Squidguard… problems and questions

wompy · Mar 21, 2008, 4:54 AM

I had for a long time similar problems with squidGuard like you. However, now it is working fine. My two cents:

Go exactly through the http://diskatel.narod.ru/sgquick.htm help.

Use the Shallalist

Then deny access to all, just to test.

Now, if you browse the web, every page should be blocked.

If this does not work, go to the shell and type 'more /var/squid/log'

If you see some errors when loading the blacklist, like 'permission denied' or something you have to fix the permissions of the blacklist.

In order to do that I just typed ' chown -R proxy:proxy /var/squidGuard' (This tip comes from http://meadvillelibrary.org/os/filtering/squidGuard-install.html)

After that, everything worked fine.

+1
this helped alot. I was having the same problem that nothing was being blocked. I tried reinstalling squidguard and not uploading any blacklist. I set it to deny all and sure enough it worked. I then uploaded the suggested blacklist and it would not block anything. I followed your advice and checked the log and there were permission problems. To fix mine thought I also had to:
chown -R proxy:proxy /var/db/squidGurad
Now everything works perfectly.

dvserg · Mar 21, 2008, 6:51 AM

@wompy:

I followed your advice and checked the log and there were permission problems. To fix mine thought I also had to:
chown -R proxy:proxy /var/db/squidGurad
Now everything works perfectly.

Thanks, i testing this problem.

hinze57 · Mar 21, 2008, 12:50 PM

I am not a programmer, but would like to help if I can. I have been using URLFilter <http: urlfilter.net="">which I have running on IPCOP and looking to see how difficult it'd be to port over to pfsense. It is all CGI for the gui config interface. I can send screen shots if you don't have IPCOP and are interested in seeing what has been done for URLFilter. SquidGuard is an awesome pkg and addition to pfsense, just like to see it get better. URLFilter has some automated grabbing of the BlackLists db's and lets you choose the BlackList db you wish as well. The interface is pretty easy as well, however the pfsense SquidGuard pkg may have more capability.

BTW, where are the php files for SquidGuard config pages?

Thanks,
KH</http:>

dvserg · Mar 21, 2008, 2:43 PM

I wanted rich-functional package. Easy interface in this situation non-functional :-[

hinze57 · Mar 21, 2008, 8:42 PM

Don't misunderstand me, I think the package is awesome. I'm almost ready to move it into production and replace IPCOP. URLFilter has configuration parameters to pull the blacklist daily, weekly or monthly and apply it. I have it running very late after hours so no to disrupt anything. There is also a nice block page which shows client IP, site trying to connect to, and category which triggered the block.

Is there a way to do the above with this SquidGuard package?

Thank you,
KH

hinze57 · Mar 21, 2008, 9:01 PM

Okay, problem was with https. I now get a block page.

Still trying to figure out how to automatically grab new blacklist file. I can grab via cron, but what would be the commands to reconfigure just like if pressing upload button?

KH

dvserg · Mar 22, 2008, 4:05 PM

@hinze57:

Okay, problem was with https. I now get a block page.

Still trying to figure out how to automatically grab new blacklist file. I can grab via cron, but what would be the commands to reconfigure just like if pressing upload button?

KH

From GUI - nothig
You may use in you php script
php function from squidGuard.inc
sg_reconfigure_blacklist($url, $proxy);

You can create script and adding him to the cron.
…
require_once('squidguard.inc');
$url="URL";
sg_reconfigure_blacklist($url, '');
...

squid & squidGuard will restart automaticly

There is also a nice block page which shows client IP, site trying to connect to, and category which triggered the block.
Is there a way to do the above with this SquidGuard package?

Possible in HTTP webgui & Redirect mode= 'Internal'
GUI HTTPS - know problem and expected Redirect mode='External' with you self Error-page from external www server

Test
http://youpfSense/sgerror.php?url=403%20No%20access&a=10.0.0.0&n=MyClient&i=clientUser&s=clientgroup&t=porno/sex&u=http://porno.ru&

mwdiers · Mar 25, 2008, 3:30 PM

I just did a clean pfSense install last night, and managed to get squidGuard running. However, this was very difficult. I had many of the same problems noted here.

It was VERY touchy. Often squidGuard would say STOPPED. The only way to make it say STARTED was to upload the blacklist again. Then, if I changed ANY setting, the filter would stop working.

For example: I uploaded the blacklist. Clicked Save. I changed default destination to:```
!all


I changed squidGuard to:```
!blk_BL_porn all
```I clicked **Apply**. Now nothing was blocked. Porn and everything else was let through. I saw squid logging the website access. I saw no errors of any kind in the squidGuard or the squid logs.

Very frustrating. I checked permissions. I tried changing /var/squidGuard to proxy:proxy (chmod -R proxy:proxy /var/squidGuard). No help.

It was very slow downloading the blacklist over and over, so I fetched it to: /var/tmp/squidGuard/hold/shallalist.tar.gz and set that path for **Blacklist URL**. That way I could just click **Upload Url**, and the DB would be processed again.

Everything works ONLY when I perform the following steps:

1) Change filter settings.
2) **Apply**.
3) Click **Upload Url**.
4) Click **Apply**.

In other words, the filter stops working every time I change a squidGuard setting. It works again if I re-process the database.

As I said, there were never any error messages, so there is nothing I can send from the logs.

wompy · Mar 25, 2008, 7:01 PM

I had similar problems to you, did you also change permissions to " /var/db/squidGurad" ? that is what finally fixed it for me.
see my previous post.

dvserg · Mar 25, 2008, 8:31 PM

Thanks!
I fix bug with '/var/db/squidGuard' right's in installation.
Pls test.

Monoecus · Apr 2, 2008, 8:02 AM

I have reinstalled pfSense yesterday and could thus test your fixes for the rights. Anything seems to be ok now.

Many thanks.

hinze57 · May 8, 2008, 1:52 AM

Is there a way to enable safe search?

Monoecus · May 12, 2008, 8:54 PM

What do you mean by “safe search”?

xhark · May 15, 2008, 1:32 PM

I have same problem, all is ok but nothing is filtered

dvserg · May 15, 2008, 1:37 PM

Renew package (today updated) and try now.

xhark · May 15, 2008, 1:43 PM

I delete and reinstall ?

dvserg · May 15, 2008, 1:46 PM

@xhark:

I delete and reinstall ?

Hm.. Try full reinstall :D

xhark · May 15, 2008, 1:47 PM

I talk about package ^^

dvserg · May 15, 2008, 1:49 PM

@xhark:

I talk about package ^^

Yes. Reinstall package

xhark · May 15, 2008, 2:48 PM

It's done but not filtering is active :(

Can I delete times ?

here is my log :

5.05.2008 16:44:52 : sg_reconfigure: Begin.
15.05.2008 16:44:52 : sg_reconfigure_user_db: Begin with '/var/db/squidGuard'
15.05.2008 16:44:52 : sg_reconfigure_user_db: Nothing. User destinations list empty.
15.05.2008 16:44:52 : sg_remove_unused_db_entries: Begin.
15.05.2008 16:44:52 : sg_remove_unused_db_entries: end
15.05.2008 16:44:52 : sg_create_config: Create squidGuard config.
15.05.2008 16:44:52 : sg_create_config: Checking configuration data.
15.05.2008 16:44:52 : sg_create_config: Error configuration data. It's all errors:
BLACKLIST 'blk_blacklists_agressif' error: file '/var/db/squidGuard/blk_blacklists_agressif' not found
BLACKLIST 'blk_blacklists_drugs' error: file '/var/db/squidGuard/blk_blacklists_drugs' not found
BLACKLIST 'blk_blacklists_mail' error: file '/var/db/squidGuard/blk_blacklists_mail' not found
BLACKLIST 'blk_blacklists_porn' error: file '/var/db/squidGuard/blk_blacklists_porn' not found
BLACKLIST 'blk_blacklists_publicite' error: file '/var/db/squidGuard/blk_blacklists_publicite' not found
BLACKLIST 'blk_blacklists_redirector' error: file '/var/db/squidGuard/blk_blacklists_redirector' not found
BLACKLIST 'blk_blacklists_violence' error: file '/var/db/squidGuard/blk_blacklists_violence' not found
15.05.2008 16:44:52 : sg_create_config: Terminated.
15.05.2008 16:44:52 : sg_create_simple_config: Begin with dbhome='/var/db/squidGuard'.
15.05.2008 16:44:52 : sg_redirector_base_url: Select redirector base url (https://192.168.0.254/sgerror.php?url=Error%21%20Check%20squidGuard%20configuration%20data.%20%28sg_create_config%3A%20%5B2%5D%29.&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
15.05.2008 16:44:52 : sg_reconfigure: Generate squidGuard config and save to '/usr/local/etc/squidGuard/squidGuard.conf'.
15.05.2008 16:44:52 : squid_reconfigure: Begin.
15.05.2008 16:44:52 : squid_reconfigure: Remove old redirector options from Squid config.
15.05.2008 16:44:52 : squid_reconfigure: Add new redirector options to Squid config.
15.05.2008 16:44:52 : sg_init: Start.
15.05.2008 16:45:01 : sg_init: Start.
15.05.2008 16:45:02 : sg_init: Start.