Squid+SquidGuard Startado e não Bloqueia Nada.
-
Bom dia Pessoal,
Não sei oque ocorreu mas preciso de ajuda, Meu SQUID +SQUIDGUARD startado e não bloqueia nada. ja stopei e startei e nada.
segue Prints e configurações.
This file is automatically generated by pfSense
Do not edit manually !
http_port 192.168.0.2:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-
amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB
cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB
cert=/usr/pbi/squid-amd64/etc/squid/serverkey.pem capath=/usr/pbi/squid-amd64/share/certs/
icp_port 0
dns_v4_first on
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language pt-br
icon_directory /usr/pbi/squid-amd64/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
netdb_filename /var/squid/logs/netdb.state
pinger_enable on
pinger_program /usr/pbi/squid-amd64/libexec/squid/pinger
sslcrtd_program /usr/pbi/squid-amd64/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048
sslcrtd_children 5
sslproxy_capath /usr/pbi/squid-amd64/share/certs/
sslproxy_cert_error allow all
sslproxy_cert_adapt setValidBefore alllogfile_rotate 90
debug_options rotate=90
shutdown_lifetime 3 secondsAllow local network(s) on interface(s)
acl localnet src 192.168.0.0/24
forwarded_for off
httpd_suppress_version_string on
uri_whitespace stripacl dynamic urlpath_regex cgi-bin ?
cache deny dynamiccache_mem 1024 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 4096 16 256
minimum_object_size 0 KB
maximum_object_size 90000 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95
acl donotcache dstdomain '/var/squid/acl/donotcache.acl'
cache deny donotcache
cache allow allNo redirector configured
#Remote proxies
Setup some default acls
From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and
to_localhost ACL definitions are now built-in.
acl localhost src 127.0.0.1/32
acl allsrc src all
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535 53 443 8088 8080
acl sslports port 443 563 443 563From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and
to_localhost ACL definitions are now built-in.
#acl manager proto cache_objectacl purge method PURGE
acl connect method CONNECTDefine protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
acl allowed_subnets src 192.168.0.0/24
acl banned_hosts src '/var/squid/acl/banned_hosts.acl'
acl whitelist dstdom_regex -i '/var/squid/acl/whitelist.acl'
acl blacklist dstdom_regex -i '/var/squid/acl/blacklist.acl'
acl block_reply_mime_type rep_mime_type -i '/var/squid/acl/block_reply_mime_type.acl'
http_access allow manager localhosthttp_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslportsAlways allow localhost connections
From 3.2 further configuration cleanups have been done to make things easier and safer.
The manager, localhost, and to_localhost ACL definitions are now built-in.
http_access allow localhost
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrcReverse Proxy settings
always_direct allow whitelist
ssl_bump none whitelistPackage Integration
url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-
amd64/etc/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_children 16 startup=8 idle=4 concurrency=0Custom options before auth
always_direct allow all
ssl_bump server-first allThese hosts are banned
http_access deny banned_hosts
Always allow access to whitelist domains
http_access allow whitelist
Block access to blacklist domains
http_access deny blacklist
Block access with mime type in the reply
http_reply_access deny block_reply_mime_type
acl sglog url_regex -i sgr=ACCESSDENIED
http_access deny sglogSetup allowed acls
Allow local network(s) on interface(s)
http_access allow allowed_subnets
http_access allow localnetDefault block all to be sure
http_access deny allsrc
![Proxy Monitor.PNG](/public/imported_attachments/1/Proxy Monitor.PNG)
![Proxy Monitor.PNG_thumb](/public/imported_attachments/1/Proxy Monitor.PNG_thumb)
![Service Status.PNG](/public/imported_attachments/1/Service Status.PNG)
![Service Status.PNG_thumb](/public/imported_attachments/1/Service Status.PNG_thumb) -
Amigo como esta as confis do squidguard… e de suas regras de lan...
-
Pessoal na segunda eu fiz um squidguard-fix
–- squidguard_configurator.inc.orig
+++ squidguard_configurator.inc
@@ -94,3 +94,3 @@
-define('REDIRECTOR_OPTIONS_REM', '# squidGuard options');
-define('REDIRECTOR_PROGRAM_OPT', 'redirect_program');
-define('REDIRECT_BYPASS_OPT', 'redirector_bypass');
+define('REDIRECTOR_OPTIONS_REM', '# squidGuard options');
+define('REDIRECTOR_PROGRAM_OPT', 'url_rewrite_program');
+define('REDIRECT_BYPASS_OPT', 'url_rewrite_bypass');
@@ -98,1 +98,1 @@
-define('REDIRECTOR_PROCESS_COUNT', '5'); # redirector processes count will started
+define('REDIRECTOR_PROCESS_COUNT', '16 startup=8 idle=4 concurrency=0'); # redirector processes count will startedMas veio funcionando normal, apliquei e rebootei testei e tudo mais será que foi isso!
veja arquivo de configuração esta repetido.
always_direct allow whitelist
ssl_bump none whitelistPackage Integration
url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-
amd64/etc/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_children 16 startup=8 idle=4 concurrency=0 -
Matheus0032
Até fiz conforme sua explicação e um outro POST.
-
Pessoal, vou voltar meu BACKUP agora as 13:00
:( >:( >:( >:( >:(
-
Foi baixado uma blacklist e bloqueado as categorias?
-
Foi sim, tudo funcionando a 4 meses.
-
Nas maquinas, colocou o proxy certo?
Porque na configuração básica, você instala, instala uma blacklist, bloqueia as categorias, e em seguida coloca o proxy no browser das maquinas.
-
Meu é TRANSPARENT+SSL
-
Quando o proxy é transparente, ele só não pede usuário e senha para navegar, porem para ele navegar com as regras, você precisa apontar no navegador o IP do firewall, pois ele é a blacklist e filtra os sites.
-
Nunca precisei colocar nada para navegar e sempre pegou todas minhas regras, seja SQUID e SQUIDGUARD
-
Vou ver se acho alguma coisa para ajudar, mas quando eu fiz aqui no meu pfsense, precisei colocar o proxy no browser.
-
Proxy Transparente Preciso informar as configurações de IP e porta nos Navegadores?