Squidguard doesnt block websites lol



  • Hey guys,

    I'm having a problem with my squid + squidguard installation. The Squidguard ACLs aren't blocking any sites. But if I instead add the website URL into the squid > access control > blacklist it does work. Does anyone have an idea why is this happening?

    I've tried squid transparent and no transparent mode.

    Below are the configs

    Proxy Config

    # Do not edit manually !
    http_port 10.1.1.1:3128
    icp_port 0
    
    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/pbi/squid-i386/etc/squid/errors/Portuguese
    icon_directory /usr/pbi/squid-i386/etc/squid/icons
    visible_hostname FHGV
    cache_mgr suporte@fhgv.com.br
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    logfile_rotate 30
    shutdown_lifetime 3 seconds
    # Allow local network(s) on interface(s)
    acl localnet src  10.1.1.0/255.255.255.252
    httpd_suppress_version_string on
    uri_whitespace deny
    
    cache_mem 64 MB
    maximum_object_size_in_memory 248 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 800 16 256
    minimum_object_size 0 KB
    maximum_object_size 1024 KB
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95
    
    # No redirector configured
    
    # Setup some default acls
    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 80 3128 1025-65535 
    acl sslports port 443 563 80 
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin ?
    acl allowed_subnets src 192.168.0.1/30 
    cache deny dynamic
    http_access allow manager localhost
    
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    
    # Always allow localhost connections
    http_access allow localhost
    
    quick_abort_min 0 KB
    quick_abort_max 0 KB
    request_body_max_size 0 KB
    reply_body_max_size 0 deny all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    # Throttle extensions matched in the url
    acl throttle_exts urlpath_regex -i '/var/squid/acl/throttle_exts.acl'
    delay_access 1 allow throttle_exts
    delay_access 1 deny all
    
    # Custom options
    redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
    redirector_bypass off
    url_rewrite_children 5
    # Setup allowed acls
    # Allow local network(s) on interface(s)
    http_access allow allowed_subnets
    http_access allow localnet
    # Default block all to be sure
    http_access deny all
    
    

    Filter Config:

    # ============================================================
    # SquidGuard configuration file
    # This file generated automaticly with SquidGuard configurator
    # (C)2006 Serg Dvoriancev
    # email: dv_serg@mail.ru
    # ============================================================
    
    logdir /var/squidGuard/log
    dbhome /var/db/squidGuard
    
    # Bloqueia Tudo
    src bloqueia_tudo {
    	ip     192.168.0.1/30
    }
    
    # Sites liberados
    dest sites_liberados {
    	domainlist sites_liberados/domains
    	urllist sites_liberados/urls
    	redirect www.fhgv.com.br/home/&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    }
    
    # Facebook
    dest facebook {
    	domainlist facebook/domains
    	redirect www.fhgv.com.br/home/&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    }
    
    # 
    rew safesearch {
    	s@(google..*/search?.*q=.*)@&safe=active@i
    	s@(google..*/images.*q=.*)@&safe=active@i
    	s@(google..*/groups.*q=.*)@&safe=active@i
    	s@(google..*/news.*q=.*)@&safe=active@i
    	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
    	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
    	s@(search.live..*/.*q=.*)@&adlt=strict@i
    	s@(search.msn..*/.*q=.*)@&adlt=strict@i
    	s@(.bing..*/.*q=.*)@&adlt=strict@i
    	log block.log
    }
    
    # 
    acl  {
    	# Bloqueia Tudo
    	bloqueia_tudo  {
    		pass sites_liberados !in-addr !facebook all
    		redirect http://10.1.1.1:80/sgerror.php?url=403%20Pagina%20Bloqueada%20FHGV%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    		rewrite safesearch
    	}
    	# 
    	default  {
    		pass sites_liberados !facebook all
    		redirect http://10.1.1.1:80/sgerror.php?url=403%20Acesso%20Negado%20FHGV&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    		rewrite safesearch
    	}
    }
    


  • What version of pfSense?  PC/virtual machine or appliance like ALIX?  What version of squid/squidguard?  Which blacklist, if any, are you using?  Anything in /var/squidGuard/log?



  • What version of pfSense?  2.1
    PC/virtual machine or appliance like ALIX?  Dedicated PC
    What version of squid/squidguard? Squid 2.7.9 pkg v.4.3.4 | SquidGuard 1.4_4 pkg v.1.9.14
    Which blacklist, if any, are you using?  I'm not using any, created my own target categories, groups and common ACL.
    Anything in /var/squidGuard/log? Yes, three files, block.log, sg_configurator.log and squidGuard.log



  • anyone? '-'



  • From what I remember, squidGuard 1.4-4 requires squid 3.4 or better, and you're trying to run it with squid2.  Squid 2 is ancient and I wouldn't touch it.



  • I also have the same issue with this, squid ang squidguard wont block any sites anymore, I've check in status/services and they are both running…...

    I also need help on this, Thanks..



  • I also need help on this, Thanks..

    Well, you could start by answering the same questions I asked the other guy.



  • Bruno, I meant is there anything inside /var/squidGuard/log/squidGuard.log or block.log?  squidGuard can be finicky.  Sometimes it can be fixed by going to each tab one by one, clicking Save then finally go to the first tab and click Apply.



  • yes

    015-07-03 10:48:26 [78313] squidGuard stopped (1435891706.400)
    2015-07-03 10:48:41 [46851] squidGuard 1.4 started (1435891721.193)
    2015-07-03 10:48:41 [46851] db update done
    2015-07-03 10:48:41 [46851] squidGuard stopped (1435891721.208)
    2015-07-03 10:52:39 [74619] squidGuard 1.4 started (1435891959.233)
    2015-07-03 10:52:39 [74619] db update done
    2015-07-03 10:52:39 [74619] squidGuard stopped (1435891959.249)
    2015-07-03 11:01:11 [70255] squidGuard 1.4 started (1435892471.549)
    2015-07-03 11:01:11 [70255] db update done
    2015-07-03 11:01:11 [70255] squidGuard stopped (1435892471.564)
    2015-07-03 11:07:16 [91635] squidGuard 1.4 started (1435892836.451)
    2015-07-03 11:07:16 [91635] db update done
    2015-07-03 11:07:16 [91635] squidGuard stopped (1435892836.468)
    2015-07-03 11:21:52 [63049] squidGuard 1.4 started (1435893712.800)
    2015-07-03 11:21:52 [63049] db update done
    2015-07-03 11:21:52 [63049] squidGuard stopped (1435893712.817)
    2015-07-03 11:46:58 [42449] squidGuard 1.4 started (1435895218.494)
    2015-07-03 11:46:58 [42449] db update done
    2015-07-03 11:46:58 [42449] squidGuard stopped (1435895218.511)

    that is what inside squidguard.log

    and  it is inside of block.log
    2015-07-03 10:44:38 [35402] Request(no_internet/none/-) http://se.symcd.com/ 192.168.2.137/- - POST REDIRECT
    2015-07-03 10:44:43 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
    2015-07-03 10:44:58 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
    2015-07-03 10:44:58 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
    2015-07-03 10:46:59 [35402] Request(no_internet/media/-) http://www.gamesgames.com/game/candy-crush 192.168.2.33/- - GET REDIRECT
    2015-07-03 10:47:03 [35402] Request(no_internet/none/-) http://bsxmppzbtmmpc/ 192.168.2.120/- - HEAD REDIRECT
    2015-07-03 10:47:03 [35402] Request(no_internet/none/-) http://zdffxis/ 192.168.2.120/- - HEAD REDIRECT
    2015-07-03 10:47:04 [35402] Request(no_internet/none/-) http://fewewakby/ 192.168.2.120/- - HEAD REDIRECT

    I already done that save many times re install ang and install packages as well but the same problem..

    Thanks for the reply



  • @KOM:

    Bruno, I meant is there anything inside /var/squidGuard/log/squidGuard.log or block.log?  squidGuard can be finicky.  Sometimes it can be fixed by going to each tab one by one, clicking Save then finally go to the first tab and click Apply.

    yes

    015-07-03 10:48:26 [78313] squidGuard stopped (1435891706.400)
    2015-07-03 10:48:41 [46851] squidGuard 1.4 started (1435891721.193)
    2015-07-03 10:48:41 [46851] db update done
    2015-07-03 10:48:41 [46851] squidGuard stopped (1435891721.208)
    2015-07-03 10:52:39 [74619] squidGuard 1.4 started (1435891959.233)
    2015-07-03 10:52:39 [74619] db update done
    2015-07-03 10:52:39 [74619] squidGuard stopped (1435891959.249)
    2015-07-03 11:01:11 [70255] squidGuard 1.4 started (1435892471.549)
    2015-07-03 11:01:11 [70255] db update done
    2015-07-03 11:01:11 [70255] squidGuard stopped (1435892471.564)
    2015-07-03 11:07:16 [91635] squidGuard 1.4 started (1435892836.451)
    2015-07-03 11:07:16 [91635] db update done
    2015-07-03 11:07:16 [91635] squidGuard stopped (1435892836.468)
    2015-07-03 11:21:52 [63049] squidGuard 1.4 started (1435893712.800)
    2015-07-03 11:21:52 [63049] db update done
    2015-07-03 11:21:52 [63049] squidGuard stopped (1435893712.817)
    2015-07-03 11:46:58 [42449] squidGuard 1.4 started (1435895218.494)
    2015-07-03 11:46:58 [42449] db update done
    2015-07-03 11:46:58 [42449] squidGuard stopped (1435895218.511)

    that is what inside squidguard.log

    and  it is inside of block.log
    2015-07-03 10:44:38 [35402] Request(no_internet/none/-) http://se.symcd.com/ 192.168.2.137/- - POST REDIRECT
    2015-07-03 10:44:43 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
    2015-07-03 10:44:58 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
    2015-07-03 10:44:58 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
    2015-07-03 10:46:59 [35402] Request(no_internet/media/-) http://www.gamesgames.com/game/candy-crush 192.168.2.33/- - GET REDIRECT
    2015-07-03 10:47:03 [35402] Request(no_internet/none/-) http://bsxmppzbtmmpc/ 192.168.2.120/- - HEAD REDIRECT
    2015-07-03 10:47:03 [35402] Request(no_internet/none/-) http://zdffxis/ 192.168.2.120/- - HEAD REDIRECT
    2015-07-03 10:47:04 [35402] Request(no_internet/none/-) http://fewewakby/ 192.168.2.120/- - HEAD REDIRECT

    I already done that save many times re install ang and install packages as well but the same problem..

    Thanks for the reply



  • up
    please i h ave still this problem, my block.log has no entry od data inside…somebody has a solution?

    im on pfsesne 2.2.4-release (1386)
    Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
    squid 4.3.9
    squidGuard 1.9.15



  • @KOM:

    Bruno, I meant is there anything inside /var/squidGuard/log/squidGuard.log or block.log?  squidGuard can be finicky.  Sometimes it can be fixed by going to each tab one by one, clicking Save then finally go to the first tab and click Apply.

    Heres my pfsesne details

    please i h ave still this problem, my block.log has no entry od data inside…somebody has a solution?

    im on pfsesne 2.2.4-release (1386)
    Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
    squid 4.3.9
    squidGuard 1.9.15



  • Can you confirm that squid itself is working?  Anything in /var/squid/logs/access.log?



  • @KOM:

    Can you confirm that squid itself is working?  Anything in /var/squid/logs/access.log?

    Yes squid is working,

    here is what inside in access.log

    1443051614.267    358 192.168.2.84 TCP_MISS/200 1555 GET http://c.go-mpulse.net/api/config.json? - DIRECT/190.93.245.15 application/javascript
    1443051614.394    362 192.168.2.84 TCP_MISS/200 1487 GET http://c.go-mpulse.net/boomerang/config.js? - DIRECT/190.93.246.15 application/javascript
    1443051614.892    494 192.168.2.84 TCP_REFRESH_HIT/304 414 GET http://a.visualrevenue.com/vrs.js - DIRECT/58.26.1.131 application/x-javascript
    1443051615.708    433 192.168.2.84 TCP_MISS/200 452 GET http://dw.cbsi.com/levt/ria/e.gif? - DIRECT/216.239.120.246 image/gif
    1443051624.621  10387 192.168.2.84 TCP_MISS/200 4437 GET http://cnet3.cbsistatic.com/fly/1766-fly/js/main.default.js - DIRECT/120.28.5.25 application/x-javascript
    1443051630.087  25372 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
    1443051630.855    754 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
    1443051656.234  25371 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
    1443051656.995    746 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
    1443051682.377  25371 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
    1443051683.137    746 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
    1443051684.131    611 192.168.2.26 TCP_MISS/304 441 GET http://pbs.twimg.com/profile_images/1600195148/RushStarman.png - DIRECT/104.244.43.103 -
    1443051685.278    736 192.168.2.26 TCP_REFRESH_HIT/304 463 GET http://s29.postimg.org/4wb07qxfr/download.jpg - DIRECT/190.93.250.128 -
    1443051708.524  25379 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
    1443051709.311    772 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
    1443051734.690  25370 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
    1443051736.334  1630 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
    1443051736.709    366 192.168.2.3 TCP_MISS/200 353 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream

    thanks



  • OK< so you know squid is working.  squidGuard is a helper app that gets called by squid on-demand for ever URL being processed.  Anything in /var/log/squidguard.log?



  • @KOM:

    OK< so you know squid is working.  squidGuard is a helper app that gets called by squid on-demand for ever URL being processed.  Anything in /var/log/squidguard.log?

    yes,
    this is what inside squidguard.log
    2015-09-24 15:42:18 [2481] squidGuard 1.4 started (1443080538.072)
    2015-09-24 15:42:18 [2481] db update done
    2015-09-24 15:42:18 [2481] squidGuard stopped (1443080538.083)
    2015-09-24 15:42:28 [72003] squidGuard 1.4 started (1443080548.787)
    2015-09-24 15:42:28 [72003] db update done
    2015-09-24 15:42:28 [72003] squidGuard stopped (1443080548.798)
    2015-09-24 15:42:39 [79271] squidGuard 1.4 started (1443080559.542)
    2015-09-24 15:42:39 [79271] db update done
    2015-09-24 15:42:39 [79271] squidGuard stopped (1443080559.552)
    2015-09-24 15:43:39 [68253] squidGuard 1.4 started (1443080619.774)
    2015-09-24 15:43:39 [68253] db update done
    2015-09-24 15:43:39 [68253] squidGuard stopped (1443080619.785)
    2015-09-24 15:43:40 [83503] squidGuard 1.4 started (1443080620.146)
    2015-09-24 15:43:40 [83503] db update done
    2015-09-24 15:43:40 [83503] squidGuard stopped (1443080620.157)
    2015-09-24 15:53:45 [12067] squidGuard 1.4 started (1443081225.145)
    2015-09-24 15:53:45 [12067] db update done
    2015-09-24 15:53:45 [12067] squidGuard stopped (1443081225.156)
    2015-09-24 15:53:55 [96839] squidGuard 1.4 started (1443081235.953)
    2015-09-24 15:53:55 [96839] db update done
    2015-09-24 15:53:55 [96839] squidGuard stopped (1443081235.964)
    2015-09-24 15:54:06 [86457] squidGuard 1.4 started (1443081246.747)
    2015-09-24 15:54:06 [86457] db update done
    2015-09-24 15:54:06 [86457] squidGuard stopped (1443081246.757)
    2015-09-24 15:55:19 [2423] squidGuard 1.4 started (1443081319.217)
    2015-09-24 15:55:19 [2423] db update done
    2015-09-24 15:55:19 [2423] squidGuard stopped (1443081319.227)
    2015-09-24 16:54:58 [11624] squidGuard 1.4 started (1443084898.548)
    2015-09-24 16:54:58 [11624] db update done
    2015-09-24 16:54:58 [11624] squidGuard stopped (1443084898.558)
    2015-09-24 16:55:01 [18875] squidGuard 1.4 started (1443084901.588)
    2015-09-24 16:55:01 [18875] db update done
    2015-09-24 16:55:01 [18875] squidGuard stopped (1443084901.597)
    2015-09-28 07:39:08 [30350] squidGuard 1.4 started (1443397148.045)
    2015-09-28 07:39:08 [30350] db update done
    2015-09-28 07:39:08 [30350] squidGuard stopped (1443397148.056)
    2015-09-28 07:39:22 [94776] squidGuard 1.4 started (1443397162.019)
    2015-09-28 07:39:22 [94776] db update done
    2015-09-28 07:39:22 [94776] squidGuard stopped (1443397162.029)

    thanks



  • @KOM:

    OK< so you know squid is working.  squidGuard is a helper app that gets called by squid on-demand for ever URL being processed.  Anything in /var/log/squidguard.log?

    yes,

    this is what inside squidguard.log
    2015-09-24 15:42:18 [2481] squidGuard 1.4 started (1443080538.072)
    2015-09-24 15:42:18 [2481] db update done
    2015-09-24 15:42:18 [2481] squidGuard stopped (1443080538.083)
    2015-09-24 15:42:28 [72003] squidGuard 1.4 started (1443080548.787)
    2015-09-24 15:42:28 [72003] db update done
    2015-09-24 15:42:28 [72003] squidGuard stopped (1443080548.798)
    2015-09-24 15:42:39 [79271] squidGuard 1.4 started (1443080559.542)
    2015-09-24 15:42:39 [79271] db update done
    2015-09-24 15:42:39 [79271] squidGuard stopped (1443080559.552)
    2015-09-24 15:43:39 [68253] squidGuard 1.4 started (1443080619.774)
    2015-09-24 15:43:39 [68253] db update done
    2015-09-24 15:43:39 [68253] squidGuard stopped (1443080619.785)
    2015-09-24 15:43:40 [83503] squidGuard 1.4 started (1443080620.146)
    2015-09-24 15:43:40 [83503] db update done
    2015-09-24 15:43:40 [83503] squidGuard stopped (1443080620.157)
    2015-09-24 15:53:45 [12067] squidGuard 1.4 started (1443081225.145)
    2015-09-24 15:53:45 [12067] db update done
    2015-09-24 15:53:45 [12067] squidGuard stopped (1443081225.156)
    2015-09-24 15:53:55 [96839] squidGuard 1.4 started (1443081235.953)
    2015-09-24 15:53:55 [96839] db update done
    2015-09-24 15:53:55 [96839] squidGuard stopped (1443081235.964)
    2015-09-24 15:54:06 [86457] squidGuard 1.4 started (1443081246.747)
    2015-09-24 15:54:06 [86457] db update done
    2015-09-24 15:54:06 [86457] squidGuard stopped (1443081246.757)
    2015-09-24 15:55:19 [2423] squidGuard 1.4 started (1443081319.217)
    2015-09-24 15:55:19 [2423] db update done
    2015-09-24 15:55:19 [2423] squidGuard stopped (1443081319.227)
    2015-09-24 16:54:58 [11624] squidGuard 1.4 started (1443084898.548)
    2015-09-24 16:54:58 [11624] db update done
    2015-09-24 16:54:58 [11624] squidGuard stopped (1443084898.558)
    2015-09-24 16:55:01 [18875] squidGuard 1.4 started (1443084901.588)
    2015-09-24 16:55:01 [18875] db update done
    2015-09-24 16:55:01 [18875] squidGuard stopped (1443084901.597)
    2015-09-28 07:39:08 [30350] squidGuard 1.4 started (1443397148.045)
    2015-09-28 07:39:08 [30350] db update done
    2015-09-28 07:39:08 [30350] squidGuard stopped (1443397148.056)
    2015-09-28 07:39:22 [94776] squidGuard 1.4 started (1443397162.019)
    2015-09-28 07:39:22 [94776] db update done
    2015-09-28 07:39:22 [94776] squidGuard stopped (1443397162.029)

    thanks



  • Seems like it's working.  You said you were using your own custom blacklist?  Is it possible that you don't have the format correct, so squidGuard is failing to recognize your URLs/domains?



  • @KOM:

    Seems like it's working.  You said you were using your own custom blacklist?  Is it possible that you don't have the format correct, so squidGuard is failing to recognize your URLs/domains?

    Yes i have my own blacklist, i have sets of target categories that linked in my groups acl, before it is working but when upgrade to 2.2.4 it stop working,there is no entry in block.log, I try uninstall reinstall delete many times but i failed..

    thanks



  • What happens if you shell in and try to run squidguard -C -d -b all?



  • @KOM:

    What happens if you shell in and try to run squidguard -C -d -b all?

    nothings happen,terminal cursor goes down and hang

    Thanks



  • Well that's not good.  It should process your blacklist files into a database, complete with output and status bar.  Anything new in squidguard.log now?



  • @KOM:

    Well that's not good.  It should process your blacklist files into a database, complete with output and status bar.  Anything new in squidguard.log now?

    Hi, Still the same, what i did is I replace with squidguard-devel and squid3, now its working,  ;)

    Maybe well just leave  the issue of squid and squidguard with pfsense 2.2.4 for the moment, ahahahahahahaahahaha

    Thanks anyway,



  • Whatever works.



  • @KOM:

    Whatever works.

    web filter is now working in squid3 and squidguard–devel


Log in to reply