Is the squidguard package stable at the moment…..
-
We are planning at the moment to put the squidguard package onto several production pfsense machines.
Is this package error-free to work cleanly with production machines?
heiko
-
Known problems and issues:
- have problem with use internel sgerror.php on HTTPS webgui proto: solve problem with using ext error pages (General page option);
- near time will finished global modification blacklist alghorithm ( now i work with rebuild-DB mechanism and blk-list behavior On reinstallation SG).
!Fixed! reboot autostart SG
All others (how know) worked stable.
ps if have any other problems and issues - i ready to fixed this. -
Thanks dvserg!
I will test it on one production machine in moscow, and then we will see
greetings
heiko -
If any questions - i have ICQ
Welcome with 10.00-17.00 MSK in work days. -
Ok, fine, thanks!
Heiko -
if i klick on the "apply" button at the "general settings" -tab, these errors occurs
Warning: Invalid argument supplied for foreach() in /usr/local/pkg/squidguard_configurator.inc on line 540 Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 320 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:540) in /usr/local/www/pkg_edit.php on line 35
Greetings
Heiko -
if i klick on the "apply" button at the "general settings" -tab, these errors occurs
Warning: Invalid argument supplied for foreach() in /usr/local/pkg/squidguard_configurator.inc on line 540 Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 320 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:540) in /usr/local/www/pkg_edit.php on line 35
Greetings
HeikoSounds like "direct" output to web server from the PHP scripts instead of "buffered" output. I have not looked at the php configuration in the pfSense system - is it set to buffer output???
Just wondering…
gm...
-
if i klick on the "apply" button at the "general settings" -tab, these errors occurs
This new blacklist update ::) Tomorrow fix it.
-
Sorry…
if i create an ACL and delete this item, so the ACL list is empty the following error occurs....Warning: Invalid argument supplied for foreach() in /usr/local/pkg/squidguard.inc on line 414 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard.inc:414) in /usr/local/www/pkg.php on line 87
Another blacklist update?
greetings
Heiko -
Hello dvserg,
for me it blocks nothing with the default configuration, maybe my fault…
Do you have a small tutorial for starting.
Greetings
Heiko -
Warning: Invalid argument supplied for foreach()
Add one entry on Destination page (i will insert checking for empty listing)
Quick start
http://diskatel.narod.ru/sgquick.htmProbably You have error in config - in this situation SG generated small block config
Check log on thirts page (general) for found error messages. -
I took a look at you tutorial, but my webgui-log shows errors and says "starts with default". I see the ACL errors, but i didn´t have ACL´s in my config. I have downloaded the shallalist and the logs says that the db is OK. At the End i click on the Apply button and then this happens.
Here my log…
7.02.2008 19:17:16 : sg_init: ext initialization squidguard_config
17.02.2008 19:17:17 : sg_init: ext initialization squidguard_config
17.02.2008 19:17:23 : sg_init: ext initialization squidguard_config
17.02.2008 19:17:28 : sg_init: ext initialization squidguard_config
17.02.2008 19:17:34 : sg_init: ext initialization squidguard_config
17.02.2008 19:17:42 : sg_init: ext initialization squidguard_config
17.02.2008 19:17:45 : sg_init: ext initialization squidguard_config
17.02.2008 19:17:50 : sg_init: ext initialization squidguard_config
17.02.2008 19:17:53 : sg_reconfigure: start.
17.02.2008 19:17:53 : sg_reconfigure_user_db: begin at '/var/db/squidGuard'
17.02.2008 19:17:53 : sg_reconfigure_user_db: STOPPED; User destinations list empty
17.02.2008 19:17:53 : sg_remove_unused_db_entries: begin
17.02.2008 19:17:53 : sg_remove_unused_db_entries: end
17.02.2008 19:17:53 : sg_reconfigure_user_db: end.
17.02.2008 19:17:53 : sg_build_config: create squidGuard config.
17.02.2008 19:17:53 : sg_build_config: checking configuration data.
17.02.2008 19:17:53 : sg_build_config: error configuration data. It's all errors:
SOURCE ''error: Size of name must be between [2..16]. Invalid name . Valid name symbols: ['a-Z', '_', '0-9', '-']. First symbol must be a letter.
ACL '' error: ontime pass list is empty.
17.02.2008 19:17:53 : sg_build_config: terminated.
17.02.2008 19:17:53 : sg_redirector_base_url: select redirector base url (https://192.168.6.1:61003/sgerror.php?url=404%20Check%20proxy%20filter%20settings%20on%20errors.&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
17.02.2008 19:17:53 : sg_redirector_base_url: End.
17.02.2008 19:17:53 : sg_build_default_config: ATTENTION! Created default configuration. All content will blocked.
17.02.2008 19:17:53 : sg_build_default_config: End.
17.02.2008 19:17:53 : sg_reconfigure: generate squidGuard config and save to /usr/local/etc/squidGuard/squidGuard.conf.
17.02.2008 19:17:53 : squid_reconfigure: begin
17.02.2008 19:17:53 : squid_reconfigure: remove old redirector options from Squid config.
17.02.2008 19:17:53 : squid_reconfigure: add new redirector options to Squid config.
17.02.2008 19:17:56 : sg_reconfigure: end.
17.02.2008 19:18:08 : sg_init: ext initialization squidguard_configGreetings
Heiko -
Hello,
last Test:First of all, i think the acl page have problems. If i delete ACL Lines, the Line shows a blank config. If i restarted squidguard errors appears.
- Source not found….
Now i edit the acl line and filling a few words in it and checked disable. After that, i have made a restart at the generel page with clicing the apply button.
For me it looks Ok, but also nothing content was blocked...
/var/squidGuard/log/sg_configurator.log
17.02.2008 20:10:25 : sg_reconfigure_user_db: -- add moskau expressions ''spiegel|gmx''
17.02.2008 20:10:25 : sg_rebuild_db: Begin with path '/var/db/squidGuard'.
17.02.2008 20:10:25 : sg_create_rebuild_config: Begin with dbhome='/var/db/squidGuard'.
17.02.2008 20:10:25 : sg_create_rebuild_config: -- added item 'usr_moskau' = '/var/db/squidGuard/moskau'.
17.02.2008 20:10:25 : sg_redirector_base_url: select redirector base url (https://192.168.6.1:61003/sgerror.php?url=404&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
17.02.2008 20:10:25 : sg_redirector_base_url: End.
17.02.2008 20:10:25 : sg_create_rebuild_config: End.
17.02.2008 20:10:25 : sg_rebuild_db: Create temporary config '/tmp/squidGuard_rebuild.conf_usrdb'.
17.02.2008 20:10:25 : sg_rebuild_db: Started SH script '/tmp/squidGuard_db_rebuild.sh_usrdb'.
17.02.2008 20:10:25 : sg_rebuild_db: End.
17.02.2008 20:10:25 : sg_remove_unused_db_entries: begin
17.02.2008 20:10:25 : sg_remove_unused_db_entries: end
17.02.2008 20:10:25 : sg_reconfigure_user_db: end.
17.02.2008 20:10:25 : sg_build_config: create squidGuard config.
17.02.2008 20:10:25 : sg_build_config: checking configuration data.
17.02.2008 20:10:25 : sg_build_config: add times
17.02.2008 20:10:25 : sg_build_config: add sources
17.02.2008 20:10:25 : sg_build_config: add blacklist entries
17.02.2008 20:10:25 : sg_build_config: added:
ads; aggressive; audio-video; drugs; gambling; hacking; mail; porn; proxy; violence; warez;17.02.2008 20:10:25 : sg_build_config: add destinations
17.02.2008 20:10:25 : sg_build_config: added:
moskau;17.02.2008 20:10:25 : sg_build_config: add ACL
17.02.2008 20:10:25 : sg_build_config: added:
test1; test;17.02.2008 20:10:25 : sg_build_config: add Default
17.02.2008 20:10:25 : sg_redirector_base_url: select redirector base url (https://192.168.6.1:61003/sgerror.php?url=http://www.google.ru&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
17.02.2008 20:10:25 : sg_redirector_base_url: End.
17.02.2008 20:10:26 : sg_redirector_base_url: select redirector base url (https://192.168.6.1:61003/sgerror.php?url=404%20overtime&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
17.02.2008 20:10:26 : sg_redirector_base_url: End.
17.02.2008 20:10:26 : sg_reconfigure: generate squidGuard config and save to /usr/local/etc/squidGuard/squidGuard.conf.
17.02.2008 20:10:26 : squid_reconfigure: begin
17.02.2008 20:10:26 : squid_reconfigure: remove old redirector options from Squid config.
17.02.2008 20:10:26 : squid_reconfigure: add new redirector options to Squid config.
17.02.2008 20:10:29 : sg_reconfigure: end.
17.02.2008 20:10:29 : sg_init: ext initialization squidguard_config
17.02.2008 20:11:14 : sg_init: ext initialization squidguard_config
17.02.2008 20:11:14 : sg_init: ext initialization squidguard_config
17.02.2008 20:16:49 : sg_init: ext initialization squidguard_config
17.02.2008 20:17:01 : sg_init: ext initialization squidguard_config
17.02.2008 20:17:01 : sg_init: ext initialization squidguard_config
17.02.2008 20:17:23 : sg_init: ext initialization squidguard_config
17.02.2008 20:17:26 : sg_init: ext initialization squidguard_config
17.02.2008 20:18:10 : sg_init: ext initialization squidguard_config
17.02.2008 20:18:10 : sg_init: ext initialization squidguard_configI don´t know where my config is buggy. Maybe, take a look at the screenshots
I don´t use the transparent proxy feature but local user authentication.Greetings
Heiko
-
I'm getting something similar…all was well until recently..... After awhile the error stops showing and Squidguard is apparently running, but no content gets blocked. If I re-install I get the same issue.
Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 367 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:367) in /usr/local/www/pkg_edit.php on line 35
-
Thanks. I will test this too.
-
I occasionally get the implode type of error when I've deleted a destination group or blacklist group and haven't gone through all the ACLs to update them. Perhaps it's a similar problem?
Also, heiko, I am using squidGuard in a production environment and am happy with the results.
-
This happens on fresh install with no destination groups deleted. It happens after uploading Blacklist or hitting apply changes. Then error goes away and no content is blocked.
-
Thanks for previous bug-report's.
I fix it (may be >:( ) and update sources.
If possible check this bugs now.Also i remake ACL-ordering code for more stable.
-
Seems to be working now. Since the last few changes, I can no longer access the blocked log report tab….I get block_log report disabled. The other thing I'm trying to figure out is how to whitelist certain sites that are in the blacklist...
-
I can no longer access the blocked log report tab....I get block_log report disabled.
I disable this function. After short time i return to renew this code with more quick algorithm (i houpe).
If you need this now - you can modify squidGuard.php:- comment with '#' line 710
# $slog .= 'block_log report disabled';
- delete '/' and '/' symbols in 711 and 747 lines.
ps this actual on today time; in next time code can changed.
-
Sorry dvserg, i wouldn´t set off an avalanche with my question.
Greetings
Heiko -
I finally figured out how to whitelist a url that's blacklisted. In destination tab I created a whitelist and blacklist. When I put a url that I want to add to the blacklist it worked. However when I put a url that I want to whitelist it still didn't work. I looked in the squidgaurd config and found this:
dest whitelist {
domainlist whitelist/domains
urllist whitelist/urls
log block.log
}dest Blacklist {
domainlist Blacklist/domains
urllist Blacklist/urls
redirect http://192.168.0.1/sgerror.php?url=http://www.yahoo.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}acl {
default {
pass !blk_BL_adv !blk_BL_aggressive !blk_BL_chat !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_redirector !blk_BL_spyware !blk_BL_tracker !blk_BL_warez whitelist !Blacklist all
redirect http://192.168.0.1/sgerror.php?url=http://www.yahoo.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
}
}However the my whitelist and blacklist were added to the back of the config. I edited my xml config and replaced it with this:
dest whitelist {
domainlist whitelist/domains
urllist whitelist/urls
log block.log
}dest Blacklist {
domainlist Blacklist/domains
urllist Blacklist/urls
redirect http://192.168.0.1/sgerror.php?url=http://www.yahoo.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}acl {
default {
pass whitelist !Blacklist !blk_BL_adv !blk_BL_aggressive !blk_BL_chat !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_redirector !blk_BL_spyware !blk_BL_tracker !blk_BL_warez all
redirect http://192.168.0.1/sgerror.php?url=http://www.yahoo.com&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
}
}I put my whitelist and blacklist in front of the file…..it now works.
-
I put my whitelist and blacklist in front of the file…..it now works.
You wanted say, what SG dest order has important meaning?
I not found information in manuals about this
If you can - please help find it fo me - this is really important.
Thanks. -
Maybe I should clarify. The order seems important. If you look at the example above I just moved the whitelist to the front. The additional blacklist created doesn’t matter the order. I found the info at http://squidguard.shalla.de/Doc/configure.html
- Whitelisting
Sometimes there is a demand to allow specific URLs and domains although they are part of the blocklists for a good reason. In this case you want to whitelist these domains and URLs.
Defining a whitelist
dest white {
domainlist white/domains
urllist white/urls
}acl {
default {
pass white !adv !porn !warez all
redirect http://localhost/block.html
}}
Basically the whitelist works before the blacklist.
-
I guess one would get the same result if you named your whitelist something like AA….first order seems to be ads.....Example AA ads aggressive......
acl {
default {
pass AA !blk_adv !blk_BL_aggressive !blk_BL_chat !blk_BL_drugs !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_redirector !blk_BL_spyware !didn't try this though but should work.
John
-
Thanks!!!
English causes some difficulties for me, and nuances sometimes disappear :-\A chnange config generator AS:
pass <allow_rules><block_rules>all|none</block_rules></allow_rules> -
After a de-install and reinstallation of SG i get the following error each time i press apply in the general settings tab:
Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 312 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:312) in /usr/local/www/pkg_edit.php on line 35
..and nothing is blocked anymore :(
pls help!
-
After a de-install and reinstallation of SG i get the following error each time i press apply in the general settings tab:
Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 312 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:312) in /usr/local/www/pkg_edit.php on line 35
..and nothing is blocked anymore :(
pls help!
I had the same problem. I had to reinstall the package xml…then that cleared up the error and everything is working fine.
-
Well, I spoke to soon….There were changes to SquidGuard today, so I downloaded it again on a test box to see if I get the error....and I am.......Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 312 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:312) in /usr/local/www/pkg_edit.php on line 35
-
Fixed Please update package. :-[
-
thnx for the quick fix! ;D
-
thnx for the quick fix! ;D
I have found this yesterday and has corrected, but has forgotten to save to pfsense.com
-
Hi,
now SG works for me with a fresh installation of 1.2rc5 and your updates for SQ. First of all, thank you very much. I have setup the default config, no special destinations, times and so on…..
The redirector page does not work for me. For each blocked url i becameWhile trying to retrieve the URL: https://192.168.6.1:61003/sgerror.php?
The following error was encountered: ........Furthermore i cannot fetch the blocked url´s at the log-tab, is reporting disabled?
The checkboxes for choosing the blocked destinations on the default tab (default access | all -- deny access) cannot always save if i click on the save button, sometimes it is saved with checked, sometimes is after a php-reload the checkbox again unchecked.....
I have special rewrites on the "rewrite tab" and cannot save the rewrite because i have in the rewrite-name a non-valid-symbol so all of my typed rewrite were lost. And how the rewrites works?? I have a rewrite and choose this rewrite template at the "default" tab, the click save and apply (General settings), but the rewrite is not function....
Without a correct redirect and a blocked-url-log i cannot say to the staff member which is passed.....
My config errors maybe....
Greetings
Heiko -
https://192.168.6.1:61003/sgerror.php?
This is big problem for use Internal error generator 'sgerror.php' and https
I can't view way for 'frienship' this
In https gui mode you must set 'Redirect mode' as external (General page) and use ext page in ext server >:(
–-
Log tab i today recreated (old version very slowly on big log's)
Pls Reinstall and check this.Rewrites work as replacer url or url-template to specified you url
for example
*/porn.jpg - http://myweb.com/pornstop.jpg
replace all pron.jpg to you pornstop.jpg
if you can - place screenshots of error-names.
I can't retry you error (test rc-4 and rc-2).ps where take rc-5?
Best regards.
Serg -
OK, i will do
Thanks -
dvserg,
Nice work. SG is working great. My whitelist is working perfectly and now the block logging works.
Outstanding Job!!
John
-
OK, block logging works, thanks, but why is www.google.de blocked from "filter/porn". I don´t know, i think i must setup also a whitelist….
If i setup the redirect to external , nothing blocks anymore. I have made severals "saves and applys" on the general and default. Nothing happens.
Greetings
Heiko -
Rewrites work as replacer url or url-template to specified you url for example */porn.jpg - http://myweb.com/pornstop.jpg replace all pron.jpg to you pornstop.jpg if you can - place screenshots of error-names. I can't retry you error (test rc-4 and rc-2). ps where take rc-5? Best regards. Serg
Ah, i will test it again with rewrites and here you can get rc5/release
http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/updates/