreation_wellness {
    	domainlist blk_BL_recreation_wellness/domains
    	urllist blk_BL_recreation_wellness/urls
    	log block.log
    }
    
    # 
    dest blk_BL_redirector {
    	domainlist blk_BL_redirector/domains
    	urllist blk_BL_redirector/urls
    	log block.log
    }
    
    # 
    dest blk_BL_religion {
    	domainlist blk_BL_religion/domains
    	urllist blk_BL_religion/urls
    	log block.log
    }
    
    # 
    dest blk_BL_remotecontrol {
    	domainlist blk_BL_remotecontrol/domains
    	urllist blk_BL_remotecontrol/urls
    	log block.log
    }
    
    # 
    dest blk_BL_ringtones {
    	domainlist blk_BL_ringtones/domains
    	urllist blk_BL_ringtones/urls
    	log block.log
    }
    
    # 
    dest blk_BL_science_astronomy {
    	domainlist blk_BL_science_astronomy/domains
    	urllist blk_BL_science_astronomy/urls
    	log block.log
    }
    
    # 
    dest blk_BL_science_chemistry {
    	domainlist blk_BL_science_chemistry/domains
    	urllist blk_BL_science_chemistry/urls
    	log block.log
    }
    
    # 
    dest blk_BL_searchengines {
    	domainlist blk_BL_searchengines/domains
    	urllist blk_BL_searchengines/urls
    	log block.log
    }
    
    # 
    dest blk_BL_sex_education {
    	domainlist blk_BL_sex_education/domains
    	urllist blk_BL_sex_education/urls
    	log block.log
    }
    
    # 
    dest blk_BL_sex_lingerie {
    	domainlist blk_BL_sex_lingerie/domains
    	urllist blk_BL_sex_lingerie/urls
    	log block.log
    }
    
    # 
    dest blk_BL_shopping {
    	domainlist blk_BL_shopping/domains
    	urllist blk_BL_shopping/urls
    	log block.log
    }
    
    # 
    dest blk_BL_socialnet {
    	domainlist blk_BL_socialnet/domains
    	urllist blk_BL_socialnet/urls
    	log block.log
    }
    
    # 
    dest blk_BL_spyware {
    	domainlist blk_BL_spyware/domains
    	urllist blk_BL_spyware/urls
    	log block.log
    }
    
    # 
    dest blk_BL_tracker {
    	domainlist blk_BL_tracker/domains
    	urllist blk_BL_tracker/urls
    	log block.log
    }
    
    # 
    dest blk_BL_updatesites {
    	domainlist blk_BL_updatesites/domains
    	urllist blk_BL_updatesites/urls
    	log block.log
    }
    
    # 
    dest blk_BL_urlshortener {
    	domainlist blk_BL_urlshortener/domains
    	urllist blk_BL_urlshortener/urls
    	log block.log
    }
    
    # 
    dest blk_BL_violence {
    	domainlist blk_BL_violence/domains
    	urllist blk_BL_violence/urls
    	log block.log
    }
    
    # 
    dest blk_BL_warez {
    	domainlist blk_BL_warez/domains
    	urllist blk_BL_warez/urls
    	log block.log
    }
    
    # 
    dest blk_BL_weapons {
    	domainlist blk_BL_weapons/domains
    	urllist blk_BL_weapons/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webmail {
    	domainlist blk_BL_webmail/domains
    	urllist blk_BL_webmail/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webphone {
    	domainlist blk_BL_webphone/domains
    	urllist blk_BL_webphone/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webradio {
    	domainlist blk_BL_webradio/domains
    	urllist blk_BL_webradio/urls
    	log block.log
    }
    
    # 
    dest blk_BL_webtv {
    	domainlist blk_BL_webtv/domains
    	urllist blk_BL_webtv/urls
    	log block.log
    }
    
    # 
    rew safesearch {
    	s@(google..*/search?.*q=.*)@&safe=active@i
    	s@(google..*/images.*q=.*)@&safe=active@i
    	s@(google..*/groups.*q=.*)@&safe=active@i
    	s@(google..*/news.*q=.*)@&safe=active@i
    	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
    	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
    	s@(search.live..*/.*q=.*)@&adlt=strict@i
    	s@(search.msn..*/.*q=.*)@&adlt=strict@i
    	s@(.bing..*/.*q=.*)@&adlt=strict@i
    	log block.log
    }
    
    # 
    acl  {
    	# 
    	default  {
    		pass all
    		redirect http://192.168.5.254:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    		rewrite safesearch
    		log block.log
    	}
    }
    

    Asi esta ahora,

    Sigue el bloqueo.



  • @bellera:

    These hosts do not have any restrictions

    http_access allow unrestricted_hosts

    Block access to blacklist domains

    http_access deny blacklist

    Tienes algo puesto en Proxy server: ACLs

    No tiene demasiado sentido tener cosas ahí si empleas squidGuard. Prueba a quitarlo, a ver si se resuelve el problema.



  • # This file is automatically generated by pfSense
    # Do not edit manually !
    http_port 192.168.5.254:3128
    http_port 127.0.0.1:3128 intercept
    icp_port 7
    dns_v4_first off
    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_default_language es
    icon_directory /usr/pbi/squid-amd64/etc/squid/icons
    visible_hostname pfsense
    cache_mgr admin@arrentrac.local
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    sslcrtd_children 0
    logfile_rotate 7
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src  192.168.5.0/24
    httpd_suppress_version_string on
    uri_whitespace strip
    
    acl dynamic urlpath_regex cgi-bin ?
    cache deny dynamic
    cache_mem 1024 MB
    maximum_object_size_in_memory 32 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir aufs /var/squid/cache 8000 16 256
    minimum_object_size 0 KB
    maximum_object_size 4 KB
    offline_mode offcache_swap_low 90
    cache_swap_high 95
    
    # No redirector configured
    
    #Remote proxies
    
    # Setup some default acls
    acl allsrc src all
    acl localhost src 127.0.0.1/32
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
    acl sslports port 443 563  
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    
    # Define protocols used for redirects
    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    
    http_access allow manager localhost
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    http_access allow localhost
    
    request_body_max_size 0 KB
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow allsrc
    
    # Reverse Proxy settings
    
    # Package Integration
    url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
    url_rewrite_bypass off
    url_rewrite_children 16 startup=8 idle=4 concurrency=0
    
    # Custom options
    
    # Setup allowed acls
    # Allow local network(s) on interface(s)
    http_access allow localnet
    # Default block all to be sure
    http_access deny allsrc
    
    


  • Borre el cache de mi navegador y ya puedo entrar a la pagina bloqueada.



  • ¡Eureka!



  • Mil gracias, por todo Bellera.


Log in to reply