The problem is that squidguard is not filtering anything!!! The ldp work for suthentication , I mean I can login from users in the DC , but all users has full permsions !! I created group called “level2” and gave it to some users , but that users still has full permission and not being filtered from anything !! This is os is pfsense on freebsd I will post config below : =========================== Here is config # This file is automatically generated by pfSense # Do not edit manually ! http_port 10.0.0.1:3128 icp_port 7 dns_v4_first off pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_default_language en icon_directory /usr/pbi/squid-i386/etc/squid/icons visible_hostname pfsense cache_mgr admin@localhost access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none sslcrtd_children 0 logfile_rotate 0 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 10.0.0.0/24 forwarded_for off uri_whitespace strip acl dynamic urlpath_regex cgi-bin ? cache deny dynamic cache_mem 8 MB maximum_object_size_in_memory 32 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA minimum_object_size 0 KB maximum_object_size 10 KB offline_mode off # No redirector configured #Remote proxies # Setup some default acls acl allsrc src all acl localhost src 127.0.0.1/32 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535 acl sslports port 443 563 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings # Package Integration auth_param basic program /usr/pbi/squid-i386/libexec/squid/squid_ldap_auth -P -R -b 'dc=smart,dc=ps' -D 'cn=administrator,cn=Users,dc=smart,dc=ps' -w 'admin@123' -f sAMAccountName=%s -h 192.168.1.242 auth_param basic children 100 auth_param basic realm heyyyyy auth_param basic credentialsttl 1 hour acl password proxy_auth REQUIRED redirect_program /usr/pbi/squidguard-i386/bin/squidGuard -c /usr/pbi/squidguard-i386/etc/squidGuard/squidGuard.conf redirector_bypass off url_rewrite_children 5 # Custom options http_access allow password # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny allsrc # ============================================================ # SquidGuard configuration file # This file generated automaticly with SquidGuard configurator # (C)2006 Serg Dvoriancev # email: dv_serg@xxxxxxx # ============================================================ logdir /var/squidGuard/log dbhome /var/db/squidGuard ldapbinddn cn=administrator,cn=Users,dc=smart,dc=ps ldapbindpass admin@123 ldapprotover 2 stripntdomain true # src zozo { ldapusersearch ldap://192.168.1.242/DC=smart,DC=ps?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=level2%2cCN=Users%2cDC=smart%2cDC=ps)) log block.log } # rew safesearch { s@(google..*/search?.*q=.*)@&safe=active@i s@(google..*/images.*q=.*)@&safe=active@i s@(google..*/groups.*q=.*)@&safe=active@i s@(google..*/news.*q=.*)@&safe=active@i s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i s@(search.live..*/.*q=.*)@&adlt=strict@i s@(search.msn..*/.*q=.*)@&adlt=strict@i s@(.bing..*/.*q=.*)@&adlt=strict@i log block.log } # acl { # zozo { pass !in-addr !blk_BL_adv !blk_BL_aggressive !blk_BL_alcohol !blk_BL_anonvpn !blk_BL_automobile_bikes !blk_BL_automobile_boats !blk_BL_automobile_cars !blk_BL_downloads !blk_BL_movies !blk_BL_porn !blk_BL_sex_education !blk_BL_sex_lingerie none redirect http://10.0.0.1:80/sgerror.php?url=""> log block.log } # default { pass !blk_BL_porn !blk_BL_searchengines !blk_BL_sex_education !blk_BL_sex_lingerie !blk_BL_shopping none redirect http://10.0.0.1:80/sgerror.php?url=""> rewrite safesearch log block.log } } Any idea why suqidguard is not blocking anything ??? cheers |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
