Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with 2.2.2 amd64 squid3 and squidGuard

    Scheduled Pinned Locked Moved Cache/Proxy
    12 Posts 4 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dnikky
      last edited by

      Hi all ,
      I have a problem with squid3 0.2.8 , I installed Squidguard 1.9.14 but it does not work . I've put acl block porn, but it remains accessible . all acl I create are not active on the proxyserver .
      anyone can help me please
      Thanks

      1 Reply Last reply Reply Quote 0
      • A
        agixdota
        last edited by

        already to create Target Categories on squidguard?

        1 Reply Last reply Reply Quote 0
        • D
          dnikky
          last edited by

          @91X:

          already to create Target Categories on squidguard?

          this is my acl common, I have not created

          1 Reply Last reply Reply Quote 0
          • D
            dnikky
            last edited by

            Can anyone help me, my system needs to operate !!!

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Do you know for sure that squid is working?  Anything in /var/squidGuard/log/squidGuard.log or block.log?

              1 Reply Last reply Reply Quote 0
              • D
                dnikky
                last edited by

                squid is still working … but squidGuard not work ... Here are the latest thing in squidGuard.log

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  OK, squidGuard appears to be working.  But it isn't blocking anything?  What happens if you change the last entry, Default access [All] to Deny?  Also, you don't show the entire ruleset.  They are processed top-down, so if you have an Allow All at the top then any blocks farther down won't trigger.

                  1 Reply Last reply Reply Quote 0
                  • D
                    dnikky
                    last edited by

                    @KOM:

                    OK, squidGuard appears to be working.  But it isn't blocking anything?  What happens if you change the last entry, Default access [All] to Deny?  Also, you don't show the entire ruleset.  They are processed top-down, so if you have an Allow All at the top then any blocks farther down won't trigger.

                    Thank you for your reply , when i change Default access [all] to Deny , squidGuard block all . I did it . One more question : "when I check the "Transparent HTTP proxy" to enable "HTTPS / SSL interception" computers in the local network can not access the proxy server for downloading CA. What should I do ? "

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM
                      last edited by

                      What should I do ?

                      Don't use transparent proxy for this exact reason.  Use Web-Proxy Auto-Detection (WPAD) instead.

                      1 Reply Last reply Reply Quote 0
                      • C
                        chidgear
                        last edited by

                        The problem for the HTTPS/SSL transparent proxy and the certificates issue is documented in this forum (I can't recall where, but the search bar above is very usefull), so I'll give you a place where you can start:
                        HTTPS/SSL with transparent proxy creates a "man in the middle", so you need to create a CA and download the CA server certificate and install it on all the machines that are going to use the proxy.
                        In certain enviroments this is easy and useful, in others is too expensive in therms of time and effort so WPAD is recommended.
                        For the topic about blocking porn, be sure your lists are up to date and don't forget to create at least one target category so squidguard can do it's job without trouble.

                        Greetings and good luck!  :D

                        1 Reply Last reply Reply Quote 0
                        • D
                          dnikky
                          last edited by

                          @chidgear:

                          The problem for the HTTPS/SSL transparent proxy and the certificates issue is documented in this forum (I can't recall where, but the search bar above is very usefull), so I'll give you a place where you can start:
                          HTTPS/SSL with transparent proxy creates a "man in the middle", so you need to create a CA and download the CA server certificate and install it on all the machines that are going to use the proxy.
                          In certain enviroments this is easy and useful, in others is too expensive in therms of time and effort so WPAD is recommended.
                          For the topic about blocking porn, be sure your lists are up to date and don't forget to create at least one target category so squidguard can do it's job without trouble.

                          Greetings and good luck!  :D

                          Thank you for replying my thread.
                          I understand how it works but I do not understand how WPAD install because it slightly confused to me, in my company, wifi spend them without user authentication, so a bit difficult installation problems manually. you or someone can help me through the installation video guide WPAD is not? .
                          Thanks and Best Regards

                          1 Reply Last reply Reply Quote 0
                          • KOMK
                            KOM
                            last edited by

                            WPAD Autoconfigure for Squid

                            This is the 3rd time I've linked to this for you.  Read it.  It's not hard.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.