SquidGuard bug ordering categories
-
2.1-RELEASE (i386)
built on Wed Sep 11 18:16:22 EDT 2013
FreeBSD 8.3-RELEASE-p11squidGuard-squid3 1.4_4 pkg v.1.9.5
I can't nest whitelist1 / deny1 / whitelist2 / deny2
The result in /usr/local/etc/squid/squidGuard.conf is allways whitelist1 / whitelist2 / deny1 / deny2
I'm migrating an external proxy (FreeBSD based) to pfSense and nesting is necessary for me.
Example (please see images)
Order should be:
yes_y yes_z !ads filtrats !in-addr !blk_blacklists_adult !blk_blacklists_agressif
and it is
yes_y yes_z filtrats !in-addr !ads !blk_blacklists_adult !blk_blacklists_agressif
Denied categories go to the end, just before loaded blacklists.
 -
The SquidGuard GUI order Categories by it's group
1. Whitelists - url's what must be passed always
2. Blocks - blocked url's
3. Allows - allowed (not blocked) url'sNot need order the Categories by item.
-
I will try to explain a new time…
The WebGUI permits to order the lists, except imported blacklists (they are at the end; it's ok).
The squidGuard.conf generated doesn't have the order I put on the WebGUI. This is confused.
I need this because in my old proxy (FreeBSD based) I have something like:
my_allowed_domains my_denied_expressions my_filtered_domains imported_blacklists
This permits bypass some items in imported_blacklists
For example, I block some expressions for Youtube (with my_denied_expressions), I permit "filtered" Youtube (with my_filtered_domains) and Youtube is in imported_blacklists (in fact in one big blacklist not allowing audio&video sites).
At the moment, the solution is disable my_filtered_domains and disable also the audio&video imported_blacklist.
Like this I have "filtered" Youtube (and some others).
However, this obliges me to maintain my own blacklist for audio&video.
-
With SquidGuard GUI you can implement the following filter circuits:
A) "Block All and allow some" :
Default category = deny; Allow some categories;
B) "Allow All and block some categories with exeptions from blocking"
Default category = allow; Block (deny) some categories and using Whitelist for excludes from blockingYou way (B):
my_allowed_domains = whitelist
my_filtered_domains = whitelist
my_denied_expressions = deny
imported_blacklists = deny
Default category = allowYou ruleset will be {whitelist}{all_used_blocklists}{default_allow_all}
-
I surfed config.xml and squidGuard.conf and the order is changed. For me, it's a bug.
Example:
<squidguarddefault><config><dest>^yes_0 !no_0 !ads ^filtered !blk_blacklists_video all</dest> <notallowingip>on</notallowingip> <deniedmessage><redirect_mode>rmod_ext_rdr</redirect_mode> <redirect>http://www.mydomain.tld/denied.php?%u</redirect> <safesearch>on</safesearch> <rewrite><enablelog></enablelog></rewrite></deniedmessage></config></squidguarddefault>acl { # default { pass yes_0 filtered !in-addr !no_0 !ads !blk_blacklists_video all redirect http://www.mydomain.tld/denied.php?%u rewrite safesearch } }I surfed https://github.com/pfsense/pfsense-packages/blob/master/config/squidGuard/squidguard.inc but I'm not capable to find the piece of code that changes the order.
-
All correct
Config
<dest>^yes_0 !no_0 !ads ^filtered !blk_blacklists_video all</dest>Items
pass yes_0 filtered !in-addr !no_0 !ads !blk_blacklists_video allAll elements in rule are grouped according to their action
pass WhiteList DenyList <allowlist>DefaultRule</allowlist>Order in groups and in the config file is irrelevant. You do not have to worry about compliance of the elements in the configuration and rules.
-
WebGUI is confused about order and I need:
pass yes_0 !in-addr !no_0 !ads filtered !blk_blacklists_video all
As explained some days ago I need it because !no_0 has regular expressions for blocking some words when searchnig at filtered domains (such google, youtube…) and these domains are into big standard downloaded blacklists (!blk_blacklists_…...).
Could you say me the piece of code where the "not ordering" is done? I will like to make a system patch, if necessary.
Thanks!
-
Bellera, did you tried to edit it by hand after config save to be sure order will change results?
I'm not a squidguard specialist but AFAIK, squidguard allows two or three checks (allow acl, deny acl, default acl)
I've tried to set group of acls just like I do on dansguardian but I got no success on it.
-
Bellera, did you tried to edit it by hand after config save to be sure order will change results?
[Apply] button writes squidGuard.conf and restarts the service.
I'm sure that it works… squidGuard executes the lists by the order that they are indicated at pass lines.
I'm using like this since year 2000, with FreeBSD servers.
So, my interest for google.com, youtube.com is in "pseudocode":
!block_bad_words filter_some_domains !block_with_big_black_lists
The problem is that squidGuard package is always doing, no matter the order at WebGUI:
filter_some_domains !block_bad_words !block_with_big_black_lists
and like this, block_bad_words is not usable.
-
[SOLVED]
1. Commented lines:
402 #file_put_contents($conf_file, $conf); 403 #file_put_contents(SQUID_LOCALBASE . '/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by defaulthttps://github.com/pfsense/pfsense-packages/blob/master/config/squidGuard/squidguard_configurator.inc
2. Modified pass line at:
/usr/pbi/squid-i386/etc/squid/squidGuard.conf /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf3. [Apply] button to reconfigure squidGuard without writing a new squidGuard.conf
In general I only need to modify my lists. So, the trick will work without troubles for me.
