Squidguard not working albeit properly configured



  • Finally got squid3 to install without messing up the entire platform (thanks to the people who worked hard to make the package install!) and also installed squidguard.

    Then I configured the applications, in a nutshell like this:

    Squid
    General tab
    Squid is enabled
    Proxy interfaces: LAN and LAN2 (I have 2 lan interfaces)
    Port 3128
    Allow users on interface: YES
    Transparent Proxy Interface(s): YES
    Enable Access Logging: YES
    URI Whitespace Characters Handling: strip

    Remote cache
    Nothing modified here - No custom settings

    Local cache
    Nothing modified here - No custom settings

    Antivirus
    Enabled
    Enable manual config: disabled
    Google safe browsing: YES
    ClamAV update: every 1 hr

    ACL's
    Nothing modified here - No custom settings

    Traffic Mgmt
    Nothing modified here - No custom settings

    Authentication
    Nothing modified here - No custom settings

    Users
    Nothing modified here - No custom settings

    Squidguard
    General Settings
    Enabled
    Enable GUI log: YES
    Enable log: YES
    Enable log rotation: YES
    Clean advert. YES
    Blacklisrt: YES
    Blacklist URL: http://www.shallalist.de/Downloads/shallalist.tar.gz

    Common ACL
    I selected misc target categories and my custom target categories are of course selected to DENY
    Do not allow IP-Addresses in URL: YES
    Redirect mode:  ext URL
    Redirect info:  www.google.com
    Rewrite: None
    Log: Checked

    Groups ACL
    Nothing modified here - No custom settings

    Target categories
    Here I have 2 categories: one for banned keywords and another with banned extensions

    banned keywords:
    Order: –-----
    Domain list: empty
    URL List: empty
    Regular expression: lots of words in the format of "mail|casino|game"
    Reditect mode: int error page
    Redirect: "Blocked by SG"
    Log: Checked

    Times
    Nothing modified here - No custom settings

    Rewrites
    Nothing modified here - No custom settings

    Blacklist:
    http://www.shallalist.de/Downloads/shallalist.tar.gz

    The problem is that the filter doesnt work at all.  No exceptions, nothing works. The pfsense log is empty from squid errors, the squid log is being populated with entries which seems to indicate that the squid cache actually works, but the squidguard log is totally empty, even if I try to access pages with banned keywords.

    Not sure why its not working.  At least, how can I confirm without a doubt that the squid proxy server really works?



  • I actually tried to download a large file, let the download finish and tried to download the same file again, noticed a very marginal difference in speed (575kb/s the first round, about 615kb/s the second round)..  So I think squid actually doesnt work or doesnt work well..

    The logs are actually being populated real time, except for downloaded files.  Maybe this is normal in squid?



  • Have you checked the integrations field on squid located under the general tab to make sure squidguard is there?  What version of Squid and Squidguard are you using?

    What version of PFSense as well?  I didn't think transparent worked properly in 2.2.x versions?

    I also suggest turning off the AV… it's horrible from what I can tell, and unless you have a very robust system, it can harm your connection bandwidth when multiple people are doing several things.



  • Sorry once again I failed to provide the version numbers…

    pfsense 2.2.6-RELEASE (amd64)
    SG 1.9.18
    squid3 0.4.7

    The integrations field contains the following:

    url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0
    

    I am not knowledgeable enough with squid to know what this does, so if you spot anything shady, please let me know!  At least, there is some references to squidguard..

    I hope transparent proxy with squid works with 2.2.X otherwise whats the point of having the option to do so?  Plus it worked (somehow and not stable) in older versions of pfsense.

    Regarding the antivirus, pfsense runs on a dual core CPU at 3.2GHz with 12GB RAM… So far it doesnt seem to be hindering bandwidth but I'll try to disable it to see if its faster.


Log in to reply