The first thing you can check is whether the error is being introduced in SquidGuard itself or later in the stack.
Run "/usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf" in a shell (console or SSH) and pass those URLs to it to see the raw output that SquidGuard is sending back. If they are correct there, then you can narrow down the problem to Squid or something else in pfSense. If you get the wrong URLs in the she'll output, them it's something with your SquidGuard configuration. I don't see anything offhand with either configuration that looks wrong, so this will tell you where to focus. Moshe (On a mobile device - sorry for top-posting.) On Jul 17, 2014 8:54 AM, "Dean Landry" <land...@kingswood.edu> wrote: > Hello, > > We have configured pfSense with Squid3 and SquidGuard in order to do > content filtering. We have blocked several categories and also have a set > of manually blocked URLs. If I attempt to go to a manually blocked URL, I > am correctly redirected to the sgerror page: > > > https://10.10.10.1/sgerror.php?url=403%20&a=10.0.0.100&n=&i=&s=default&t=Manual_Blacklist&u=http://eztv.it/ > > However when I go to a page blocked by a category, it doesn't give the > correct redirect link (resulting in a 404 error): > > > https://10.10.10.1/sgerror.php&a=10.0.0.100&n=&i=&s=default&t=blk_blacklists_adult&u=http://sex.com/ > > It is stripping the "?url=403%20" which breaks the link. > > Looking at the filter config, it seems odd that the redirect URLs are > "http" on port 443. The resulting page is https without the port indicated. > > Here is my Filter config: > > # ============================================================ > # SquidGuard configuration file > # This file generated automaticly with SquidGuard configurator > # (C)2006 Serg Dvoriancev > # email: dv_s...@mail.ru > # ============================================================ > > logdir /var/squidGuard/log > dbhome /var/db/squidGuard > > # Sites to block (not handled by blacklist service) > dest Manual_Blacklist { > domainlist Manual_Blacklist/domains > expressionlist Manual_Blacklist/expressions > redirect > http://10.10.10.1:443/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u > log block.log > } > > # Sites to allow (not handled by blacklist service) > dest ManualWhitelist { > domainlist ManualWhitelist/domains > redirect > http://10.10.10.1:443/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u > log block.log > } > > # > rew safesearch { > s@(google..*/search?.*q=.*)@ &safe=active@i > s@(google..*/images.*q=.*)@ &safe=active@i > s@(google..*/groups.*q=.*)@ &safe=active@i > s@(google..*/news.*q=.*)@ &safe=active@i > s@(yandex..*/yandsearch?.*text=.*)@ &fyandex=1@i > s@(search.yahoo..*/search.*p=.*)@ &vm=r&v=1@i > s@(search.live..*/.*q=.*)@ &adlt=strict@i > s@(search.msn..*/.*q=.*)@ &adlt=strict@i > s@(.bing..*/.*q=.*)@ &adlt=strict@i > log block.log > } > > # > acl { > # > default { > pass ManualWhitelist !Manual_Blacklist !blk_blacklists_abortion > !blk_blacklists_ads !blk_blacklists_adult !blk_blacklists_antispyware > !blk_blacklists_artnudes !blk_blacklists_filesharing > !blk_blacklists_gambling !blk_blacklists_hacking !blk_blacklists_lingerie > !blk_blacklists_malware !blk_blacklists_mixed_adult > !blk_blacklists_naturism !blk_blacklists_phishing !blk_blacklists_porn > !blk_blacklists_proxy !blk_blacklists_sexuality > !blk_blacklists_sexualityeducation !blk_blacklists_spyware > !blk_blacklists_tobacco !blk_blacklists_violence > !blk_blacklists_virusinfected !blk_blacklists_warez !blk_blacklists_weapons > blk_blacklists_audio-video blk_blacklists_news all > redirect > http://10.10.10.1:443/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u > rewrite safesearch > log block.log > } > } > > And here is my Proxy Config: > > # This file is automatically generated by pfSense > # Do not edit manually ! > http_port 10.0.0.1:3128 > http_port 127.0.0.1:3128 intercept > icp_port 7 > dns_v4_first off > pid_filename /var/run/squid.pid > cache_effective_user proxy > cache_effective_group proxy > error_default_language en > icon_directory /usr/pbi/squid-amd64/etc/squid/icons > visible_hostname localhost > cache_mgr w...@beulahcamp.com > access_log /var/squid/logs/access.log > cache_log /var/squid/logs/cache.log > cache_store_log none > sslcrtd_children 0 > logfile_rotate 7 > shutdown_lifetime 3 seconds > # Allow local network(s) on interface(s) > acl localnet src 10.0.0.0/16 > uri_whitespace strip > > acl dynamic urlpath_regex cgi-bin ? > cache deny dynamic > cache_mem 8 MB > maximum_object_size_in_memory 256 KB > memory_replacement_policy heap GDSF > cache_replacement_policy heap LFUDA > cache_dir ufs /var/squid/cache 1024 16 256 > minimum_object_size 0 KB > maximum_object_size 4 KB > offline_mode offcache_swap_low 90 > cache_swap_high 95 > > # No redirector configured > > > #Remote proxies > > > # Setup some default acls > acl allsrc src all > acl localhost src 127.0.0.1/32 > acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 443 3128 > 1025-65535 1935 > acl sslports port 443 563 443 1935 > acl manager proto cache_object > acl purge method PURGE > acl connect method CONNECT > > # Define protocols used for redirects > acl HTTP proto HTTP > acl HTTPS proto HTTPS > > http_access allow manager localhost > > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !safeports > http_access deny CONNECT !sslports > > # Always allow localhost connections > http_access allow localhost > > request_body_max_size 0 KB > delay_pools 1 > delay_class 1 2 > delay_parameters 1 -1/-1 -1/-1 > delay_initial_bucket_level 100 > delay_access 1 allow allsrc > > # Reverse Proxy settings > > > # Package Integration > redirect_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c > /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf > redirector_bypass off > url_rewrite_children 5 > > # Custom options > > > # Setup allowed acls > # Allow local network(s) on interface(s) > http_access allow localnet > # Default block all to be sure > http_access deny allsrc > > I've tried uninstalling and reinstalling the squidGuard package, but I > don't think that reset any options to fix anything. Can someone recommend > where to start troubleshooting this? > > Thanks, > Dean > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
