Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard bug ordering categories

    Scheduled Pinned Locked Moved pfSense Packages
    10 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • belleraB
      bellera
      last edited by

      2.1-RELEASE (i386)
      built on Wed Sep 11 18:16:22 EDT 2013
      FreeBSD 8.3-RELEASE-p11

      squidGuard-squid3 1.4_4 pkg v.1.9.5

      I can't nest whitelist1 / deny1 / whitelist2 / deny2

      The result in /usr/local/etc/squid/squidGuard.conf is allways whitelist1 / whitelist2 / deny1 / deny2

      I'm migrating an external proxy (FreeBSD based) to pfSense and nesting is necessary for me.

      Example (please see images)

      Order should be:

      yes_y yes_z !ads filtrats !in-addr !blk_blacklists_adult !blk_blacklists_agressif

      and it is

      yes_y yes_z filtrats !in-addr !ads !blk_blacklists_adult !blk_blacklists_agressif

      Denied categories go to the end, just before loaded blacklists.

      ![Captura de 2014-03-16 21:20:31.png](/public/imported_attachments/1/Captura de 2014-03-16 21:20:31.png)
      ![Captura de 2014-03-16 21:20:31.png_thumb](/public/imported_attachments/1/Captura de 2014-03-16 21:20:31.png_thumb)
      ![Captura de 2014-03-16 21:21:07.png](/public/imported_attachments/1/Captura de 2014-03-16 21:21:07.png)
      ![Captura de 2014-03-16 21:21:07.png_thumb](/public/imported_attachments/1/Captura de 2014-03-16 21:21:07.png_thumb)
      ![Captura de 2014-03-16 21:23:36.png](/public/imported_attachments/1/Captura de 2014-03-16 21:23:36.png)
      ![Captura de 2014-03-16 21:23:36.png_thumb](/public/imported_attachments/1/Captura de 2014-03-16 21:23:36.png_thumb)

      1 Reply Last reply Reply Quote 0
      • D
        dvserg
        last edited by

        The SquidGuard GUI order Categories by it's group
        1. Whitelists - url's what must be passed always
        2. Blocks - blocked url's
        3. Allows - allowed (not blocked) url's

        Not need order the Categories by item.

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • belleraB
          bellera
          last edited by

          I will try to explain a new time…

          The WebGUI permits to order the lists, except imported blacklists (they are at the end; it's ok).

          The squidGuard.conf generated doesn't have the order I put on the WebGUI. This is confused.

          I need this because in my old proxy (FreeBSD based) I have something like:

          my_allowed_domains my_denied_expressions my_filtered_domains imported_blacklists

          This permits bypass some items in imported_blacklists

          For example, I block some expressions for Youtube (with my_denied_expressions), I permit "filtered" Youtube (with my_filtered_domains) and Youtube is in imported_blacklists (in fact in one big blacklist not allowing audio&video sites).

          At the moment, the solution is disable my_filtered_domains and disable also the audio&video imported_blacklist.

          Like this I have "filtered" Youtube (and some others).

          However, this obliges me to maintain my own blacklist for audio&video.

          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            With SquidGuard GUI you can implement the following filter circuits:

            A) "Block All and allow some" :   
                    Default category = deny; Allow some categories;
            B) "Allow All and block some categories with exeptions from blocking"
                    Default category = allow; Block (deny) some categories and using Whitelist for excludes from blocking

            You way (B):
            my_allowed_domains = whitelist
            my_filtered_domains  = whitelist
            my_denied_expressions = deny
            imported_blacklists = deny
            Default category = allow

            You ruleset will be {whitelist}{all_used_blocklists}{default_allow_all}

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • belleraB
              bellera
              last edited by

              I surfed config.xml and squidGuard.conf and the order is changed. For me, it's a bug.

              Example:

              		 <squidguarddefault><config><dest>^yes_0 !no_0 !ads ^filtered !blk_blacklists_video all</dest>
              				<notallowingip>on</notallowingip>
              				 <deniedmessage><redirect_mode>rmod_ext_rdr</redirect_mode>
              				<redirect>http://www.mydomain.tld/denied.php?%u</redirect>
              				<safesearch>on</safesearch>
              				 <rewrite><enablelog></enablelog></rewrite></deniedmessage></config></squidguarddefault> 
              
              acl  {
              	# 
              	default  {
              		pass yes_0 filtered !in-addr !no_0 !ads !blk_blacklists_video all
              		redirect http://www.mydomain.tld/denied.php?%u
              		rewrite safesearch
              	}
              }
              

              I surfed https://github.com/pfsense/pfsense-packages/blob/master/config/squidGuard/squidguard.inc but I'm not capable to find the piece of code that changes the order.

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                All correct

                Config
                <dest>^yes_0 !no_0 !ads ^filtered !blk_blacklists_video all</dest>

                Items
                pass yes_0 filtered !in-addr !no_0 !ads !blk_blacklists_video all

                All elements in rule are grouped according to their action
                pass WhiteList DenyList <allowlist>DefaultRule</allowlist>

                Order in groups and in the config file is irrelevant. You do not have to worry about compliance of the elements in the configuration and rules.

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • belleraB
                  bellera
                  last edited by

                  WebGUI is confused about order and I need:

                  pass yes_0 !in-addr !no_0 !ads filtered !blk_blacklists_video all

                  As explained some days ago I need it because !no_0 has regular expressions for blocking some words when searchnig at filtered domains (such google, youtube…) and these domains are into big standard downloaded blacklists (!blk_blacklists_…...).

                  Could you say me the piece of code where the "not ordering" is done? I will like to make a system patch, if necessary.

                  Thanks!

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    Bellera, did you tried to edit it by hand after config save to be sure order will change results?

                    I'm not a squidguard specialist but AFAIK, squidguard allows two or three checks (allow acl, deny acl, default acl)

                    I've tried to set group of acls just like I do on dansguardian but I got no success on it.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • belleraB
                      bellera
                      last edited by

                      @marcelloc:

                      Bellera, did you tried to edit it by hand after config save to be sure order will change results?

                      [Apply] button writes squidGuard.conf and restarts the service.

                      I'm sure that it works… squidGuard executes the lists by the order that they are indicated at pass lines.

                      I'm using like this since year 2000, with FreeBSD servers.

                      So, my interest for google.com, youtube.com is in "pseudocode":

                      !block_bad_words filter_some_domains !block_with_big_black_lists

                      The problem is that squidGuard package is always doing, no matter the order at WebGUI:

                      filter_some_domains !block_bad_words !block_with_big_black_lists

                      and like this, block_bad_words is not usable.

                      1 Reply Last reply Reply Quote 0
                      • belleraB
                        bellera
                        last edited by

                        [SOLVED]

                        1. Commented lines:

                           402	        #file_put_contents($conf_file, $conf);
                           403	        #file_put_contents(SQUID_LOCALBASE . '/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default
                        

                        https://github.com/pfsense/pfsense-packages/blob/master/config/squidGuard/squidguard_configurator.inc

                        2. Modified pass line at:

                        /usr/pbi/squid-i386/etc/squid/squidGuard.conf
                        /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf
                        

                        3. [Apply] button to reconfigure squidGuard without writing a new squidGuard.conf

                        In general I only need to modify my lists. So, the trick will work without troubles for me.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.