Squidguard doesnt block websites lol

brunofs8

Hey guys,

I'm having a problem with my squid + squidguard installation. The Squidguard ACLs aren't blocking any sites. But if I instead add the website URL into the squid > access control > blacklist it does work. Does anyone have an idea why is this happening?

I've tried squid transparent and no transparent mode.

Below are the configs

Proxy Config

# Do not edit manually !
http_port 10.1.1.1:3128
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/pbi/squid-i386/etc/squid/errors/Portuguese
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname FHGV
cache_mgr suporte@fhgv.com.br
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
logfile_rotate 30
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  10.1.1.0/255.255.255.252
httpd_suppress_version_string on
uri_whitespace deny

cache_mem 64 MB
maximum_object_size_in_memory 248 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 800 16 256
minimum_object_size 0 KB
maximum_object_size 1024 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95

# No redirector configured

# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 80 3128 1025-65535 
acl sslports port 443 563 80 
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl allowed_subnets src 192.168.0.1/30 
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i '/var/squid/acl/throttle_exts.acl'
delay_access 1 allow throttle_exts
delay_access 1 deny all

# Custom options
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass off
url_rewrite_children 5
# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow allowed_subnets
http_access allow localnet
# Default block all to be sure
http_access deny all

Filter Config:

# ============================================================
# SquidGuard configuration file
# This file generated automaticly with SquidGuard configurator
# (C)2006 Serg Dvoriancev
# email: dv_serg@mail.ru
# ============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

# Bloqueia Tudo
src bloqueia_tudo {
	ip     192.168.0.1/30
}

# Sites liberados
dest sites_liberados {
	domainlist sites_liberados/domains
	urllist sites_liberados/urls
	redirect www.fhgv.com.br/home/&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
}

# Facebook
dest facebook {
	domainlist facebook/domains
	redirect www.fhgv.com.br/home/&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
}

# 
rew safesearch {
	s@(google..*/search?.*q=.*)@
&safe=active@i
	s@(google..*/images.*q=.*)@
&safe=active@i
	s@(google..*/groups.*q=.*)@
&safe=active@i
	s@(google..*/news.*q=.*)@
&safe=active@i
	s@(yandex..*/yandsearch?.*text=.*)@
&fyandex=1@i
	s@(search.yahoo..*/search.*p=.*)@
&vm=r&v=1@i
	s@(search.live..*/.*q=.*)@
&adlt=strict@i
	s@(search.msn..*/.*q=.*)@
&adlt=strict@i
	s@(.bing..*/.*q=.*)@
&adlt=strict@i
	log block.log
}

# 
acl  {
	# Bloqueia Tudo
	bloqueia_tudo  {
		pass sites_liberados !in-addr !facebook all
		redirect http://10.1.1.1:80/sgerror.php?url=403%20Pagina%20Bloqueada%20FHGV%21&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
		rewrite safesearch
	}
	# 
	default  {
		pass sites_liberados !facebook all
		redirect http://10.1.1.1:80/sgerror.php?url=403%20Acesso%20Negado%20FHGV&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
		rewrite safesearch
	}
}

KOM

What version of pfSense?  PC/virtual machine or appliance like ALIX?  What version of squid/squidguard?  Which blacklist, if any, are you using?  Anything in /var/squidGuard/log?

brunofs8

What version of pfSense?  2.1
PC/virtual machine or appliance like ALIX?  Dedicated PC
What version of squid/squidguard? Squid 2.7.9 pkg v.4.3.4 | SquidGuard 1.4_4 pkg v.1.9.14
Which blacklist, if any, are you using?  I'm not using any, created my own target categories, groups and common ACL.
Anything in /var/squidGuard/log? Yes, three files, block.log, sg_configurator.log and squidGuard.log

brunofs8

anyone? '-'

KOM

From what I remember, squidGuard 1.4-4 requires squid 3.4 or better, and you're trying to run it with squid2.  Squid 2 is ancient and I wouldn't touch it.

aorzerep

I also have the same issue with this, squid ang squidguard wont block any sites anymore, I've check in status/services and they are both running…...

I also need help on this, Thanks..

KOM

I also need help on this, Thanks..

Well, you could start by answering the same questions I asked the other guy.

KOM

Bruno, I meant is there anything inside /var/squidGuard/log/squidGuard.log or block.log?  squidGuard can be finicky.  Sometimes it can be fixed by going to each tab one by one, clicking Save then finally go to the first tab and click Apply.

aorzerep

yes

015-07-03 10:48:26 [78313] squidGuard stopped (1435891706.400)
2015-07-03 10:48:41 [46851] squidGuard 1.4 started (1435891721.193)
2015-07-03 10:48:41 [46851] db update done
2015-07-03 10:48:41 [46851] squidGuard stopped (1435891721.208)
2015-07-03 10:52:39 [74619] squidGuard 1.4 started (1435891959.233)
2015-07-03 10:52:39 [74619] db update done
2015-07-03 10:52:39 [74619] squidGuard stopped (1435891959.249)
2015-07-03 11:01:11 [70255] squidGuard 1.4 started (1435892471.549)
2015-07-03 11:01:11 [70255] db update done
2015-07-03 11:01:11 [70255] squidGuard stopped (1435892471.564)
2015-07-03 11:07:16 [91635] squidGuard 1.4 started (1435892836.451)
2015-07-03 11:07:16 [91635] db update done
2015-07-03 11:07:16 [91635] squidGuard stopped (1435892836.468)
2015-07-03 11:21:52 [63049] squidGuard 1.4 started (1435893712.800)
2015-07-03 11:21:52 [63049] db update done
2015-07-03 11:21:52 [63049] squidGuard stopped (1435893712.817)
2015-07-03 11:46:58 [42449] squidGuard 1.4 started (1435895218.494)
2015-07-03 11:46:58 [42449] db update done
2015-07-03 11:46:58 [42449] squidGuard stopped (1435895218.511)

that is what inside squidguard.log

and  it is inside of block.log
2015-07-03 10:44:38 [35402] Request(no_internet/none/-) http://se.symcd.com/ 192.168.2.137/- - POST REDIRECT
2015-07-03 10:44:43 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
2015-07-03 10:44:58 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
2015-07-03 10:44:58 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
2015-07-03 10:46:59 [35402] Request(no_internet/media/-) http://www.gamesgames.com/game/candy-crush 192.168.2.33/- - GET REDIRECT
2015-07-03 10:47:03 [35402] Request(no_internet/none/-) http://bsxmppzbtmmpc/ 192.168.2.120/- - HEAD REDIRECT
2015-07-03 10:47:03 [35402] Request(no_internet/none/-) http://zdffxis/ 192.168.2.120/- - HEAD REDIRECT
2015-07-03 10:47:04 [35402] Request(no_internet/none/-) http://fewewakby/ 192.168.2.120/- - HEAD REDIRECT

I already done that save many times re install ang and install packages as well but the same problem..

Thanks for the reply

aorzerep

@KOM:

Bruno, I meant is there anything inside /var/squidGuard/log/squidGuard.log or block.log?  squidGuard can be finicky.  Sometimes it can be fixed by going to each tab one by one, clicking Save then finally go to the first tab and click Apply.

yes

015-07-03 10:48:26 [78313] squidGuard stopped (1435891706.400)
2015-07-03 10:48:41 [46851] squidGuard 1.4 started (1435891721.193)
2015-07-03 10:48:41 [46851] db update done
2015-07-03 10:48:41 [46851] squidGuard stopped (1435891721.208)
2015-07-03 10:52:39 [74619] squidGuard 1.4 started (1435891959.233)
2015-07-03 10:52:39 [74619] db update done
2015-07-03 10:52:39 [74619] squidGuard stopped (1435891959.249)
2015-07-03 11:01:11 [70255] squidGuard 1.4 started (1435892471.549)
2015-07-03 11:01:11 [70255] db update done
2015-07-03 11:01:11 [70255] squidGuard stopped (1435892471.564)
2015-07-03 11:07:16 [91635] squidGuard 1.4 started (1435892836.451)
2015-07-03 11:07:16 [91635] db update done
2015-07-03 11:07:16 [91635] squidGuard stopped (1435892836.468)
2015-07-03 11:21:52 [63049] squidGuard 1.4 started (1435893712.800)
2015-07-03 11:21:52 [63049] db update done
2015-07-03 11:21:52 [63049] squidGuard stopped (1435893712.817)
2015-07-03 11:46:58 [42449] squidGuard 1.4 started (1435895218.494)
2015-07-03 11:46:58 [42449] db update done
2015-07-03 11:46:58 [42449] squidGuard stopped (1435895218.511)

that is what inside squidguard.log

and  it is inside of block.log
2015-07-03 10:44:38 [35402] Request(no_internet/none/-) http://se.symcd.com/ 192.168.2.137/- - POST REDIRECT
2015-07-03 10:44:43 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
2015-07-03 10:44:58 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
2015-07-03 10:44:58 [35402] Request(no_internet/none/-) http://ocsp.digicert.com/ 192.168.2.137/- - POST REDIRECT
2015-07-03 10:46:59 [35402] Request(no_internet/media/-) http://www.gamesgames.com/game/candy-crush 192.168.2.33/- - GET REDIRECT
2015-07-03 10:47:03 [35402] Request(no_internet/none/-) http://bsxmppzbtmmpc/ 192.168.2.120/- - HEAD REDIRECT
2015-07-03 10:47:03 [35402] Request(no_internet/none/-) http://zdffxis/ 192.168.2.120/- - HEAD REDIRECT
2015-07-03 10:47:04 [35402] Request(no_internet/none/-) http://fewewakby/ 192.168.2.120/- - HEAD REDIRECT

I already done that save many times re install ang and install packages as well but the same problem..

Thanks for the reply

aorzerep

up
please i h ave still this problem, my block.log has no entry od data inside…somebody has a solution?

im on pfsesne 2.2.4-release (1386)
Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
squid 4.3.9
squidGuard 1.9.15

aorzerep

@KOM:

Bruno, I meant is there anything inside /var/squidGuard/log/squidGuard.log or block.log?  squidGuard can be finicky.  Sometimes it can be fixed by going to each tab one by one, clicking Save then finally go to the first tab and click Apply.

Heres my pfsesne details

please i h ave still this problem, my block.log has no entry od data inside…somebody has a solution?

im on pfsesne 2.2.4-release (1386)
Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
squid 4.3.9
squidGuard 1.9.15

KOM

Can you confirm that squid itself is working?  Anything in /var/squid/logs/access.log?

aorzerep

@KOM:

Can you confirm that squid itself is working?  Anything in /var/squid/logs/access.log?

Yes squid is working,

here is what inside in access.log

1443051614.267    358 192.168.2.84 TCP_MISS/200 1555 GET http://c.go-mpulse.net/api/config.json? - DIRECT/190.93.245.15 application/javascript
1443051614.394    362 192.168.2.84 TCP_MISS/200 1487 GET http://c.go-mpulse.net/boomerang/config.js? - DIRECT/190.93.246.15 application/javascript
1443051614.892    494 192.168.2.84 TCP_REFRESH_HIT/304 414 GET http://a.visualrevenue.com/vrs.js - DIRECT/58.26.1.131 application/x-javascript
1443051615.708    433 192.168.2.84 TCP_MISS/200 452 GET http://dw.cbsi.com/levt/ria/e.gif? - DIRECT/216.239.120.246 image/gif
1443051624.621  10387 192.168.2.84 TCP_MISS/200 4437 GET http://cnet3.cbsistatic.com/fly/1766-fly/js/main.default.js - DIRECT/120.28.5.25 application/x-javascript
1443051630.087  25372 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
1443051630.855    754 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
1443051656.234  25371 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
1443051656.995    746 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
1443051682.377  25371 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
1443051683.137    746 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
1443051684.131    611 192.168.2.26 TCP_MISS/304 441 GET http://pbs.twimg.com/profile_images/1600195148/RushStarman.png - DIRECT/104.244.43.103 -
1443051685.278    736 192.168.2.26 TCP_REFRESH_HIT/304 463 GET http://s29.postimg.org/4wb07qxfr/download.jpg - DIRECT/190.93.250.128 -
1443051708.524  25379 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
1443051709.311    772 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
1443051734.690  25370 192.168.2.3 TCP_MISS/200 297 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream
1443051736.334  1630 192.168.2.3 TCP_MISS/200 232 POST http://188.214.134.3/dout.aspx? - DIRECT/188.214.134.3 -
1443051736.709    366 192.168.2.3 TCP_MISS/200 353 GET http://188.214.134.3/din.aspx? - DIRECT/188.214.134.3 application/octet-stream

thanks

KOM

OK< so you know squid is working.  squidGuard is a helper app that gets called by squid on-demand for ever URL being processed.  Anything in /var/log/squidguard.log?

aorzerep

@KOM:

OK< so you know squid is working.  squidGuard is a helper app that gets called by squid on-demand for ever URL being processed.  Anything in /var/log/squidguard.log?

yes,
this is what inside squidguard.log
2015-09-24 15:42:18 [2481] squidGuard 1.4 started (1443080538.072)
2015-09-24 15:42:18 [2481] db update done
2015-09-24 15:42:18 [2481] squidGuard stopped (1443080538.083)
2015-09-24 15:42:28 [72003] squidGuard 1.4 started (1443080548.787)
2015-09-24 15:42:28 [72003] db update done
2015-09-24 15:42:28 [72003] squidGuard stopped (1443080548.798)
2015-09-24 15:42:39 [79271] squidGuard 1.4 started (1443080559.542)
2015-09-24 15:42:39 [79271] db update done
2015-09-24 15:42:39 [79271] squidGuard stopped (1443080559.552)
2015-09-24 15:43:39 [68253] squidGuard 1.4 started (1443080619.774)
2015-09-24 15:43:39 [68253] db update done
2015-09-24 15:43:39 [68253] squidGuard stopped (1443080619.785)
2015-09-24 15:43:40 [83503] squidGuard 1.4 started (1443080620.146)
2015-09-24 15:43:40 [83503] db update done
2015-09-24 15:43:40 [83503] squidGuard stopped (1443080620.157)
2015-09-24 15:53:45 [12067] squidGuard 1.4 started (1443081225.145)
2015-09-24 15:53:45 [12067] db update done
2015-09-24 15:53:45 [12067] squidGuard stopped (1443081225.156)
2015-09-24 15:53:55 [96839] squidGuard 1.4 started (1443081235.953)
2015-09-24 15:53:55 [96839] db update done
2015-09-24 15:53:55 [96839] squidGuard stopped (1443081235.964)
2015-09-24 15:54:06 [86457] squidGuard 1.4 started (1443081246.747)
2015-09-24 15:54:06 [86457] db update done
2015-09-24 15:54:06 [86457] squidGuard stopped (1443081246.757)
2015-09-24 15:55:19 [2423] squidGuard 1.4 started (1443081319.217)
2015-09-24 15:55:19 [2423] db update done
2015-09-24 15:55:19 [2423] squidGuard stopped (1443081319.227)
2015-09-24 16:54:58 [11624] squidGuard 1.4 started (1443084898.548)
2015-09-24 16:54:58 [11624] db update done
2015-09-24 16:54:58 [11624] squidGuard stopped (1443084898.558)
2015-09-24 16:55:01 [18875] squidGuard 1.4 started (1443084901.588)
2015-09-24 16:55:01 [18875] db update done
2015-09-24 16:55:01 [18875] squidGuard stopped (1443084901.597)
2015-09-28 07:39:08 [30350] squidGuard 1.4 started (1443397148.045)
2015-09-28 07:39:08 [30350] db update done
2015-09-28 07:39:08 [30350] squidGuard stopped (1443397148.056)
2015-09-28 07:39:22 [94776] squidGuard 1.4 started (1443397162.019)
2015-09-28 07:39:22 [94776] db update done
2015-09-28 07:39:22 [94776] squidGuard stopped (1443397162.029)

thanks

aorzerep

@KOM:

OK< so you know squid is working.  squidGuard is a helper app that gets called by squid on-demand for ever URL being processed.  Anything in /var/log/squidguard.log?

yes,

this is what inside squidguard.log
2015-09-24 15:42:18 [2481] squidGuard 1.4 started (1443080538.072)
2015-09-24 15:42:18 [2481] db update done
2015-09-24 15:42:18 [2481] squidGuard stopped (1443080538.083)
2015-09-24 15:42:28 [72003] squidGuard 1.4 started (1443080548.787)
2015-09-24 15:42:28 [72003] db update done
2015-09-24 15:42:28 [72003] squidGuard stopped (1443080548.798)
2015-09-24 15:42:39 [79271] squidGuard 1.4 started (1443080559.542)
2015-09-24 15:42:39 [79271] db update done
2015-09-24 15:42:39 [79271] squidGuard stopped (1443080559.552)
2015-09-24 15:43:39 [68253] squidGuard 1.4 started (1443080619.774)
2015-09-24 15:43:39 [68253] db update done
2015-09-24 15:43:39 [68253] squidGuard stopped (1443080619.785)
2015-09-24 15:43:40 [83503] squidGuard 1.4 started (1443080620.146)
2015-09-24 15:43:40 [83503] db update done
2015-09-24 15:43:40 [83503] squidGuard stopped (1443080620.157)
2015-09-24 15:53:45 [12067] squidGuard 1.4 started (1443081225.145)
2015-09-24 15:53:45 [12067] db update done
2015-09-24 15:53:45 [12067] squidGuard stopped (1443081225.156)
2015-09-24 15:53:55 [96839] squidGuard 1.4 started (1443081235.953)
2015-09-24 15:53:55 [96839] db update done
2015-09-24 15:53:55 [96839] squidGuard stopped (1443081235.964)
2015-09-24 15:54:06 [86457] squidGuard 1.4 started (1443081246.747)
2015-09-24 15:54:06 [86457] db update done
2015-09-24 15:54:06 [86457] squidGuard stopped (1443081246.757)
2015-09-24 15:55:19 [2423] squidGuard 1.4 started (1443081319.217)
2015-09-24 15:55:19 [2423] db update done
2015-09-24 15:55:19 [2423] squidGuard stopped (1443081319.227)
2015-09-24 16:54:58 [11624] squidGuard 1.4 started (1443084898.548)
2015-09-24 16:54:58 [11624] db update done
2015-09-24 16:54:58 [11624] squidGuard stopped (1443084898.558)
2015-09-24 16:55:01 [18875] squidGuard 1.4 started (1443084901.588)
2015-09-24 16:55:01 [18875] db update done
2015-09-24 16:55:01 [18875] squidGuard stopped (1443084901.597)
2015-09-28 07:39:08 [30350] squidGuard 1.4 started (1443397148.045)
2015-09-28 07:39:08 [30350] db update done
2015-09-28 07:39:08 [30350] squidGuard stopped (1443397148.056)
2015-09-28 07:39:22 [94776] squidGuard 1.4 started (1443397162.019)
2015-09-28 07:39:22 [94776] db update done
2015-09-28 07:39:22 [94776] squidGuard stopped (1443397162.029)

thanks

KOM

Seems like it's working.  You said you were using your own custom blacklist?  Is it possible that you don't have the format correct, so squidGuard is failing to recognize your URLs/domains?

aorzerep

@KOM:

Seems like it's working.  You said you were using your own custom blacklist?  Is it possible that you don't have the format correct, so squidGuard is failing to recognize your URLs/domains?

Yes i have my own blacklist, i have sets of target categories that linked in my groups acl, before it is working but when upgrade to 2.2.4 it stop working,there is no entry in block.log, I try uninstall reinstall delete many times but i failed..

thanks

KOM

What happens if you shell in and try to run squidguard -C -d -b all?