Strange SquidGuard problem.



  • I don't exactly know the best way to explain this but I will give it a shot…

    The Goal is to have a block of 5 ip addresses with less restrictions like Torrent usage and the like.  So I setup Squid guard in this manner,

    1.) Common ACL is only blocking the spyware with a default of allow.
    2.) Group ACL (everyone else) Blocking Porn, warez, dating, everything else sex related, ect
    3.) Group ACL (allowed block) told to allow all these things.

    What I end up with is after I check the settings it does as it should allows me to access torrents and the like on my wife and I's computers.  While blocking these on the kids computers.  I come back an hour later and its not blocking anything on any of the devices.

    What I have tried.  I setup all the blocking in the Common ACL and allowed it in the Group of IP's.  this just blocks all that for everyone no matter what I have in the Group ACL settings.

    I did google this and searched the forums.  That being said I don't know exactly how to word what I'm looking for and the end result, not being able to find any information about this.  If someone could help or point me to the correct help that would be awesome.

    Thanks in advance for you time.

    DrClaw



  • Maybe I haven't understood your problem correctly, but this may help:

    SquidGuard (and the firewall rules too) works on the basis of first-match. The filtering rules do not cascade.

    Let us say you have Group ACL X and Group ACL Y (in that order) and then Common ACL. When someone accesses the Internet, SquidGuard tries to first match it with Group ACL X. If the match is positive (i.e. if the IP or the user belongs to Group ACL X), the Group ACL X will apply to it irrespective of your Common ACL and other Group ACL. Once the match is positive, it won't filter it using any other Group ACL or Common ACL. If the first match fails, it will try to  match it to Group ACL Y; if it matches, Group ACL Y will apply to it. If there are no matches, Common ACL will apply.

    So you need something like this:

    Group ACL X: Block Porn, Block P2P, Allow All
    Group ACL Y: Allow All
    Common ACL: Block All



  • @golmaal:

    Maybe I haven't understood your problem correctly, but this may help:

    SquidGuard (and the firewall rules too) works on the basis of first-match. The filtering rules do not cascade.

    Let us say you have Group ACL X and Group ACL Y (in that order) and then Common ACL. When someone accesses the Internet, SquidGuard tries to first match it with Group ACL X. If the match is positive (i.e. if the IP or the user belongs to Group ACL X), the Group ACL X will apply to it irrespective of your Common ACL and other Group ACL. Once the match is positive, it won't filter it using any other Group ACL or Common ACL. If the first match fails, it will try to  match it to Group ACL Y; if it matches, Group ACL Y will apply to it. If there are no matches, Common ACL will apply.

    So you need something like this:

    Group ACL X: Block Porn, Block P2P, Allow All
    Group ACL Y: Allow All
    Common ACL: Block All

    I will try this as soon as I get time to use mess around with it again..

    Thanks for the reply.  I will post what I find.

    DrClaw