Squid with Local Auth and squidGuard Group ACL issue



  • I have Squid 3 and squidGuard 1.5 on the latest pfSense.  Squid is in Local authentication mode.  I have three LANs (subnets).  One WAN.  Squid listens on all three subnets.  I have some local user accounts defined in Squid.

    In squidGuard I have some group ACL's.  Basically the first ACL is blocking some content for user "user1".  The second ACL (below it in order) is a catch all for the subnet that user is on, based on IP "192.168.0.0/24", and has fewer restrictions.

    My issue is that user user1 authenticates to the proxy, but the ACL for that user is taken from the second ACL based on the IP address.  It is not giving preference for the user name based ACL that precedes it.  Is this a known issue or am I missing something?  I want to be able to restrict certain sites for a specific user by name, but specify a general list of sites to blocked for all other people on that subnet.  Am I doing it wrong?

    UPDATE: On further inspection, when I create a new squidGuard Group ACL named User1 and with Client (source) user1, pfSense writes out a squidGuard.conf file as follow:

    
    ...
    src User1 {
    	log block.log
    }
    ...
    
    

    In my mind that is wrong.  When I manually amend squidGuard.conf like so:

    
    ...
    src User1 {
    	user user1
    	log block.log
    }
    ...
    
    

    and restart squidGuard, it correctly blocks the user.  This looks like a bug?

    • Moderator please move to Cache/proxy - I only now see there is a new category.

Log in to reply