What Squid version and SquidGuard or DansGuardian?

MrGlasspoole

Error in the browser?
I did not setup a blacklist yet cause the service is not running.
I can surf the web normally if i point the browser to wpad.mydomain.net/wpad.dat

doktornotor

It's not running because it segfaults…

FATAL: Received Segment Violation...dying.

Are you still running this from ramdisk?

MrGlasspoole

@doktornotor:

Are you still running this from ramdisk?

No
I thought thats the normal message if you restart squid

MrGlasspoole

Ok, after subscription to squidblacklist.org and this tutorial http://www.legoclan.com/tutorials/#squidblacklist squidGuard is running.

Reason for Squid and SquidGuard for me was:
1. That i thought i can speed up websites if i block ads before they reach the clients.
    But it seems that Adblock Plus works better.

2. Block ads and tracking for devices like phones, TVs, consoles…

3. Virus protection for phones, TVs, consoles...
    But ClamAV really makes websites slow.

I run pfSense in Hyper-V 2012 R2 Core on a 3.6GHz Core i3-4160 and assigned 2GB to pfSense.
I did set:
Squid Memory cache size: 512
Squid Maximum object size in RAM: 128

Hard disk cache is off cause i was reading it does not help if you have fast internet and not much clients (5-10).

I have a 120 MBit/s internet connection and maybe upgrade to 200.

It would be nice to block:
Virus, Botnet, Malware, Adware, APT, Drive-By Download, Infectious, Espionage, hosts that perform IP tracking for media companies and associations like RIAA/MPAA

Ad the moment i use Malicious, Proxies and the USG Blacklist from squidblacklist.org

Would be nice to to experience how other handle that stuff.

marcelloc

Did you tried any changes on clamav/icap configuration, like improving exclusion, etc?

MrGlasspoole

Ok, step by step.

I have the problems with the clwarn.cgi.
First i changed redirect to:

https://192.168.0.1/clwarn.cgi

as it was suggested. But it's https so i need to accept the non trusted side in Firefox.
Can i use http?

Then my clwarn.cgi is just an empty side?

Next thing is that i get a Squid error site if a URL does not longer exist.
Is it possible to show the defaults browser page?
Or does it have advantages to see a Squid site in such a case?

Read Error
The system returned: (54) Connection reset by peer

Cino

@MrGlasspoole:

Ok, step by step.

I have the problems with the clwarn.cgi.
First i changed redirect to:

https://192.168.0.1/clwarn.cgi

as it was suggested. But it's https so i need to accept the non trusted side in Firefox.
Can i use http?

Then my clwarn.cgi is just an empty side?

try https://192.168.0.1/squid_clwarn.php

MrGlasspoole

@marcelloc:

Did you tried any changes on clamav/icap configuration, like improving exclusion, etc?

I quote myself from another thread:

Yes there are many scenarios but i think it would be nice if some users would post there basic home settings
or there would be some recommendations for example on stuff like Squid Memory cache size based on RAM.
I believe for home use the needs between people do not differentiate to much.
I think there are allot of people here who have experience on what works best.

I'm not sure what files to scan and which not.

@Cino:

try https://192.168.0.1/squid_clwarn.php

Ok, that works. But why does it not point to a php file from the beginning?
But still - is it normal that i need a certificate to show error warnings?

MrGlasspoole

From the log:

/usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log

but it's there and gets updated?

Then:

kid1| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"

normal?

Then i saw:

kid1| WARNING: All 5/5 redirector processes are busy.
kid1| WARNING: 5 pending requests queued
kid1| WARNING: Consider increasing the number of redirector processes in your config file.
kid1| WARNING: All 5/5 redirector processes are busy.
kid1| WARNING: 5 pending requests queued
kid1| WARNING: Consider increasing the number of redirector processes in your config file.

after some google i changed in "/usr/local/pkg/squidguard_configurator.inc":

define('REDIRECTOR_PROCESS_COUNT', '5');

to 10.
Is this correct?

Then the log is full of "init domainlist" and "loading dbfile".
Is that normal?

cache.txt
cache.log.0.txt
squidGuard.txt

exograpix

Hi,

How to disable ramdisk in pfsense

MrGlasspoole

@exograpix:

How to disable ramdisk in pfsense

System > Advanced > Miscellaneous
But by default it's off.

exograpix

Hi,

Squidguard works at the time of first installation and after reboot though service is on, filtering is gone. using squid with transparent.

marcelloc

@MrGlasspoole:

Ok, that works. But why does it not point to a php file from the beginning?
But still - is it normal that i need a certificate to show error warnings?

Since pkg v0.2.4 it is. But if you came from older pkg versions, you may have old config files instead.

You can host it on other http web server or buy a certificate(there are some free too) to pfsense https.

MrGlasspoole

Ok, here is what i did.

I created "warning.mydomain.net" in the vHosts package and copied squid_clwarn.php
to "/usr/local/vhosts/warning.mydomain.net"

I also added "warning.mydomain.net" to the DNS Resolver Host Overrides.

In squidclamav.conf i changed to:

redirect http://warning.mydomain.net/squid_clwarn.php

No more certificate warnings!

What about the other stuff from my logs i was asking about?
And what someone share his Clamav settings for performance?