Is the squidguard package stable at the moment…..



  • We are planning at the moment to put the squidguard package onto several production pfsense machines.

    Is this package error-free to work cleanly with production machines?

    heiko



  • Known problems and issues:

    • have problem with use internel sgerror.php on HTTPS webgui proto: solve problem with using ext error pages (General page option);
    • near time will finished global modification blacklist alghorithm ( now i work with rebuild-DB mechanism and blk-list behavior On reinstallation SG).

    !Fixed! reboot autostart SG
    All others (how know) worked stable.
    ps if have any other problems and issues - i ready to fixed this.



  • Thanks dvserg!

    I will test it on one production machine in moscow, and then we will see

    greetings
    heiko



  • If any questions - i have ICQ
    Welcome with 10.00-17.00 MSK in work days.



  • Ok, fine, thanks!
    Heiko



  • if i klick on the "apply" button at the "general settings" -tab, these errors occurs

    Warning: Invalid argument supplied for foreach() in /usr/local/pkg/squidguard_configurator.inc on line 540 Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 320 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:540) in /usr/local/www/pkg_edit.php on line 35

    Greetings
    Heiko



  • @heiko:

    if i klick on the "apply" button at the "general settings" -tab, these errors occurs

    Warning: Invalid argument supplied for foreach() in /usr/local/pkg/squidguard_configurator.inc on line 540 Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 320 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:540) in /usr/local/www/pkg_edit.php on line 35

    Greetings
    Heiko

    Sounds like "direct" output to web server from the PHP scripts instead of "buffered" output.  I have not looked at the php  configuration in the pfSense system - is it set to buffer output???

    Just wondering…

    gm...



  • @heiko:

    if i klick on the "apply" button at the "general settings" -tab, these errors occurs

    This new blacklist update  ::) Tomorrow fix it.



  • Sorry…
    if i create an ACL and delete this item, so the ACL list is empty the following error occurs....

    Warning: Invalid argument supplied for foreach() in /usr/local/pkg/squidguard.inc on line 414 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard.inc:414) in /usr/local/www/pkg.php on line 87

    Another blacklist update?

    greetings
    Heiko



  • Hello dvserg,
    for me it blocks nothing with the default configuration, maybe my fault…
    Do you have a small tutorial for starting.
    Greetings
    Heiko



  • Warning: Invalid argument supplied for foreach() 
    

    Add one entry on Destination page (i will insert checking for empty listing)

    Quick start
    http://diskatel.narod.ru/sgquick.htm

    Probably You have error in config - in this situation SG generated small block config
    Check log on thirts page (general) for found error messages.



  • I took  a look at you tutorial, but my webgui-log shows errors and says "starts with default". I see the ACL errors, but i didn´t have ACL´s in my config. I have downloaded the shallalist and the logs says that the db is OK. At the End i click on the Apply button and then this happens.

    Here my log…

    7.02.2008 19:17:16 : sg_init: ext initialization squidguard_config
    17.02.2008 19:17:17 : sg_init: ext initialization squidguard_config
    17.02.2008 19:17:23 : sg_init: ext initialization squidguard_config
    17.02.2008 19:17:28 : sg_init: ext initialization squidguard_config
    17.02.2008 19:17:34 : sg_init: ext initialization squidguard_config
    17.02.2008 19:17:42 : sg_init: ext initialization squidguard_config
    17.02.2008 19:17:45 : sg_init: ext initialization squidguard_config
    17.02.2008 19:17:50 : sg_init: ext initialization squidguard_config
    17.02.2008 19:17:53 : sg_reconfigure: start.
    17.02.2008 19:17:53 : sg_reconfigure_user_db: begin at '/var/db/squidGuard'
    17.02.2008 19:17:53 : sg_reconfigure_user_db: STOPPED; User destinations list empty
    17.02.2008 19:17:53 : sg_remove_unused_db_entries: begin
    17.02.2008 19:17:53 : sg_remove_unused_db_entries: end
    17.02.2008 19:17:53 : sg_reconfigure_user_db: end.
    17.02.2008 19:17:53 : sg_build_config: create squidGuard config.
    17.02.2008 19:17:53 : sg_build_config: checking configuration data.
    17.02.2008 19:17:53 : sg_build_config: error configuration data. It's all errors:
    SOURCE ''error: Size of name must be between [2..16]. Invalid name . Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter.
    ACL '' error: ontime pass list is empty.
    17.02.2008 19:17:53 : sg_build_config: terminated.
    17.02.2008 19:17:53 : sg_redirector_base_url: select redirector base url (https://192.168.6.1:61003/sgerror.php?url=404 Check proxy filter settings on errors.&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
    17.02.2008 19:17:53 : sg_redirector_base_url: End.
    17.02.2008 19:17:53 : sg_build_default_config: ATTENTION! Created default configuration. All content will blocked.
    17.02.2008 19:17:53 : sg_build_default_config: End.
    17.02.2008 19:17:53 : sg_reconfigure: generate squidGuard config and save to /usr/local/etc/squidGuard/squidGuard.conf.
    17.02.2008 19:17:53 : squid_reconfigure: begin
    17.02.2008 19:17:53 : squid_reconfigure: remove old redirector options from Squid config.
    17.02.2008 19:17:53 : squid_reconfigure: add new redirector options to Squid config.
    17.02.2008 19:17:56 : sg_reconfigure: end.
    17.02.2008 19:18:08 : sg_init: ext initialization squidguard_config

    Greetings
    Heiko



  • Hello,
    last Test:

    First of all, i think the acl page have problems. If i delete ACL Lines, the Line shows a blank config. If i restarted squidguard errors appears.

    -  Source not found….

    Now i edit the acl line and filling a few words in it and checked disable. After that, i have made a restart at the generel page with clicing the apply button.

    For me it looks Ok, but also nothing content was blocked...

    /var/squidGuard/log/sg_configurator.log
    17.02.2008 20:10:25 : sg_reconfigure_user_db: -- add moskau expressions ''spiegel|gmx''
    17.02.2008 20:10:25 : sg_rebuild_db: Begin with path '/var/db/squidGuard'.
    17.02.2008 20:10:25 : sg_create_rebuild_config: Begin with dbhome='/var/db/squidGuard'.
    17.02.2008 20:10:25 : sg_create_rebuild_config: -- added item 'usr_moskau' = '/var/db/squidGuard/moskau'.
    17.02.2008 20:10:25 : sg_redirector_base_url: select redirector base url (https://192.168.6.1:61003/sgerror.php?url=404&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
    17.02.2008 20:10:25 : sg_redirector_base_url: End.
    17.02.2008 20:10:25 : sg_create_rebuild_config: End.
    17.02.2008 20:10:25 : sg_rebuild_db: Create temporary config '/tmp/squidGuard_rebuild.conf_usrdb'.
    17.02.2008 20:10:25 : sg_rebuild_db: Started SH script '/tmp/squidGuard_db_rebuild.sh_usrdb'.
    17.02.2008 20:10:25 : sg_rebuild_db: End.
    17.02.2008 20:10:25 : sg_remove_unused_db_entries: begin
    17.02.2008 20:10:25 : sg_remove_unused_db_entries: end
    17.02.2008 20:10:25 : sg_reconfigure_user_db: end.
    17.02.2008 20:10:25 : sg_build_config: create squidGuard config.
    17.02.2008 20:10:25 : sg_build_config: checking configuration data.
    17.02.2008 20:10:25 : sg_build_config: add times
    17.02.2008 20:10:25 : sg_build_config: add sources
    17.02.2008 20:10:25 : sg_build_config: add blacklist entries
    17.02.2008 20:10:25 : sg_build_config: added:
    ads; aggressive; audio-video; drugs; gambling; hacking; mail; porn; proxy; violence; warez;

    17.02.2008 20:10:25 : sg_build_config: add destinations
    17.02.2008 20:10:25 : sg_build_config: added:
    moskau;

    17.02.2008 20:10:25 : sg_build_config: add ACL
    17.02.2008 20:10:25 : sg_build_config: added:
    test1; test;

    17.02.2008 20:10:25 : sg_build_config: add Default
    17.02.2008 20:10:25 : sg_redirector_base_url: select redirector base url (https://192.168.6.1:61003/sgerror.php?url=http://www.google.ru&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
    17.02.2008 20:10:25 : sg_redirector_base_url: End.
    17.02.2008 20:10:26 : sg_redirector_base_url: select redirector base url (https://192.168.6.1:61003/sgerror.php?url=404 overtime&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
    17.02.2008 20:10:26 : sg_redirector_base_url: End.
    17.02.2008 20:10:26 : sg_reconfigure: generate squidGuard config and save to /usr/local/etc/squidGuard/squidGuard.conf.
    17.02.2008 20:10:26 : squid_reconfigure: begin
    17.02.2008 20:10:26 : squid_reconfigure: remove old redirector options from Squid config.
    17.02.2008 20:10:26 : squid_reconfigure: add new redirector options to Squid config.
    17.02.2008 20:10:29 : sg_reconfigure: end.
    17.02.2008 20:10:29 : sg_init: ext initialization squidguard_config
    17.02.2008 20:11:14 : sg_init: ext initialization squidguard_config
    17.02.2008 20:11:14 : sg_init: ext initialization squidguard_config
    17.02.2008 20:16:49 : sg_init: ext initialization squidguard_config
    17.02.2008 20:17:01 : sg_init: ext initialization squidguard_config
    17.02.2008 20:17:01 : sg_init: ext initialization squidguard_config
    17.02.2008 20:17:23 : sg_init: ext initialization squidguard_config
    17.02.2008 20:17:26 : sg_init: ext initialization squidguard_config
    17.02.2008 20:18:10 : sg_init: ext initialization squidguard_config
    17.02.2008 20:18:10 : sg_init: ext initialization squidguard_config

    I don´t know where my config is buggy. Maybe, take a look at the screenshots
    I don´t use the transparent proxy feature but local user authentication.

    Greetings
    Heiko








  • I'm getting something similar…all was well until recently..... After awhile the error stops showing and Squidguard is apparently running, but no content gets blocked. If I re-install I get the same issue.

    Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 367 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:367) in /usr/local/www/pkg_edit.php on line 35



  • Thanks. I will test this too.



  • I occasionally get the implode type of error when I've deleted a destination group or blacklist group and haven't gone through all the ACLs to update them.  Perhaps it's a similar problem?

    Also, heiko, I am using squidGuard in a production environment and am happy with the results.



  • This happens on fresh install with no destination groups deleted. It happens after uploading Blacklist or hitting apply changes. Then error goes away and no content is blocked.



  • Thanks for previous bug-report's.
    I fix it (may be  >:( ) and update sources.
    If possible check this bugs now.

    Also i remake ACL-ordering code for more stable.



  • Seems to be working now. Since the last few changes, I can no longer access the blocked log report tab….I get block_log report disabled. The other thing I'm trying to figure out is how to whitelist certain sites that are in the blacklist...



  • I can no longer access the blocked log report tab....I get block_log report disabled.
    

    I disable this function. After short time i return to renew this code with more quick algorithm (i houpe).
    If you need this now - you can modify squidGuard.php:

    • comment with '#' line 710
    #                                $slog .= 'block_log report disabled';  
    
    • delete '/' and '/' symbols in  711 and 747 lines.

    ps this actual on today time; in next time code can changed.



  • Sorry dvserg, i wouldn´t set off an avalanche with my question.
    Greetings
    Heiko



  • I finally figured out how to whitelist a url that's blacklisted. In destination tab I created a whitelist and blacklist. When I put a url that I want to add to the blacklist it worked. However when I put a url that I want to whitelist it still didn't work. I looked in the squidgaurd config and found this:
    dest whitelist {
    domainlist whitelist/domains
    urllist whitelist/urls
    log block.log
    }

    dest Blacklist {
    domainlist Blacklist/domains
    urllist Blacklist/urls
    redirect http://192.168.0.1/sgerror.php?url=http://www.yahoo.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }

    acl {
    default {
    pass !blk_BL_adv !blk_BL_aggressive !blk_BL_chat !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_redirector !blk_BL_spyware !blk_BL_tracker !blk_BL_warez whitelist !Blacklist all
    redirect http://192.168.0.1/sgerror.php?url=http://www.yahoo.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    }
    }

    However the my whitelist and blacklist were added to the back of the config. I edited my xml config and replaced it with this:
    dest whitelist {
    domainlist whitelist/domains
    urllist whitelist/urls
    log block.log
    }

    dest Blacklist {
    domainlist Blacklist/domains
    urllist Blacklist/urls
    redirect http://192.168.0.1/sgerror.php?url=http://www.yahoo.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }

    acl {
    default {
    pass whitelist !Blacklist !blk_BL_adv !blk_BL_aggressive !blk_BL_chat !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_redirector !blk_BL_spyware !blk_BL_tracker !blk_BL_warez all
    redirect http://192.168.0.1/sgerror.php?url=http://www.yahoo.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    }
    }

    I put my whitelist and blacklist in front of the file…..it now works.



  • @ColdFusion:

    I put my whitelist and blacklist in front of the file…..it now works.

    You wanted say, what SG dest order has important meaning?
    I not found information in manuals about this
    If you can - please help find it fo me - this is really important.
    Thanks.



  • Maybe I should clarify. The order seems important. If you look at the example above I just moved the whitelist to the front. The additional blacklist created doesn’t matter the order. I found the info at http://squidguard.shalla.de/Doc/configure.html

    1. Whitelisting

    Sometimes there is a demand to allow specific URLs and domains although they are part of the blocklists for a good reason. In this case you want to whitelist these domains and URLs.
    Defining a whitelist
    dest white {
    domainlist white/domains
    urllist white/urls
    }

    acl {
            default {
                    pass    white !adv !porn !warez all
                    redirect http://localhost/block.html
                    }

    }

    Basically the whitelist works before the blacklist.



  • I guess one would get the same result if you named your whitelist something like AA….first order seems to be ads.....Example AA ads aggressive......

    acl {
    default {
    pass AA !blk_adv !blk_BL_aggressive !blk_BL_chat !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_redirector !blk_BL_spyware !

    didn't try this though but should work.

    John



  • Thanks!!!
    English causes some difficulties for me, and nuances sometimes disappear  :-\

    A chnange config generator AS:
    pass <allow_rules><block_rules>all|none</block_rules></allow_rules>



  • After a de-install and reinstallation of SG i get the following error each time i press apply in the general settings tab:

    Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 312 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:312) in /usr/local/www/pkg_edit.php on line 35

    ..and nothing is blocked anymore :(

    pls help!



  • @acidrop:

    After a de-install and reinstallation of SG i get the following error each time i press apply in the general settings tab:

    Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 312 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:312) in /usr/local/www/pkg_edit.php on line 35

    ..and nothing is blocked anymore :(

    pls help!

    I had the same problem. I had to reinstall the package xml…then that cleared up the error and everything is working fine.



  • Well, I spoke to soon….There were changes to SquidGuard today, so  I downloaded it again on a test box to see if I get the error....and I am.......Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 312 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:312) in /usr/local/www/pkg_edit.php on line 35



  • Fixed Please update package.  :-[



  • thnx for the quick fix!  ;D



  • @acidrop:

    thnx for the quick fix!  ;D

    I have found this yesterday and has corrected, but has forgotten to save to pfsense.com



  • Hi,
    now SG works for me with a fresh installation of 1.2rc5 and your updates for SQ. First of all, thank you very much. I have setup the default config, no special destinations, times and so on…..
    The redirector page does not work for me. For each blocked url i became

    While trying to retrieve the URL: https://192.168.6.1:61003/sgerror.php?
    The following error was encountered: ........

    Furthermore i cannot fetch the blocked url´s at the log-tab, is reporting disabled?

    The checkboxes for choosing the blocked destinations on the default tab (default access | all -- deny access) cannot always save if i click on the save button, sometimes it is saved with checked, sometimes is after a php-reload the checkbox again unchecked.....

    I have special rewrites on the "rewrite tab"  and cannot save the rewrite because i have in the rewrite-name a non-valid-symbol so all of my typed rewrite were lost. And how the rewrites works?? I have a rewrite and choose this rewrite template at the "default" tab, the click save and apply (General settings), but the rewrite is not function....

    Without a correct redirect and a blocked-url-log i cannot say to the staff member which is passed.....

    My config errors maybe....

    Greetings
    Heiko



  •  https://192.168.6.1:61003/sgerror.php?
    

    This is big problem for use Internal error generator 'sgerror.php' and https
    I can't view way for 'frienship' this
    In https gui mode you must set 'Redirect mode' as external (General page) and use ext page in ext server  >:(
    –-
    Log tab i today recreated (old version very slowly on big log's)
    Pls Reinstall and check this.

    Rewrites work as replacer url or url-template to specified you url
    for example
    */porn.jpg - http://myweb.com/pornstop.jpg
    replace all pron.jpg to you pornstop.jpg
    if you can - place screenshots of error-names.
    I can't retry you error (test rc-4 and rc-2).

    ps where take rc-5?
    Best regards.
    Serg



  • OK, i will do
    Thanks



  • dvserg,

    Nice work. SG is working great. My whitelist is working perfectly and now the block logging works.

    Outstanding Job!!

    John



  • OK, block logging works, thanks, but why is www.google.de blocked from "filter/porn". I don´t know, i think i must setup also a whitelist….

    If i setup the redirect to external , nothing blocks anymore. I have made severals "saves and applys" on the general and default. Nothing happens.

    Greetings
    Heiko



  • @dvserg:

     
    Rewrites work as replacer url or url-template to specified you url
    for example
    */porn.jpg - http://myweb.com/pornstop.jpg
    replace all pron.jpg to you pornstop.jpg
    if you can - place screenshots of error-names.
    I can't retry you error (test rc-4 and rc-2).
    
    ps where take rc-5?
    Best regards.
    Serg
    
    

    Ah, i will test it again with rewrites and here you can get rc5/release
    http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/updates/


Locked