Web Filtering only works in "transparent mode". All web traffic is allowed in manually configuration

NethServer Version: rc3
Module: squidguard

Hi, I’ve updated from rc2 to rc3 and web traffic is only filtered in “Transparent mode”, all web traffic is allowed in manually configuration. I’ve tested blocking all web traffic (web filtering options) but is the same problem.

I’ve installed rc3 using the last ISO available (clean installation) and it’s the same problem.

Am I the only with this issue?

All the best and happy holidays,
RM

I can confirm this issue. In Manual mode i can access blocked websites even if I didn’t specified the web proxy server in Firefox configuration.
Cheers.

I can’t reproduce your problem, sorry.
Did you check “Block HTTP and HTTPS ports” on the proxy page?
Please, check if you can spot any error in /var/ufdbguard/logs/ufdbguardd.log.

Thanks!

I have not checked “Block HTTP and HTTPS ports” on the poxy page, because all web traffic is allowed in manually proxy configuration. In transparent mode filtering is working.

I have found this in the log:

NS rc3 updated from rc2

2016-12-22 14:54:22 [2766] loading URL category defaulttable with creation date 20161222.1624 2016-12-22 14:54:22 [2766] loading URL table from "/var/squidGuard/blacklists/automobile/boats/domains" 2016-12-22 14:54:22 [2766] loading URL category defaulttable with creation date 20161222.1624 2016-12-22 14:54:22 [2766] loading URL table from "/var/squidGuard/blacklists/news/domains" 2016-12-22 14:54:22 [2766] loading URL category defaulttable with creation date 20161222.1624 2016-12-22 14:54:22 [2766] loading URL table from "/var/squidGuard/blacklists/isp/domains" 2016-12-22 14:54:22 [2766] 2016-12-22 14:54:22 [2766] FATAL ERROR: line 293: "aggressive" is a keyword and must be surrounded by quotes in configuration file /etc/ufdbguard/ufdbGuard.conf ***** 2016-12-22 14:54:22 [2766] 2016-12-22 14:54:22 [2766] A FATAL ERROR OCCURRED: all requests are answered with "OK" (see previous lines with "FATAL ERROR" for more details) ***** 2016-12-22 14:54:22 [2766] configuration on host fnd-proxy-cloud.fundacion-jala.local: ------------------------------------------- 2016-12-22 14:54:22 [2766] dbhome "/var/squidGuard/blacklists" 2016-12-22 14:54:22 [2766] logdir "/var/ufdbguard/logs" 2016-12-22 14:54:22 [2766] # default: pidfile "/var/run/ufdbguard/ufdbguardd.pid" 2016-12-22 14:54:22 [2766] port 3977 2016-12-22 14:54:22 [2766] # interface "all" 2016-12-22 14:54:22 [2766] # default: email-server "none" 2016-12-22 14:54:22 [2766] # default: my-hostname "none" 2016-12-22 14:54:22 [2766] # default: admin-email "none" 2016-12-22 14:54:22 [2766] # default: sender-email "none" 2016-12-22 14:54:22 [2766] # default: external-status-command "none" 2016-12-22 14:54:22 [2766] logpass off 2016-12-22 14:54:22 [2766] logblock on 2016-12-22 14:54:22 [2766] logall off 2016-12-22 14:54:22 [2766] upload-crash-reports off 2016-12-22 14:54:22 [2766] lookup-reverse-ip off 2016-12-22 14:54:22 [2766] use-ipv6-on-wan on 2016-12-22 14:54:22 [2766] num-worker-threads 68 2016-12-22 14:54:22 [2766] squid-version "3.5" 2016-12-22 14:54:22 [2766] squid-uses-active-bumping off

NS rc3 - Clean Installation (I’ve used the last ISO available)

2016-12-23 03:24:17 [27540] loading URL category defaulttable with creation date 20161223.0724 2016-12-23 03:24:17 [27540] loading URL table from "/var/squidGuard/blacklists/finance/banking/domains" 2016-12-23 03:24:17 [27540] loading URL category defaulttable with creation date 20161223.0724 2016-12-23 03:24:17 [27540] loading URL table from "/var/squidGuard/blacklists/automobile/boats/domains" 2016-12-23 03:24:17 [27540] loading URL category defaulttable with creation date 20161223.0724 2016-12-23 03:24:17 [27540] loading URL table from "/var/squidGuard/blacklists/news/domains" 2016-12-23 03:24:17 [27540] loading URL category defaulttable with creation date 20161223.0724 2016-12-23 03:24:17 [27540] loading URL table from "/var/squidGuard/blacklists/isp/domains" 2016-12-23 03:24:17 [27540] 2016-12-23 03:24:17 [27540] FATAL ERROR: line 293: "aggressive" is a keyword and must be surrounded by quotes in configuration file /etc/ufdbguard/ufdbGuard.conf ***** 2016-12-23 03:24:17 [27540] 2016-12-23 03:24:17 [27540] A FATAL ERROR OCCURRED: all requests are answered with "OK" (see previous lines with "FATAL ERROR" for more details) ***** 2016-12-23 03:24:17 [27540] configuration on host proxyfnd.fundacion-jala.local: ------------------------------------------- 2016-12-23 03:24:17 [27540] dbhome "/var/squidGuard/blacklists" 2016-12-23 03:24:17 [27540] logdir "/var/ufdbguard/logs" 2016-12-23 03:24:17 [27540] # default: pidfile "/var/run/ufdbguard/ufdbguardd.pid" 2016-12-23 03:24:17 [27540] port 3977 2016-12-23 03:24:17 [27540] # interface "all" 2016-12-23 03:24:17 [27540] # default: email-server "none" 2016-12-23 03:24:17 [27540] # default: my-hostname "none" 2016-12-23 03:24:17 [27540] # default: admin-email "none" 2016-12-23 03:24:17 [27540] # default: sender-email "none" 2016-12-23 03:24:17 [27540] # default: external-status-command "none" 2016-12-23 03:24:17 [27540] logpass off 2016-12-23 03:24:17 [27540] logblock on 2016-12-23 03:24:17 [27540] logall off 2016-12-23 03:24:17 [27540] upload-crash-reports off 2016-12-23 03:24:17 [27540] lookup-reverse-ip off 2016-12-23 03:24:17 [27540] use-ipv6-on-wan on 2016-12-23 03:24:17 [27540] num-worker-threads 68 2016-12-23 03:24:17 [27540] squid-version "3.5" 2016-12-23 03:24:17 [27540] squid-uses-active-bumping off 2016-12-23 03:24:17 [27540] redirect-https "192.168.10.1:443" # NO bumping (may splice) 2016-12-23 03:24:17 [27540] redirect-bumped-https "https://blockedhttps.urlfilterdb.com/cgi-bin/URLblocked.cgi?clientgroup=%s&category=%t&url=%u" # active bumping

I’ve modified the file: # vi /etc/ufdbguard/ufdbGuard.conf and changed !aggressive for '!“aggressive”

Old

acl {


    default {
        pass !security nh_whitelist  !nh_blacklist  !in-addr  **!aggressive**  !anonvpn  !socialnet  !webradio  all
        redirect     http://192.168.10.1/cgi-bin/nethserver-block.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup=%t&url=%u
    }

}

New

acl {


    default {
        pass !security nh_whitelist  !nh_blacklist  !in-addr  **!"aggressive**"  !anonvpn  !socialnet  !webradio  all
        redirect     http://192.168.10.1/cgi-bin/nethserver-block.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup=%t&url=%u
    }

}

After restart the service it’s working again:

# /etc/init.d/ufdb restart

Thanks a lot!!

RM

Note: If I select other category using the Web console the problem comeback, in order to fix it you should edit the file and restart the service again.

1 Like

@rlndmrnda I already fixed the problem, but the update has not been released.
Please, install the new package from our testing repository:
yum --enablerepo=nethserver-testing update nethserver-squidguard

Thank you.

1 Like

It works!!

Solution tested in 2 VMs and 1 real environment.

Thanks and Happy Holidays,
Roland

2 Likes

Thank you for feedback. Update released (I hope all is ok, it’s the first time I release an update). :slight_smile: