Whitelist target category not working with group acl
-
I have created a group category for hosts residing on my 10.0.0.1/24 network. These hosts are mainly for administrative purposes. I have created a target category called allowed_sites which lists several websites that are blocked by some Shalllist target rule categories.
Under this group acl I have made sure to select allow for that target category I have created. I have then selected which shallalist categories I want blocked including blk_BL_drugs. I have saved this as well as clicked apply under the general settings tab. I have rebooted the pfsense box and cleared cache, cookies, and reset the hosts under the group acl.
However, when I am browsing to any websites that are under the allowed_sites target category, I am getting the access denied page stating that these sites are blocked under category blk_BL_drugs.
Under the filter configuration tab for SquidGuard I can see the following for the group acl.
Admin_hosts {
pass !dummy !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_costtraps !blk_BL_drugs !blk_BL_fortunetelling !blk_BL_gamble !blk_BL_hacking !blk_BL_porn !blk_BL_redirector !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_spyware !blk_BL_violence allowed_sites facebook_chat allow_piratebay all
redirect http://192.168.50.1:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}What could be causing this problem?
-
Update:
Not more than a minute after I posted this I found the solution. Under the Group ACL tab and then under Target Rules is the following message:
ACCESS: 'whitelist' - always pass; 'deny' - block; 'allow' - pass, if not blocked.
Simply changing my target category to whitelist corrected the problem.