Search squid archive

Squid 3.5.5 ssl_bump and ufdbGuard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This probably more rightly belongs in the ufdbGuard mailing list, but SF has been down for several days and I cannot post there. There is a bit of overlap with ssl_bump and ufdGuard with one of the issues I am having. Maybe someone here who uses ufdbGuard or squidGuard could help me?

I am trying to replace our implementation of the old squidGuard with ufdbGuard on Smoothwall Express v3.1 firewall distro. I have gotten ufdbGuard running and filtering with Squid 3.5.5 using ssl_bump.My questions:

1. With ssl_bump and squidGuard I was able to use the urlfilter to block https sites like facebook.com. Allowed https sites would load in my browser without errors with ssl_bump and squidGuard active. With ssl_bump and ufdbGuard it is a lot more complicated, it seems.

-Squid+ssl_bump and ufdbGuard running I can access all HTTP sites without errors. I cannot access any HTTPS sites at all. I get "Untrusted connection" errors when trying to load any HTTPS site.

-If I restart squid without ssl_bump and ufdbGuard still running, I can then access all HTTP and HTTPS sites and categories that I have blocked do get blocked, but only HTTP.sites. All HTTPS sites will load, but none get blocked that are supposed to be.

-If I then restart squid+ssl_bump (and ufdbGuard still running) I can now access all HTTP and HTTPS sites. Also, all HTTP and HTTPS sites that are supposed to be blocked by category, like porn for instance, do get blocked like they are supposed to be. Except for domains in the alwaysdeny category (but that will be a question for another time).

-When ufdbGuard and squid+ssl_bump are started (in that order) I see processes running for squid, ssl_crtd, and ufdbguardd. I do not see any processes for squid_redirect and ufdbgclient. If I enter and load a website and then check the processes running I then see squid_redirect and ufdbgclient. Is that supposed to happen like that?

2. I am using the Shalla blacklists for testing. I haven't been able to sign up for a URLfilterDB free trial because I only use yahoo.com and gmail.com for my email. Plus, I don't want to pay for a subscription until I know I have this working. When I convert the Shalla blacklists to ufdb format using ufdbConvertDB, only the domains are converted to the ufdb format (domains.ufdb). The urls files are not converted, even when using the "-u urls" switch.

My current ufdbGuard.conf file is attached..


Attachment: ufdbGuard.conf
Description: Binary data

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux