Problem with 2.2.2 amd64 squid3 and squidGuard



  • Hi all ,
    I have a problem with squid3 0.2.8 , I installed Squidguard 1.9.14 but it does not work . I've put acl block porn, but it remains accessible . all acl I create are not active on the proxyserver .
    anyone can help me please
    Thanks



  • already to create Target Categories on squidguard?



  • @91X:

    already to create Target Categories on squidguard?

    this is my acl common, I have not created



  • Can anyone help me, my system needs to operate !!!



  • Do you know for sure that squid is working?  Anything in /var/squidGuard/log/squidGuard.log or block.log?



  • squid is still working … but squidGuard not work ... Here are the latest thing in squidGuard.log



  • OK, squidGuard appears to be working.  But it isn't blocking anything?  What happens if you change the last entry, Default access [All] to Deny?  Also, you don't show the entire ruleset.  They are processed top-down, so if you have an Allow All at the top then any blocks farther down won't trigger.



  • @KOM:

    OK, squidGuard appears to be working.  But it isn't blocking anything?  What happens if you change the last entry, Default access [All] to Deny?  Also, you don't show the entire ruleset.  They are processed top-down, so if you have an Allow All at the top then any blocks farther down won't trigger.

    Thank you for your reply , when i change Default access [all] to Deny , squidGuard block all . I did it . One more question : "when I check the "Transparent HTTP proxy" to enable "HTTPS / SSL interception" computers in the local network can not access the proxy server for downloading CA. What should I do ? "



  • What should I do ?

    Don't use transparent proxy for this exact reason.  Use Web-Proxy Auto-Detection (WPAD) instead.



  • The problem for the HTTPS/SSL transparent proxy and the certificates issue is documented in this forum (I can't recall where, but the search bar above is very usefull), so I'll give you a place where you can start:
    HTTPS/SSL with transparent proxy creates a "man in the middle", so you need to create a CA and download the CA server certificate and install it on all the machines that are going to use the proxy.
    In certain enviroments this is easy and useful, in others is too expensive in therms of time and effort so WPAD is recommended.
    For the topic about blocking porn, be sure your lists are up to date and don't forget to create at least one target category so squidguard can do it's job without trouble.

    Greetings and good luck!  :D



  • @chidgear:

    The problem for the HTTPS/SSL transparent proxy and the certificates issue is documented in this forum (I can't recall where, but the search bar above is very usefull), so I'll give you a place where you can start:
    HTTPS/SSL with transparent proxy creates a "man in the middle", so you need to create a CA and download the CA server certificate and install it on all the machines that are going to use the proxy.
    In certain enviroments this is easy and useful, in others is too expensive in therms of time and effort so WPAD is recommended.
    For the topic about blocking porn, be sure your lists are up to date and don't forget to create at least one target category so squidguard can do it's job without trouble.

    Greetings and good luck!  :D

    Thank you for replying my thread.
    I understand how it works but I do not understand how WPAD install because it slightly confused to me, in my company, wifi spend them without user authentication, so a bit difficult installation problems manually. you or someone can help me through the installation video guide WPAD is not? .
    Thanks and Best Regards



  • WPAD Autoconfigure for Squid

    This is the 3rd time I've linked to this for you.  Read it.  It's not hard.


Log in to reply