Squid + squidguard No respeta cambios.
-
Que tal a todos,
Tengo problemas con squid +squidguard, si recuerdan hace poco lo implemente en la empresa en la que trabajo.
Esta configurado transparente, pero cuando bloqueo una pagina, por ejemplo mercadolibre.. y despues la quiero desbloquear, squid no respeta los cambios a la blacklist que hago.
Intente deteniendo el servicio, y reiniciandolo. Nada.
Reiniciando el servicio. Nada
Reiniciando el firewall. Nada.Se tiene que hacer algo distinto para que respete los cambios hechos ?
-
Eso se discutió hace tiempo. Hay un comentario en el configurador de squidGuard que dice que hay que hacer Save y después reiniciar.
-
Doy click en save..
De hecho la lista la muestra con los nuevos valores, pero cuando intentas entrar a la pagina desde los clientes sigue mandando la pantalla de bloqueo.
Ya limpie cache del cliente tambien. y Nada.
-
Parece que los cambios no son inmediatos….
Tarda unos minutos en realizarlos.
Ya funciona.
Gracias Bellera!
-
¡Me alegro!
Llego tarde, pero ahí está la explicación que no encontraba… pero recordaba...
https://forum.pfsense.org/index.php?topic=56560.msg305579#msg305579
Si tienes listas muy largas, efectivamente, el proceso dura minutos.
En un proxy bastante grande que manejo fuera de pfSense hago los cambios durante el día y una tarea programada hace el resto por la noche.
Así no mareo la instalación durante las horas de trabajo…
-
Que tal revivo este post,
Sigue presentando la misma falla…. despues de hacer cambios, guardar y reiniciar servicios el bloque persiste.
_Request denied by pfSense proxy: 403 Forbidden
Reason:
Client address: ********
Client name: ******.local
Client group: default
Target group: in-addr
URL: http://*******2/cfd/web/ticketNumber.aspx_En terminos generales, que se hace en estos casos ?
Recuerdo hace algunos años haber trabajado para una empresa que utilizaba squid y en funcionamientos "raros" del proxy desistalaban y reinstalaban (borraban cache) todo,
En pfsense no se si sea una buena opcion.
Y no tengo idea como hacerlo…Se borra todo el paquete ? y se instala de nuevo ?
-
in-addr
Tienes denegado el acceso por IP en squidGuard.
Proxy filter SquidGuard: Common Access Control List (ACL): Do not allow IP-Addresses in URL
una empresa que utilizaba squid y en funcionamientos "raros" del proxy desistalaban y reinstalaban (borraban cache) todo
Afortunadamente, nunca he tenido problemas de ese tipo con FreeBSD + squid + squidGuard.
Sigue presentando la misma falla…. despues de hacer cambios, guardar y reiniciar servicios el bloque persiste.
Por favor, postea versión de pfSense y de cada uno de los paquetes (squid y squidGuard). A ver si te podemos orientar de cómo auditar tu instalación.
-
Adjunto pantallazos de los solicitado,
Gracias de antemano.
![Sin títulow.png](/public/imported_attachments/1/Sin títulow.png)
![Sin títulow.png_thumb](/public/imported_attachments/1/Sin títulow.png_thumb) -
Veo que tienes listas negras como whilelist
Esas listas están pensadas para deny o –-- (nada).
Ver imagen.
Modifica eso, haz [Save] para guardar los cambios y [Apply] para cerrar/reabrir los procesos de squidGuard.
Si sigues igual, ve a Proxy filter SquidGuard: Log page: Filter config y copia/pega el contenido de squidGuard.conf
Márcalo comopara que lo podamos ver mejor.
![Captura de 2014-04-05 21:07:15.png](/public/imported_attachments/1/Captura de 2014-04-05 21:07:15.png)
![Captura de 2014-04-05 21:07:15.png_thumb](/public/imported_attachments/1/Captura de 2014-04-05 21:07:15.png_thumb) -
Estaba pensando que supongo que tu lista termina con Default access [all] allow
Ver imagen
![Captura de 2014-04-05 21:18:04.png_thumb](/public/imported_attachments/1/Captura de 2014-04-05 21:18:04.png_thumb)
![Captura de 2014-04-05 21:18:04.png](/public/imported_attachments/1/Captura de 2014-04-05 21:18:04.png) -
Así es Bellera,
La lista termina con Default access [all] allow
Por otro lado, no entendí tu recomendación de los deny / –--
Todo tiene q estar seteado como "deny" ? todas las opciones de la lista ?
de cualquier manera pego mi configuración:
# This file is automatically generated by pfSense # Do not edit manually ! http_port 192.168.5.254:3128 http_port 127.0.0.1:3128 intercept icp_port 7 dns_v4_first off pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language es icon_directory /usr/pbi/squid-amd64/etc/squid/icons visible_hostname pfsense cache_mgr admin@al access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none sslcrtd_children 0 logfile_rotate 7 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.5.0/24 httpd_suppress_version_string on uri_whitespace strip acl dynamic urlpath_regex cgi-bin ? cache deny dynamic cache_mem 1024 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /var/squid/cache 8000 16 256 minimum_object_size 0 KB maximum_object_size 4 KB offline_mode offcache_swap_low 90 cache_swap_high 95 # No redirector configured #Remote proxies # Setup some default acls acl allsrc src all acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS acl allowed_subnets src 192.168.5.0/24 acl unrestricted_hosts src '/var/squid/acl/unrestricted_hosts.acl' acl blacklist dstdom_regex -i '/var/squid/acl/blacklist.acl' http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings # Package Integration redirect_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf redirector_bypass off url_rewrite_children 5 # Custom options # These hosts do not have any restrictions http_access allow unrestricted_hosts # Block access to blacklist domains http_access deny blacklist # Setup allowed acls # Allow local network(s) on interface(s) http_access allow allowed_subnets http_access allow localnet # Default block all to be sure http_access deny allsrc
-
Veo que tienes listas negras como whitelist
Esas listas están pensadas para deny o –-- (nada).
Ver imagen.
En Deny o –-- (no activada). Tienes listas negras en Allow y eso no tiene sentido.
Si sigues igual, ve a Proxy filter SquidGuard: Log page: Filter config y copia/pega el contenido de squidGuard.conf
Posteaste Proxy config, no Filter config.
Ha ido bien la confusión porque en squid.conf tienes mal la integración de squidGuard. Está con sintaxis squid2.
https://forum.pfsense.org/index.php?topic=73740.0
Resuelve eso, que debe ser lo que ocasiona el mal funcionamiento.
-
Bueno siguiendo tus consejos estimado Bellera, persiste el problema
Posteo lo que tengo:
# ============================================================ # SquidGuard configuration file # This file generated automaticly with SquidGuard configurator # (C)2006 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ logdir /var/squidGuard/log dbhome /var/db/squidGuard # dest blk_BL_adv { domainlist blk_BL_adv/domains urllist blk_BL_adv/urls redirect http://192.168.5.254:80/sgerror.php?url=blank_img&msg=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } # dest blk_BL_aggressive { domainlist blk_BL_aggressive/domains urllist blk_BL_aggressive/urls log block.log } # dest blk_BL_alcohol { domainlist blk_BL_alcohol/domains urllist blk_BL_alcohol/urls log block.log } # dest blk_BL_anonvpn { domainlist blk_BL_anonvpn/domains urllist blk_BL_anonvpn/urls log block.log } # dest blk_BL_automobile_bikes { domainlist blk_BL_automobile_bikes/domains urllist blk_BL_automobile_bikes/urls log block.log } # dest blk_BL_automobile_boats { domainlist blk_BL_automobile_boats/domains urllist blk_BL_automobile_boats/urls log block.log } # dest blk_BL_automobile_cars { domainlist blk_BL_automobile_cars/domains urllist blk_BL_automobile_cars/urls log block.log } # dest blk_BL_automobile_planes { domainlist blk_BL_automobile_planes/domains urllist blk_BL_automobile_planes/urls log block.log } # dest blk_BL_chat { domainlist blk_BL_chat/domains urllist blk_BL_chat/urls log block.log } # dest blk_BL_costtraps { domainlist blk_BL_costtraps/domains urllist blk_BL_costtraps/urls log block.log } # dest blk_BL_dating { domainlist blk_BL_dating/domains urllist blk_BL_dating/urls log block.log } # dest blk_BL_downloads { domainlist blk_BL_downloads/domains urllist blk_BL_downloads/urls log block.log } # dest blk_BL_drugs { domainlist blk_BL_drugs/domains urllist blk_BL_drugs/urls log block.log } # dest blk_BL_dynamic { domainlist blk_BL_dynamic/domains urllist blk_BL_dynamic/urls log block.log } # dest blk_BL_education_schools { domainlist blk_BL_education_schools/domains urllist blk_BL_education_schools/urls log block.log } # dest blk_BL_finance_banking { domainlist blk_BL_finance_banking/domains urllist blk_BL_finance_banking/urls log block.log } # dest blk_BL_finance_insurance { domainlist blk_BL_finance_insurance/domains urllist blk_BL_finance_insurance/urls log block.log } # dest blk_BL_finance_moneylending { domainlist blk_BL_finance_moneylending/domains urllist blk_BL_finance_moneylending/urls log block.log } # dest blk_BL_finance_other { domainlist blk_BL_finance_other/domains urllist blk_BL_finance_other/urls log block.log } # dest blk_BL_finance_realestate { domainlist blk_BL_finance_realestate/domains urllist blk_BL_finance_realestate/urls log block.log } # dest blk_BL_finance_trading { domainlist blk_BL_finance_trading/domains urllist blk_BL_finance_trading/urls log block.log } # dest blk_BL_fortunetelling { domainlist blk_BL_fortunetelling/domains urllist blk_BL_fortunetelling/urls log block.log } # dest blk_BL_forum { domainlist blk_BL_forum/domains urllist blk_BL_forum/urls log block.log } # dest blk_BL_gamble { domainlist blk_BL_gamble/domains urllist blk_BL_gamble/urls log block.log } # dest blk_BL_government { domainlist blk_BL_government/domains urllist blk_BL_government/urls log block.log } # dest blk_BL_hacking { domainlist blk_BL_hacking/domains urllist blk_BL_hacking/urls log block.log } # dest blk_BL_hobby_cooking { domainlist blk_BL_hobby_cooking/domains urllist blk_BL_hobby_cooking/urls log block.log } # dest blk_BL_hobby_games-misc { domainlist blk_BL_hobby_games-misc/domains urllist blk_BL_hobby_games-misc/urls log block.log } # dest blk_BL_hobby_games-online { domainlist blk_BL_hobby_games-online/domains urllist blk_BL_hobby_games-online/urls log block.log } # dest blk_BL_hobby_gardening { domainlist blk_BL_hobby_gardening/domains urllist blk_BL_hobby_gardening/urls log block.log } # dest blk_BL_hobby_pets { domainlist blk_BL_hobby_pets/domains urllist blk_BL_hobby_pets/urls log block.log } # dest blk_BL_homestyle { domainlist blk_BL_homestyle/domains urllist blk_BL_homestyle/urls log block.log } # dest blk_BL_hospitals { domainlist blk_BL_hospitals/domains urllist blk_BL_hospitals/urls log block.log } # dest blk_BL_imagehosting { domainlist blk_BL_imagehosting/domains urllist blk_BL_imagehosting/urls log block.log } # dest blk_BL_isp { domainlist blk_BL_isp/domains urllist blk_BL_isp/urls log block.log } # dest blk_BL_jobsearch { domainlist blk_BL_jobsearch/domains urllist blk_BL_jobsearch/urls log block.log } # dest blk_BL_library { domainlist blk_BL_library/domains urllist blk_BL_library/urls log block.log } # dest blk_BL_military { domainlist blk_BL_military/domains urllist blk_BL_military/urls log block.log } # dest blk_BL_models { domainlist blk_BL_models/domains urllist blk_BL_models/urls log block.log } # dest blk_BL_movies { domainlist blk_BL_movies/domains urllist blk_BL_movies/urls log block.log } # dest blk_BL_music { domainlist blk_BL_music/domains urllist blk_BL_music/urls log block.log } # dest blk_BL_news { domainlist blk_BL_news/domains urllist blk_BL_news/urls log block.log } # dest blk_BL_podcasts { domainlist blk_BL_podcasts/domains urllist blk_BL_podcasts/urls log block.log } # dest blk_BL_politics { domainlist blk_BL_politics/domains urllist blk_BL_politics/urls log block.log } # dest blk_BL_porn { domainlist blk_BL_porn/domains urllist blk_BL_porn/urls log block.log } # dest blk_BL_radiotv { domainlist blk_BL_radiotv/domains urllist blk_BL_radiotv/urls log block.log } # dest blk_BL_recreation_humor { domainlist blk_BL_recreation_humor/domains urllist blk_BL_recreation_humor/urls log block.log } # dest blk_BL_recreation_martialarts { domainlist blk_BL_recreation_martialarts/domains urllist blk_BL_recreation_martialarts/urls log block.log } # dest blk_BL_recreation_restaurants { domainlist blk_BL_recreation_restaurants/domains urllist blk_BL_recreation_restaurants/urls log block.log } # dest blk_BL_recreation_sports { domainlist blk_BL_recreation_sports/domains urllist blk_BL_recreation_sports/urls log block.log } # dest blk_BL_recreation_travel { domainlist blk_BL_recreation_travel/domains urllist blk_BL_recreation_travel/urls log block.log } # dest blk_BL_recreation_wellness { domainlist blk_BL_recreation_wellness/domains urllist blk_BL_recreation_wellness/urls log block.log } # dest blk_BL_redirector { domainlist blk_BL_redirector/domains urllist blk_BL_redirector/urls log block.log } # dest blk_BL_religion { domainlist blk_BL_religion/domains urllist blk_BL_religion/urls log block.log } # dest blk_BL_remotecontrol { domainlist blk_BL_remotecontrol/domains urllist blk_BL_remotecontrol/urls log block.log } # dest blk_BL_ringtones { domainlist blk_BL_ringtones/domains urllist blk_BL_ringtones/urls log block.log } # dest blk_BL_science_astronomy { domainlist blk_BL_science_astronomy/domains urllist blk_BL_science_astronomy/urls log block.log } # dest blk_BL_science_chemistry { domainlist blk_BL_science_chemistry/domains urllist blk_BL_science_chemistry/urls log block.log } # dest blk_BL_searchengines { domainlist blk_BL_searchengines/domains urllist blk_BL_searchengines/urls log block.log } # dest blk_BL_sex_education { domainlist blk_BL_sex_education/domains urllist blk_BL_sex_education/urls log block.log } # dest blk_BL_sex_lingerie { domainlist blk_BL_sex_lingerie/domains urllist blk_BL_sex_lingerie/urls log block.log } # dest blk_BL_shopping { domainlist blk_BL_shopping/domains urllist blk_BL_shopping/urls log block.log } # dest blk_BL_socialnet { domainlist blk_BL_socialnet/domains urllist blk_BL_socialnet/urls log block.log } # dest blk_BL_spyware { domainlist blk_BL_spyware/domains urllist blk_BL_spyware/urls log block.log } # dest blk_BL_tracker { domainlist blk_BL_tracker/domains urllist blk_BL_tracker/urls log block.log } # dest blk_BL_updatesites { domainlist blk_BL_updatesites/domains urllist blk_BL_updatesites/urls log block.log } # dest blk_BL_urlshortener { domainlist blk_BL_urlshortener/domains urllist blk_BL_urlshortener/urls log block.log } # dest blk_BL_violence { domainlist blk_BL_violence/domains urllist blk_BL_violence/urls log block.log } # dest blk_BL_warez { domainlist blk_BL_warez/domains urllist blk_BL_warez/urls log block.log } # dest blk_BL_weapons { domainlist blk_BL_weapons/domains urllist blk_BL_weapons/urls log block.log } # dest blk_BL_webmail { domainlist blk_BL_webmail/domains urllist blk_BL_webmail/urls log block.log } # dest blk_BL_webphone { domainlist blk_BL_webphone/domains urllist blk_BL_webphone/urls log block.log } # dest blk_BL_webradio { domainlist blk_BL_webradio/domains urllist blk_BL_webradio/urls log block.log } # dest blk_BL_webtv { domainlist blk_BL_webtv/domains urllist blk_BL_webtv/urls log block.log } # rew safesearch { s@(google..*/search?.*q=.*)@&safe=active@i s@(google..*/images.*q=.*)@&safe=active@i s@(google..*/groups.*q=.*)@&safe=active@i s@(google..*/news.*q=.*)@&safe=active@i s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i s@(search.live..*/.*q=.*)@&adlt=strict@i s@(search.msn..*/.*q=.*)@&adlt=strict@i s@(.bing..*/.*q=.*)@&adlt=strict@i log block.log } # acl { # default { pass !blk_BL_adv !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_chat !blk_BL_costtraps !blk_BL_dating !blk_BL_drugs !blk_BL_dynamic !blk_BL_gamble !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_movies !blk_BL_porn !blk_BL_recreation_martialarts !blk_BL_recreation_wellness !blk_BL_ringtones !blk_BL_sex_lingerie !blk_BL_socialnet !blk_BL_spyware !blk_BL_tracker !blk_BL_violence !blk_BL_warez !blk_BL_weapons !blk_BL_webtv blk_BL_sex_education blk_BL_urlshortener all redirect http://192.168.5.254:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u rewrite safesearch log block.log } }
# This file is automatically generated by pfSense # Do not edit manually ! http_port 192.168.5.254:3128 http_port 127.0.0.1:3128 intercept icp_port 7 dns_v4_first off pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language es icon_directory /usr/pbi/squid-amd64/etc/squid/icons visible_hostname pfsense cache_mgr admin@arrentrac.local access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none sslcrtd_children 0 logfile_rotate 7 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.5.0/24 httpd_suppress_version_string on uri_whitespace strip acl dynamic urlpath_regex cgi-bin ? cache deny dynamic cache_mem 1024 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /var/squid/cache 8000 16 256 minimum_object_size 0 KB maximum_object_size 4 KB offline_mode offcache_swap_low 90 cache_swap_high 95 # No redirector configured #Remote proxies # Setup some default acls acl allsrc src all acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS acl allowed_subnets src 192.168.5.0/24 acl unrestricted_hosts src '/var/squid/acl/unrestricted_hosts.acl' acl blacklist dstdom_regex -i '/var/squid/acl/blacklist.acl' http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings # Package Integration url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf url_rewrite_bypass off url_rewrite_children 16 startup=8 idle=4 concurrency=0 # Custom options # These hosts do not have any restrictions http_access allow unrestricted_hosts # Block access to blacklist domains http_access deny blacklist # Setup allowed acls # Allow local network(s) on interface(s) http_access allow allowed_subnets http_access allow localnet # Default block all to be sure http_access deny allsrc
Me llama la atencion, que siguiendo el tutorial para setear correctamente squid3+squidguard no me da el resultado que a ti, me refiero concretamente a la parte los procesos corriendo al momento de terminar (ver pantallazo)
Y releyendo el tutorial veo la siguiente linea:
define('REDIRECTOR_PROCESS_COUNT', '[b]16[/b] startup=8 idle=4 concurrency=0');#redirector processes count will started
Y en mi pantalla, veo 16 procesos corriendo, en negritas puse el 16…. esta correto ?]?
Gracias!
![Sin título.png_thumb](/public/imported_attachments/1/Sin título.png_thumb)
![Sin título.png](/public/imported_attachments/1/Sin título.png) -
Y en mi pantalla, veo 16 procesos corriendo, en negritas puse el 16…. esta correto ?
url_rewrite_children 16 startup=8 idle=4 concurrency=0
Esto quiere decir que cuando se pone en marcha squid se abren 8 procesos squidGuard. Si hay uso se irá subiendo hasta un máximo de 16. Y si no hay uso se irá bajando hacia un mínimo de 4. Y que squidGuard no admite peticiones concurrentes en un mismo proceso.
Podría ser que no fuese suficiente. En ese caso aparece en cache.log,
Consider increasing the number of redirector processes in your config file.
Eso hay que resolverlo tocando el código de integración de nuevo:
define('REDIRECTOR_PROCESS_COUNT', '32 startup=16 idle=8 concurrency=0');#redirector processes count will started
-
-
pass !blk_BL_adv !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_chat !blk_BL_costtraps !blk_BL_dating !blk_BL_drugs !blk_BL_dynamic !blk_BL_gamble !blk_BL_hacking !blk_BL_hobby_games-misc !blk_BL_hobby_games-online !blk_BL_movies !blk_BL_porn !blk_BL_recreation_martialarts !blk_BL_recreation_wellness !blk_BL_ringtones !blk_BL_sex_lingerie !blk_BL_socialnet !blk_BL_spyware !blk_BL_tracker !blk_BL_violence !blk_BL_warez !blk_BL_weapons !blk_BL_webtv blk_BL_sex_education blk_BL_urlshortener all
Aunque no viene de ahí el problema…
Insisto en que no tiene sentido tener como whitelist las listas negras blk_BL_sex_education blk_BL_urlshortener
Fíjate que todas las listas negras tienen ! delante. Eso significa precisamente que lo que está dentro de niega.
-
# ============================================================ # SquidGuard configuration file # This file generated automaticly with SquidGuard configurator # (C)2006 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ logdir /var/squidGuard/log dbhome /var/db/squidGuard # dest blk_BL_adv { domainlist blk_BL_adv/domains urllist blk_BL_adv/urls redirect http://192.168.5.254:80/sgerror.php?url=blank_img&msg=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } # dest blk_BL_aggressive { domainlist blk_BL_aggressive/domains urllist blk_BL_aggressive/urls log block.log } # dest blk_BL_alcohol { domainlist blk_BL_alcohol/domains urllist blk_BL_alcohol/urls log block.log } # dest blk_BL_anonvpn { domainlist blk_BL_anonvpn/domains urllist blk_BL_anonvpn/urls log block.log } # dest blk_BL_automobile_bikes { domainlist blk_BL_automobile_bikes/domains urllist blk_BL_automobile_bikes/urls log block.log } # dest blk_BL_automobile_boats { domainlist blk_BL_automobile_boats/domains urllist blk_BL_automobile_boats/urls log block.log } # dest blk_BL_automobile_cars { domainlist blk_BL_automobile_cars/domains urllist blk_BL_automobile_cars/urls log block.log } # dest blk_BL_automobile_planes { domainlist blk_BL_automobile_planes/domains urllist blk_BL_automobile_planes/urls log block.log } # dest blk_BL_chat { domainlist blk_BL_chat/domains urllist blk_BL_chat/urls log block.log } # dest blk_BL_costtraps { domainlist blk_BL_costtraps/domains urllist blk_BL_costtraps/urls log block.log } # dest blk_BL_dating { domainlist blk_BL_dating/domains urllist blk_BL_dating/urls log block.log } # dest blk_BL_downloads { domainlist blk_BL_downloads/domains urllist blk_BL_downloads/urls log block.log } # dest blk_BL_drugs { domainlist blk_BL_drugs/domains urllist blk_BL_drugs/urls log block.log } # dest blk_BL_dynamic { domainlist blk_BL_dynamic/domains urllist blk_BL_dynamic/urls log block.log } # dest blk_BL_education_schools { domainlist blk_BL_education_schools/domains urllist blk_BL_education_schools/urls log block.log } # dest blk_BL_finance_banking { domainlist blk_BL_finance_banking/domains urllist blk_BL_finance_banking/urls log block.log } # dest blk_BL_finance_insurance { domainlist blk_BL_finance_insurance/domains urllist blk_BL_finance_insurance/urls log block.log } # dest blk_BL_finance_moneylending { domainlist blk_BL_finance_moneylending/domains urllist blk_BL_finance_moneylending/urls log block.log } # dest blk_BL_finance_other { domainlist blk_BL_finance_other/domains urllist blk_BL_finance_other/urls log block.log } # dest blk_BL_finance_realestate { domainlist blk_BL_finance_realestate/domains urllist blk_BL_finance_realestate/urls log block.log } # dest blk_BL_finance_trading { domainlist blk_BL_finance_trading/domains urllist blk_BL_finance_trading/urls log block.log } # dest blk_BL_fortunetelling { domainlist blk_BL_fortunetelling/domains urllist blk_BL_fortunetelling/urls log block.log } # dest blk_BL_forum { domainlist blk_BL_forum/domains urllist blk_BL_forum/urls log block.log } # dest blk_BL_gamble { domainlist blk_BL_gamble/domains urllist blk_BL_gamble/urls log block.log } # dest blk_BL_government { domainlist blk_BL_government/domains urllist blk_BL_government/urls log block.log } # dest blk_BL_hacking { domainlist blk_BL_hacking/domains urllist blk_BL_hacking/urls log block.log } # dest blk_BL_hobby_cooking { domainlist blk_BL_hobby_cooking/domains urllist blk_BL_hobby_cooking/urls log block.log } # dest blk_BL_hobby_games-misc { domainlist blk_BL_hobby_games-misc/domains urllist blk_BL_hobby_games-misc/urls log block.log } # dest blk_BL_hobby_games-online { domainlist blk_BL_hobby_games-online/domains urllist blk_BL_hobby_games-online/urls log block.log } # dest blk_BL_hobby_gardening { domainlist blk_BL_hobby_gardening/domains urllist blk_BL_hobby_gardening/urls log block.log } # dest blk_BL_hobby_pets { domainlist blk_BL_hobby_pets/domains urllist blk_BL_hobby_pets/urls log block.log } # dest blk_BL_homestyle { domainlist blk_BL_homestyle/domains urllist blk_BL_homestyle/urls log block.log } # dest blk_BL_hospitals { domainlist blk_BL_hospitals/domains urllist blk_BL_hospitals/urls log block.log } # dest blk_BL_imagehosting { domainlist blk_BL_imagehosting/domains urllist blk_BL_imagehosting/urls log block.log } # dest blk_BL_isp { domainlist blk_BL_isp/domains urllist blk_BL_isp/urls log block.log } # dest blk_BL_jobsearch { domainlist blk_BL_jobsearch/domains urllist blk_BL_jobsearch/urls log block.log } # dest blk_BL_library { domainlist blk_BL_library/domains urllist blk_BL_library/urls log block.log } # dest blk_BL_military { domainlist blk_BL_military/domains urllist blk_BL_military/urls log block.log } # dest blk_BL_models { domainlist blk_BL_models/domains urllist blk_BL_models/urls log block.log } # dest blk_BL_movies { domainlist blk_BL_movies/domains urllist blk_BL_movies/urls log block.log } # dest blk_BL_music { domainlist blk_BL_music/domains urllist blk_BL_music/urls log block.log } # dest blk_BL_news { domainlist blk_BL_news/domains urllist blk_BL_news/urls log block.log } # dest blk_BL_podcasts { domainlist blk_BL_podcasts/domains urllist blk_BL_podcasts/urls log block.log } # dest blk_BL_politics { domainlist blk_BL_politics/domains urllist blk_BL_politics/urls log block.log } # dest blk_BL_porn { domainlist blk_BL_porn/domains urllist blk_BL_porn/urls log block.log } # dest blk_BL_radiotv { domainlist blk_BL_radiotv/domains urllist blk_BL_radiotv/urls log block.log } # dest blk_BL_recreation_humor { domainlist blk_BL_recreation_humor/domains urllist blk_BL_recreation_humor/urls log block.log } # dest blk_BL_recreation_martialarts { domainlist blk_BL_recreation_martialarts/domains urllist blk_BL_recreation_martialarts/urls log block.log } # dest blk_BL_recreation_restaurants { domainlist blk_BL_recreation_restaurants/domains urllist blk_BL_recreation_restaurants/urls log block.log } # dest blk_BL_recreation_sports { domainlist blk_BL_recreation_sports/domains urllist blk_BL_recreation_sports/urls log block.log } # dest blk_BL_recreation_travel { domainlist blk_BL_recreation_travel/domains urllist blk_BL_recreation_travel/urls log block.log } # dest blk_BL_recreation_wellness { domainlist blk_BL_recreation_wellness/domains urllist blk_BL_recreation_wellness/urls log block.log } # dest blk_BL_redirector { domainlist blk_BL_redirector/domains urllist blk_BL_redirector/urls log block.log } # dest blk_BL_religion { domainlist blk_BL_religion/domains urllist blk_BL_religion/urls log block.log } # dest blk_BL_remotecontrol { domainlist blk_BL_remotecontrol/domains urllist blk_BL_remotecontrol/urls log block.log } # dest blk_BL_ringtones { domainlist blk_BL_ringtones/domains urllist blk_BL_ringtones/urls log block.log } # dest blk_BL_science_astronomy { domainlist blk_BL_science_astronomy/domains urllist blk_BL_science_astronomy/urls log block.log } # dest blk_BL_science_chemistry { domainlist blk_BL_science_chemistry/domains urllist blk_BL_science_chemistry/urls log block.log } # dest blk_BL_searchengines { domainlist blk_BL_searchengines/domains urllist blk_BL_searchengines/urls log block.log } # dest blk_BL_sex_education { domainlist blk_BL_sex_education/domains urllist blk_BL_sex_education/urls log block.log } # dest blk_BL_sex_lingerie { domainlist blk_BL_sex_lingerie/domains urllist blk_BL_sex_lingerie/urls log block.log } # dest blk_BL_shopping { domainlist blk_BL_shopping/domains urllist blk_BL_shopping/urls log block.log } # dest blk_BL_socialnet { domainlist blk_BL_socialnet/domains urllist blk_BL_socialnet/urls log block.log } # dest blk_BL_spyware { domainlist blk_BL_spyware/domains urllist blk_BL_spyware/urls log block.log } # dest blk_BL_tracker { domainlist blk_BL_tracker/domains urllist blk_BL_tracker/urls log block.log } # dest blk_BL_updatesites { domainlist blk_BL_updatesites/domains urllist blk_BL_updatesites/urls log block.log } # dest blk_BL_urlshortener { domainlist blk_BL_urlshortener/domains urllist blk_BL_urlshortener/urls log block.log } # dest blk_BL_violence { domainlist blk_BL_violence/domains urllist blk_BL_violence/urls log block.log } # dest blk_BL_warez { domainlist blk_BL_warez/domains urllist blk_BL_warez/urls log block.log } # dest blk_BL_weapons { domainlist blk_BL_weapons/domains urllist blk_BL_weapons/urls log block.log } # dest blk_BL_webmail { domainlist blk_BL_webmail/domains urllist blk_BL_webmail/urls log block.log } # dest blk_BL_webphone { domainlist blk_BL_webphone/domains urllist blk_BL_webphone/urls log block.log } # dest blk_BL_webradio { domainlist blk_BL_webradio/domains urllist blk_BL_webradio/urls log block.log } # dest blk_BL_webtv { domainlist blk_BL_webtv/domains urllist blk_BL_webtv/urls log block.log } # rew safesearch { s@(google..*/search?.*q=.*)@&safe=active@i s@(google..*/images.*q=.*)@&safe=active@i s@(google..*/groups.*q=.*)@&safe=active@i s@(google..*/news.*q=.*)@&safe=active@i s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i s@(search.live..*/.*q=.*)@&adlt=strict@i s@(search.msn..*/.*q=.*)@&adlt=strict@i s@(.bing..*/.*q=.*)@&adlt=strict@i log block.log } # acl { # default { pass all redirect http://192.168.5.254:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u rewrite safesearch log block.log } }
Asi esta ahora,
Sigue el bloqueo.
-
-
# This file is automatically generated by pfSense # Do not edit manually ! http_port 192.168.5.254:3128 http_port 127.0.0.1:3128 intercept icp_port 7 dns_v4_first off pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language es icon_directory /usr/pbi/squid-amd64/etc/squid/icons visible_hostname pfsense cache_mgr admin@arrentrac.local access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none sslcrtd_children 0 logfile_rotate 7 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.5.0/24 httpd_suppress_version_string on uri_whitespace strip acl dynamic urlpath_regex cgi-bin ? cache deny dynamic cache_mem 1024 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA cache_dir aufs /var/squid/cache 8000 16 256 minimum_object_size 0 KB maximum_object_size 4 KB offline_mode offcache_swap_low 90 cache_swap_high 95 # No redirector configured #Remote proxies # Setup some default acls acl allsrc src all acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings # Package Integration url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf url_rewrite_bypass off url_rewrite_children 16 startup=8 idle=4 concurrency=0 # Custom options # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny allsrc
-
Borre el cache de mi navegador y ya puedo entrar a la pagina bloqueada.