WPAD questions and problems

MrGlasspoole

I have the problem that i can't get autodiscover to work.

But now i wonder if it makes sense to use wpad cause you still have to configure
the browser or devices cause autodiscover is not on by default.
I think it does not make a difference if i go to the browser settings to select
autodiscover or to put a ip and port in there?

Then i was reading you can port forward any traffic directed at port 80 to the proxy (Squid).
So why should i use wpad (which does not work) - i'm missing something?

KOM

But now i wonder if it makes sense to use wpad cause you still have to configure the browser or devices cause autodiscover is not on by default.

All major browsers have shipped with auto-discovery enabled for several years now. Mobile devices may vary, but the trend is to enable auto-discovery.

I think it does not make a difference if i go to the browser settings to select autodiscover or to put a ip and port in there?

Sure, if you only have a tiny number of devices to worry about. Get back to me on your method when you have a LAN with a couple of hundred/thousand clients.

Then i was reading you can port forward any traffic directed at port 80 to the proxy (Squid). So why should i use wpad (which does not work) - i'm missing something?

What you're describing is called Transparent Mode. It's great until you need to intercept HTTPS traffic, which involves installing a trusted certificate on every client and then doing what's essentially a Man in the Middle attack.

Trust me, WPAD is the way to go. How is it not working for you?

MrGlasspoole

@KOM:

All major browsers have shipped with auto-discovery enabled for several years now.

All tutorials say the opposite.

@KOM:

What you're describing is called Transparent Mode.

This tut about wpad still says NAT redirect at the bottom: http://irj972.co.uk/articles/pfSense-WPAD-PAC-configuration

I did setup the vHosts package with:

wpad.mydomain.net

I have:

wpad.pfsense.mydomain.net
wpad.mydomain.net

in the DNS resolver.
In the DHCP server LAN i have:

252 txt http://wpad.mydomain.net/wpad.dat
252 txt http://wpad.mydomain.net/wpad.da
252 txt http://wpad.mydomain.net/proxy.pac

I can download the files if i point the browser to:

http://wpad.mydomain.net/wpad.dat

But Firefox and IE do not use the file with auto-discovery.

KOM

All tutorials say the opposite.

I'm not really looking to argue. I'm trying to help you with knowledge that I have which I know works for a fact and is recommended by every other volunteer here.

All of the major browsers most certainly do work with WPAD. I have seen a few instances where a user's browser had to be manually set from auto-detect to specified server and port, but this is rare in my experience. I don't know why you went wandering off with some random tutorial when pfSense already has a full document on how to get it working which I know works because I used it myself.

WPAD Autoconfigure for Squid

This tut about wpad still says NAT redirect at the bottom:

It is idiotic to have a proxy server online but leave ports 80 and 443 open. If users can go around the proxy then what is the point of having it in the first place?

MrGlasspoole

@KOM:

I don't know why you went wandering off with some random tutorial when pfSense already has a full document on how to get it working

The pfSense docu was the first thing i was looking at.
But it was not working and for a newbie allot of the docu is not clear/specific enough.
I'm not the only one who has problems get it running and after searching the forum i found
out that it is recommended to use a second webserver and lighttpd because if not you have
to use a certificate.

The tutorial i linked is just something i found when i was searching the web to find out
why i can't get it running.

As i wrote i can download the file with

http://wpad.mydomain.net/wpad.dat

but auto-discovery is not using it.

Why is that?
How can i figure out what the problem is?
How do i make sure clients do not bypass the proxy?

KOM

How do i make sure clients do not bypass the proxy?

Create a Ports Alias (Firewall - Aliases - Ports) called WebPorts or WWW_Ports and set it to 80,443. Create a firewall rule on LAN that blocks Source Any, Destination Any, Destination port range (Other) and then put your alias in the red box beside the (Other) combobox. See attached.

but auto-discovery is not using it. Why is that? How can i figure out what the problem is?

First block off the ports as shown above. Then manually set your browser to the proxy to ensure the proxy is working by going to a few sites. Can you show me your wpad.dat file? Loading the file and processing the file are two different things. If you have a bug in your code, then it won't work.

MrGlasspoole

Thanks KOM

The proxy is working if i use

http://wpad.mydomain.net/wpad.dat

in Firefox "Automatic proxy configuration URL"
and test it with http://www.lagado.com/proxy-test

wpad.dat:

function FindProxyForURL(url,host)
{
return "PROXY 192.168.0.1:3128";
}

KOM

The auto-discovery should work if you have a DNS entry for the host WPAD on your local domain, or a DHCP 252 entry in DHCP. On your DNS server, create a WPAD host entry and point it to your pfSense LAN IP address. Then every browser set to automatic discovery should be able to find it since they do a DNS lookup on wpad.YourDomain.foo and then load the wpad.dat file via HTTP from that host.

MrGlasspoole

As you can see in my second post the DNS and DHCP entries are already there.
I added now the Firewall rules - if i do that my Internet stops working… (sure Firefox is set to the proxy).

KOM

If you do an nslookup on WPAD, does it resolve to the proxy LAN address?

MrGlasspoole

nslookup wpad.mydomain.net:

Server:  pfsense.mydomain.net
Address:  192.168.0.1

Name:    wpad.mydomain.net
Address:  192.168.0.1

nslookup wpad:

Server:  pfsense.mydomain.net
Address:  192.168.0.1

Name:    wpad
Address:  192.168.0.1

nslookup wpad.pfsense.mydomain.net:

Server:  pfsense.mydomain.net
Address:  192.168.0.1

Name:    wpad.pfsense.mydomain.net
Address:  192.168.0.1

But if something would be wrong here why is the proxy working as long as i not block http in the firewall?

KOM

Because something isn't working. If the browser is set to auto-detect, then it will try to go straight out the gateway. If it can't, then it tries to detect the proxy using WPAD. When you unblock LAN, it can go straight out. When you block LAN, it can't go out so it tries to detect the proxy and use it. This is where your problem is. Either the browser isn't detecting the proxy at all, or it is and the proxy isn't working. Is your WebGUI using HTTP or HTTPS? If I remember, you can't use pfSense under HTTPS to host the WPAD file.

q54e3w

you can't use the default lightppd intstance to serve the WPAD file, its tied up to port 80 for serving webconfigurator stuff. You need the second lightppd instance. If you webconfigurator is running on port 80 and not a custom port you won't be able to bind it so you need a custom port for the webconfiguator lightppd instance in order for the second lightppd to server the file on port 80.

whats the output of "ps aux | grep "light"?

KOM

you can't use the default lightppd intstance to serve the WPAD file

I'm fairly sure that you can, considering that's exactly how I'm doing it and that's how it's documented ;D

From WPAD Autoconfigure for Squid

"Now upload that file to pfSense or another locally accessible web server with scp, or create it using the built-in file editor. The file must go in /usr/local/www/…"

Port 80 isn't "tied up" with WebGUI. It will serve the GUI as the default page, but if you give it an explicit URL then it will serve anything, including wpad.dat.

q54e3w

yes, you are right, sorry. I dont allow HTTP to my pfsense box. I'll keep out of it, you carry on….I suspect you are nearly there :)

KOM

yes, you are right, sorry.

Hey, no problem. I've never let a lack of knowledge or incorrect information stop me from trying to help someone. Even when I am wrong (and I've been wrong in these forums many times), I learn something. It bruises the ego a bit, but you become better for it. Thanks for contributing. A community is only as strong as its members.

MrGlasspoole

Step by step…

Forget the wpad for a while.
What i was saying is:
If i enable the firewall rule to block http and use 192.168.0.1:3128 (not wpad) in the browser then the internet stops working.
If i disable the rule then it works again and uses the proxy.

KOM

If you block 80/443 and manually set your browser to use the proxy at the specified address:port and nothing works and you're positive you didn't make a typo, your Squid install is broken. Look in your System log, as well as /var/squid/logs/access.log and cache.log.

Can you please remind me as to what version of pfSense and Squid you are using?

MrGlasspoole

Ok, found out something.
The whole time i was just using google for testing.
But this time i used another site and it's just HTTPS (google) that is not working if i enable the firewall rule.
HTTP works with pointing the browser to address:port.
BUT if i set the browser to auto-discovery then also HTTP is not working.

pfSense 2.2
squid3 3.4.10_2 pkg 0.2.6

KOM

Do you run IPv6?

MrGlasspoole

IPv6 is none in LAN and WAN.

And the output of ps aux | grep "light" is:

root    17216   0.0  0.3  50796   5888  -  S    12Feb15     0:25.97 /usr/local/sbin/lighttpd -f /var/etc/
root    89081   0.0  0.2  40392   4416  -  S    12Feb15     0:21.07 /usr/local/sbin/lighttpd -f /var/etc/
root    94646   0.0  1.5 232612  31596  -  I    10:10AM     0:00.22 php-fpm: pool lighty (php-fpm)
root    49032   0.0  0.1  18884   2356  0  S+   10:13AM     0:00.00 grep light

As i said i use the vHost package to host the wpad that i can run the WebGUI over HTTPS
but don't need a certificate for the wpad.

Tomorrow when i have time i will make some tests step by step with checking the logs after every step.
But today i have a date and no time ;-)

KOM

Good luck on your date 8) :-*

MrGlasspoole

Ok time to get it working.

Blocking https and using the proxy does not work.
This is what happens if the browser is set to the proxy and http and https are blocked in Firewall > Rules > LAN:
http = YES working
https = NO does not work

KOM

You have it set to standard mode (not transparent)? You do NOT have it set to intercept SSL? You have a wpad.dat file accessible via an HTTP server that can be found by a DNS lookup of wpad.yourdomain?

MrGlasspoole

I'm just looking to get https working if i block it in the firewall without looking a the wpad (proxy ip/port manually set in the browser).

Transparent HTTP proxy = unchecked
HTTPS/SSL interception = unchecked

See attachment…

![Proxy server- General settings.png](/public/imported_attachments/1/Proxy server- General settings.png)
![Proxy server- General settings.png_thumb](/public/imported_attachments/1/Proxy server- General settings.png_thumb)
![Firewall- Rules.png](/public/imported_attachments/1/Firewall- Rules.png)
![Firewall- Rules.png_thumb](/public/imported_attachments/1/Firewall- Rules.png_thumb)

KOM

Your settings look good but I notice that squidGuard is in the mix. OK, sometimes these weird issues with squid can be fixed with a reboot, so I would do that first. Next, I would look at /var/log/squid/access.log and see what's happening. Also look at cache.log for any obvious errors. Lastly, I would get rid of squidGuard to make sure it isn't interfering. Mare sure when you're testing to do a force refresh with ctrl-F5 or whatever your browser uses.

MrGlasspoole

Ok I first deleted the logs to get fresh ones and restarted.
After blocking 80/443 and accessing one http and one https site i get this:
/var/squid/logs/access.log

1430081870.198    476 192.168.0.70 TCP_MISS/200 18530 GET http://winfuture.de/ - HIER_DIRECT/212.53.132.4 text/html
1430081870.327     72 192.168.0.70 TCP_MISS/200 8032 GET http://i.wfcdn.de/teaser/328/6945.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.336     73 192.168.0.70 TCP_MISS/200 5999 GET http://i.wfcdn.de/teaser/128/15219.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.341     78 192.168.0.70 TCP_MISS/200 6489 GET http://i.wfcdn.de/teaser/128/65.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.341     76 192.168.0.70 TCP_MISS/200 5749 GET http://i.wfcdn.de/teaser/128/415.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.344     64 192.168.0.70 TCP_MISS/200 2756 GET http://i.wfcdn.de/videos/128/14406.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.344     88 192.168.0.70 TCP_MISS/200 5272 GET http://i.wfcdn.de/teaser/128/12165.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.347     56 192.168.0.70 TCP_MISS/200 6398 GET http://i.wfcdn.de/teaser/210/15205.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.351     72 192.168.0.70 TCP_MISS/200 2607 GET http://i.wfcdn.de/videos/128/14411.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.351     58 192.168.0.70 TCP_MISS/200 8325 GET http://i.wfcdn.de/teaser/210/14525.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.571    310 192.168.0.70 TCP_MISS/200 2831 GET http://i.wfcdn.de/teaser/128/454.1.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.573    315 192.168.0.70 TCP_MISS/200 3785 GET http://i.wfcdn.de/teaser/128/14997.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081870.577     61 192.168.0.70 TCP_MISS/200 536 GET http://winfuture.de/ajax/now? - HIER_DIRECT/212.53.132.4 application/json
1430081873.324   3029 192.168.0.70 TCP_MISS/200 8941 GET http://i.wfcdn.de/teaser/210/15209.jpg - HIER_DIRECT/162.159.246.58 image/jpeg
1430081873.355   3057 192.168.0.70 TCP_MISS/200 14746 GET http://i.wfcdn.de/teaser/210/15196.png - HIER_DIRECT/162.159.246.58 image/png
1430081873.417   3122 192.168.0.70 TCP_MISS/200 23704 GET http://videos.winfuture.de/14408.jpg - HIER_DIRECT/212.53.132.3 image/jpeg
1430081883.494     51 192.168.0.70 TCP_MISS/200 575 GET http://winfuture.de/ajax/ca/1/6801 - HIER_DIRECT/212.53.132.4 text/html
1430081893.581     69 192.168.0.70 TCP_MISS/200 575 GET http://winfuture.de/ajax/ca/2/5891 - HIER_DIRECT/212.53.132.4 text/html
1430081894.166     25 192.168.0.70 TCP_MISS/200 1460 GET http://i.wfcdn.de/5/favicon.ico - HIER_DIRECT/162.159.246.58 image/x-icon
1430081903.665     60 192.168.0.70 TCP_MISS/200 575 GET http://winfuture.de/ajax/ca/3/2270 - HIER_DIRECT/212.53.132.4 text/html
1430081913.751     68 192.168.0.70 TCP_MISS/200 575 GET http://winfuture.de/ajax/ca/4/0245 - HIER_DIRECT/212.53.132.4 text/html
1430081923.810     45 192.168.0.70 TCP_MISS/200 575 GET http://winfuture.de/ajax/ca/5/2352 - HIER_DIRECT/212.53.132.4 text/html
1430081933.875     53 192.168.0.70 TCP_MISS/200 575 GET http://winfuture.de/ajax/ca/6/8629 - HIER_DIRECT/212.53.132.4 text/html
1430081943.944     57 192.168.0.70 TCP_MISS/200 575 GET http://winfuture.de/ajax/ca/7/9718 - HIER_DIRECT/212.53.132.4 text/html

/var/squid/logs/cache.log

2015/04/26 22:57:14 kid1| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...
2015-04-26 22:57:14 [26308] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log
2015-04-26 22:57:14 [26308] New setting: logdir: /var/squidGuard/log
2015-04-26 22:57:14 [26308] New setting: dbhome: /var/db/squidGuard
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_ads/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_ads/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_blasphemy/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_blasphemy/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_chanology/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_chanology/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_cp/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_cp/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_dating/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_dating/domains.db
2015-04-26 22:57:14 [24879] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log
2015-04-26 22:57:14 [24879] New setting: logdir: /var/squidGuard/log
2015-04-26 22:57:14 [24879] New setting: dbhome: /var/db/squidGuard
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_ads/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_ads/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_blasphemy/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_blasphemy/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_chanology/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_chanology/domains.db
2015-04-26 22:57:14 [26572] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_cp/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_cp/domains.db
2015-04-26 22:57:14 [26572] New setting: logdir: /var/squidGuard/log
2015-04-26 22:57:14 [26572] New setting: dbhome: /var/db/squidGuard
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_ads/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_ads/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_dating/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_dating/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_dyn/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_dyn/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_file/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_file/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_freeWeb/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_freeWeb/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_gambling/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_gambling/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_gaming/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_gaming/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_image/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_image/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_malicious/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_malicious/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_pharmaRX/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_pharmaRX/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_blasphemy/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_blasphemy/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_chanology/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_chanology/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_cp/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_cp/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_dating/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_dating/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_dyn/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_dyn/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_file/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_file/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_dyn/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_dyn/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_file/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_file/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_freeWeb/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_freeWeb/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_gambling/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_gambling/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_gaming/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_gaming/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_piracy/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_piracy/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_porn/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_porn/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_prime/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_prime/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_proxies/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_proxies/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_freeWeb/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_freeWeb/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_gambling/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_gambling/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_gaming/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_gaming/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_image/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_image/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_malicious/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_malicious/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_smedia/domains
2015-04-26 22:57:14 [24879] loading dbfile /var/db/squidGuard/blk_smedia/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_pharmaRX/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_pharmaRX/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_piracy/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_piracy/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_porn/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_porn/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_prime/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_prime/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_proxies/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_proxies/domains.db
2015-04-26 22:57:14 [26572] init domainlist /var/db/squidGuard/blk_smedia/domains
2015-04-26 22:57:14 [26572] loading dbfile /var/db/squidGuard/blk_smedia/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_image/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_image/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_malicious/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_malicious/domains.db
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_pharmaRX/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_pharmaRX/domains.db
2015-04-26 22:57:14 [24879] init domainlist /var/db/squidGuard/blk_tlds_new/domains
2015-04-26 22:57:14 [24666] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log
2015-04-26 22:57:14 [27008] /usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log
2015-04-26 22:57:14 [26308] init domainlist /var/db/squidGuard/blk_piracy/domains
2015-04-26 22:57:14 [26308] loading dbfile /var/db/squidGuard/blk_piracy/domains.db
2015-04-26 22:57:14 [24666] New setting: logdir: /var/squidGuard/log
2015-04-26 22:57:14 [24666] New setting: dbhome: /var/db/squidGuard

/var/squidGuard/log/squidGuard.log

2015-04-26 22:57:14 [24666] squidGuard 1.4 started (1430081834.410)
2015-04-26 22:57:14 [24666] squidGuard ready for requests (1430081834.439)
2015-04-26 22:57:14 [24879] squidGuard 1.4 started (1430081834.368)
2015-04-26 22:57:14 [24879] squidGuard ready for requests (1430081834.441)
2015-04-26 22:57:14 [26572] squidGuard 1.4 started (1430081834.370)
2015-04-26 22:57:14 [26572] squidGuard ready for requests (1430081834.444)
2015-04-26 22:57:14 [26308] squidGuard 1.4 started (1430081834.361)
2015-04-26 22:57:14 [26308] squidGuard ready for requests (1430081834.451)
2015-04-26 22:57:14 [25549] squidGuard 1.4 started (1430081834.462)
2015-04-26 22:57:14 [25549] squidGuard ready for requests (1430081834.473)
2015-04-26 22:57:14 [27008] squidGuard 1.4 started (1430081834.415)
2015-04-26 22:57:14 [27008] squidGuard ready for requests (1430081834.482)
2015-04-26 22:57:14 [28268] squidGuard 1.4 started (1430081834.462)
2015-04-26 22:57:14 [28268] squidGuard ready for requests (1430081834.489)
2015-04-26 22:57:14 [24592] squidGuard 1.4 started (1430081834.450)
2015-04-26 22:57:14 [24592] squidGuard ready for requests (1430081834.491)
2015-04-26 22:57:15 [24592] squidGuard stopped (1430081835.986)
2015-04-26 22:57:15 [25549] squidGuard stopped (1430081835.986)
2015-04-26 22:57:15 [26308] squidGuard stopped (1430081835.986)
2015-04-26 22:57:15 [28268] squidGuard stopped (1430081835.987)
2015-04-26 22:57:15 [24666] squidGuard stopped (1430081835.988)
2015-04-26 22:57:15 [24879] squidGuard stopped (1430081835.988)
2015-04-26 22:57:15 [26572] squidGuard stopped (1430081835.988)
2015-04-26 22:57:15 [27008] squidGuard stopped (1430081835.988)
2015-04-26 22:57:16 [60436] squidGuard 1.4 started (1430081836.432)
2015-04-26 22:57:16 [60436] squidGuard ready for requests (1430081836.447)
2015-04-26 22:57:16 [60750] squidGuard 1.4 started (1430081836.466)
2015-04-26 22:57:16 [60750] squidGuard ready for requests (1430081836.480)
2015-04-26 22:57:16 [62581] squidGuard 1.4 started (1430081836.476)
2015-04-26 22:57:16 [62581] squidGuard ready for requests (1430081836.487)
2015-04-26 22:57:16 [60430] squidGuard 1.4 started (1430081836.466)
2015-04-26 22:57:16 [60430] squidGuard ready for requests (1430081836.497)
2015-04-26 22:57:16 [61883] squidGuard 1.4 started (1430081836.483)
2015-04-26 22:57:16 [61883] squidGuard ready for requests (1430081836.498)
2015-04-26 22:57:16 [63879] squidGuard 1.4 started (1430081836.501)
2015-04-26 22:57:16 [63879] squidGuard ready for requests (1430081836.517)
2015-04-26 22:57:16 [61344] squidGuard 1.4 started (1430081836.502)
2015-04-26 22:57:16 [61344] squidGuard ready for requests (1430081836.519)
2015-04-26 22:57:16 [63184] squidGuard 1.4 started (1430081836.507)
2015-04-26 22:57:16 [63184] squidGuard ready for requests (1430081836.521)

I did shorten the cache.log because:

/usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log
New setting: logdir: /var/squidGuard/log
New setting: dbhome: /var/db/squidGuard

is repeated multiple times?

And no https shows up in the log.

Also find out that if i block port 80 that i can't access my wpad.dat

http://wpad.mydomain.net/wpad.dat

chris4916

@MrGlasspoole:

Also find out that if i block port 80 that i can't access my wpad.dat
http://wpad.mydomain.net/wpad.dat

Pretty obvious ;)
You must have some granularity and control in the way you allow or block prtocols, especially if you have services running at FW level (like HTTP server)
This can be easily achieved, e.g. by adding rule before the one denying access so that access to FW on port 80 (in order to access wpad.dat) is authorized.

KOM

/usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log

Why is this happening? Are you out of disk space?

Start small and build up. Get WPAD and just Squid working, then move on to squidGuard.

MrGlasspoole

@chris4916:

Pretty obvious ;)

Not to me cause i thought the FW just blocks stuff going out to the Internet (WAN)

@chris4916:

This can be easily achieve, e.g. by adding rule before the one denying access so that access to FW on port 80 (in order to access wpad.dat) is authorized.

Can you explain what to do?
You can see my settings in the attachment above.
If my thoughts are right to i need to put port 80 to the Anti-Lockout Rule?

@KOM:

/usr/local/bin/squidGuard: can't write to logfile /var/log/squidGuard/squidGuard.log

Why is this happening? Are you out of disk space?

No "ufs: 23% of 18G"

It already was pain to get it running: https://forum.pfsense.org/index.php?topic=87591.0
Is there a way to temporarily disable squidGuard?

KOM

Is there a way to temporarily disable squidGuard?

Uncheck the Enable box?