Whitelist target category not working with group acl



  • I have created a group category for hosts residing on my 10.0.0.1/24 network.  These hosts are mainly for administrative purposes.  I have created a target category called allowed_sites which lists several websites that are blocked by some Shalllist target rule categories.

    Under this group acl I have made sure to select allow for that target category I have created. I have then selected which shallalist categories I want blocked including blk_BL_drugs.  I have saved this as well as clicked apply under the general settings tab. I have rebooted the pfsense box and cleared cache, cookies, and reset the hosts under the group acl.

    However, when I am browsing to any websites that are under the allowed_sites target category, I am getting the access denied page stating that these sites are blocked under category blk_BL_drugs.

    Under the filter configuration tab for SquidGuard I can see the following for the group acl.

    Admin_hosts  {
    pass !dummy !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_costtraps !blk_BL_drugs !blk_BL_fortunetelling !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_redirector !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_spyware !blk_BL_violence allowed_sites facebook_chat allow_piratebay all
    redirect http://192.168.50.1:80/sgerror.php?url=403 &a=%a&n=%n&i=%i&s=%s&t=%t&u=%u&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
    log block.log
    }

    What could be causing this problem?



  • Update:

    Not more than a minute after I posted this I found the solution.  Under the Group ACL tab and then under Target Rules is the following message:

    ACCESS: 'whitelist' - always pass; 'deny' - block; 'allow' - pass, if not blocked.

    Simply changing my target category to whitelist corrected the problem.


Log in to reply