Squidguard blockt alle Seiten

Hallo,

ich habe auf pfSense Squid und Squidguard installiert. Neben der Tatsache, dass ich keine Blacklists installieren kann, werden - aus Cachegründen - auch normale Seiten blockiert. In diesem Fall bekommen ich diese Fehlermeldung:


Hier sind die Logs des Filters:

----- Proxyfilter: -----------

1. Do not edit manually !

http_port 10.1.1.250:3128
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/German
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /dev/null
cache_log /var/squid/log/cache.log
cache_store_log none
shutdown_lifetime 3 seconds

1. Allow local network(s) on interface(s)

acl localnet src 10.1.1.0/255.255.255.0
forwarded_for off
uri_whitespace strip

cache_mem 100 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir null /tmp
minimum_object_size 0 KB
maximum_object_size 10 KB
offline_mode off

1. No redirector configured

1. Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 9999 3128 1025-65535
acl sslports port 443 563 9999
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl unrestricted_hosts src '/var/squid/acl/unrestricted_hosts.acl'
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

1. Always allow localhost connections

http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

1. Custom options

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

1. These hosts do not have any restrictions

http_access allow unrestricted_hosts

1. Setup allowed acls
2. Allow local network(s) on interface(s)

http_access allow localnet

1. Default block all to be sure

http_access deny all

Filter Config ------

1. ============================================================
2. SquidGuard configuration file
3. This file generated automaticly with SquidGuard configurator
4. (C)2006 Serg Dvoriancev
5. email: dv_serg@mail.ru
6. ============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

dest n-tv {
domainlist n-tv/domains
redirect 302:www.heise.de
}

rew safesearch {
s@(google..*/search?.*q=.*)@
&safe=active@i
s@(google..*/images.*q=.*)@
&safe=active@i
s@(google..*/groups.*q=.*)@
&safe=active@i
s@(google..*/news.*q=.*)@
&safe=active@i
s@(yandex..*/yandsearch?.*text=.*)@
&fyandex=1@i
s@(search.yahoo..*/search.*p=.*)@
&vm=r&v=1@i
s@(search.live..*/.*q=.*)@
&adlt=strict@i
s@(search.msn..*/.*q=.*)@
&adlt=strict@i
s@(.bing..*/.*q=.*)@
&adlt=strict@i
}

acl {
default {
pass !in-addr n-tv all
redirect http://10.1.1.250:80/sgerror.php?url=403%20www.n-tv.de&a=%a&n=% ...
rewrite safesearch
}
}


Wenn jemand sonst bereits Erfahrungen hat wie man Shallas Blacklists auf eine pfSense-Board installiert, kann gerne Mal einen Blick auf diesen Thread werfen:

Squidguard auf pfSense mit Shallablacklist einrichten

Danke sehr!

Gr. I.