SquidGuard Group Acl not working


  • I have pfsense 2.1.3-RELEASE (amd64) running on squid3 transparent mode with squidGuard-dev-squid3.
    I get the blacklist from www.shallalist.de, and everything work fine in Common Acl (the Default access, I set to "allow").
    I have tested the filtering on "Common Acl" and it works.  I created a new Group Acl with a Target Categories to blacklist a site
    with the "Default access" set to "allow" and the Target Categories set to "deny".
    I do "Save" and "Apply".  I tested it, it doesn't seem to work.  Tried many times even clear cache, restart pfsense etc.

    The strange thing is, if I block using the "Common Acl"'s target list for that Target Categories blacklist, it works.  But it doesn't work
    with Group Acl.

    Can someone help?


  • Can you share the group acl? I would suspect that the group acl query is not resolving as intended. Also, the target categories on the right side are related to time restrictions. I made that mistake once and took long time to figure it out.


  • Sure.

    Group ACL
      Name:  GBL
      Client:  192.168.0.0/24
      Time: none
      Target rules:  !BL all [ !BL all]
      Redirect mod:  int error page

    Target categories
      name: BL
      Domain List:  mangapanda.com
      URL list: www.mangapanda.com/
      Regular expression:  mangapanda


  • Anyone have a success story to tell about Group Acl?


  • I don't use Squid3, but I thought you couldn't use any of the Int pages if you were using Transparent mode?

    Maybe some screenshots of your setup would help.


  • Attached herewith the screen shot.  Just can't get the Group Acl working.

    ![Screen Shot 07-15-14 at 11.41 AM.PNG](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM.PNG)
    ![Screen Shot 07-15-14 at 11.41 AM.PNG_thumb](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM.PNG_thumb)
    ![Screen Shot 07-15-14 at 11.41 AM 001.PNG](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM 001.PNG)
    ![Screen Shot 07-15-14 at 11.41 AM 001.PNG_thumb](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM 001.PNG_thumb)
    ![Screen Shot 07-15-14 at 11.41 AM 002.PNG](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM 002.PNG)
    ![Screen Shot 07-15-14 at 11.41 AM 002.PNG_thumb](/public/imported_attachments/1/Screen Shot 07-15-14 at 11.41 AM 002.PNG_thumb)


  • I played with it and I couldn't get it to work either.


  • I use older version of Squid and it works. Something in firewall rules that bypass proxy for the particular subnet? Sounds stupid recommendation but it has to be some configuration mistake; it just has to work.


  • it just has to work

    You've never played with squid3, have you?  ;D


  • At first I suspect the db corrupted, then I tested in the "acl default", it works just fine.
    I manually changing the squidGuard.conf file to
    acl {
      GBL {
        pass !BL all
        redirect ….
        log GBL.log    <-  changed from block.log to GBL.log
      ....

    I reload the squid and it reads this file correctly, the GBL.log created...but the log file doesn't logged anything.
    It seems squidguard doesn't read the Group Acl for filtering.  It could be a bug in v3.


  • For those who have not reached to get it working : here is the trick (working on pfsense 2.3) :
    in general settings tab of squidguard, there is an "apply" button.
    it is mandatory to click after any changes, event on other tabs.
    ACL groups work for me !
    hopes this help :)


  • @niko2:

    For those who have not reached to get it working : here is the trick (working on pfsense 2.3) :
    in general settings tab of squidguard, there is an "apply" button.
    it is mandatory to click after any changes, event on other tabs.
    ACL groups work for me !
    hopes this help :)

    Work like a charm !!!