2.2 + sarg + squidguard + squid



  • I've tried both squid3 and squid2 packages and associated squidguard, both result in same behavior.

    Once I download the blacklist (http://www.shallalist.de/Downloads/shallalist.tar.gz) and then enable the services, I am completely blocked from webgui config page with the following error:

    Warning: Invalid argument supplied for foreach() in /etc/inc/util.inc on line 1059 Warning: Invalid argument supplied for foreach() in /etc/inc/util.inc on line 1059
    
    An HTTP_REFERER was detected other than what is defined in System -> Advanced (http://192.168.0.1/). You can disable this check if needed in System -> Advanced -> Admin.
    

    Opening a new browser tab to try to login again I am given a grey login screen with this error:

    Warning: Invalid argument supplied for foreach() in /etc/inc/util.inc on line 1096
       exclamation	You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. 
    
    If you did not setup this forwarding, you may be the target of a man-in-the-middle attack.	
    
    Username:
    
    Password: 
    
    Enter username and password to login.
    
    

    I believe the http_referrer error is some kind of generic failure, as I have tried with that disabled before setting up these services with no difference.

    Luckily I have this system on a VM with snapshots taken so I can revert back to configs that are functional while testing this :)

    I am basically following this guide for setting up these services - http://irj972.co.uk/articles/pfSense-proxy



  • Have you disabled web gui redirect rule on system advanced too? if your pfsense is on port 80 you may be caught by transparent proxy



  • @marcelloc:

    Have you disabled web gui redirect rule on system advanced too? if your pfsense is on port 80 you may be caught by transparent proxy

    I did disable there, and on the console access via shell command, neither restored access.

    I feel the referenced line error is the real problem, and the redirect denial is just some kind of catch error for this condition. The host I'm trying to use the web gui from is dhcp assigned ip from pfsense.



  • After reverting a snapshot, can you try with squidguard3-devel? I've used it recently (not sure if it was 2.2 or 2.1)



  • hmm, I don't see an option for squidGuard3-devel, only squidGuard-devel, which the description for says requires Squid 2.x and not 3.x like squidGuard-squid3.

    I'll start trying it now though.



  • same result, as soon as I edit the common ACL tab on squidguard and hit save on that page, I get the error screen for foreeach() invalid arg specified line 1059

    the only options I am enabling on that page are:

    blk_BL_adv: Deny
    default access all: allow

    and ticking on logging near the bottom.



  • aha I started digging more into the logs after the package installs and it looks like my /tmp md0 partition filled up!

    /tmp was at 108% of capacity. I have ~3gb free on the / partition.

    I'm not sure how to take care of this so I'm just going to create a new vm with more capacity.



  • annoyingly I created a new vm with 20gb this time instead of 8gb…and I'm seeing the same error through the logs.

    /tmp: write failed, filesystem is full

    repeating over and over

    I used the default quick/easy install mode for this, it looks like it gave /tmp a 19mb partition?

    note: I'm seeing this /tmp full error on the first reboot after I did an auto update in the webgui (from dec. 10 2.2 to latest 2.2) I guess I'll try a newer live cd iso for my next install?

    edit: It seems to have gotten past this issue, that error repeated for a few minutes but I left it running while I was grabbing a new iso and setting up a new vm...and it booted fully and started working as normal.

    feature instead of bug? lol


Log in to reply