Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Need help with squidGuard [SOLVED by not using squidguard]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mocsokmike
Tux's lil' helper
Tux's lil' helper


Joined: 04 Aug 2005
Posts: 116
Location: Budapest, Hungary

PostPosted: Fri Feb 27, 2015 4:53 pm    Post subject: Need help with squidGuard [SOLVED by not using squidguard] Reply with quote

I have a working squid + squidGuard installation, I plan to use it as an URL filtering proxy and gateway.
I also want to use proxy authentication because I need to be able to fine-tune URL filtering by users.

My squidGuard segfaults when I enable the "src" block in its config file, where I would like to enter some usernames who should be able to visit certain sites.
In fact, when I enable that block squidGuard constantly crashes and restarts resulting in huge CPU and memory usage and a non-working proxy.

"USER" and "IP" were replaced with real data when I tested this.

My squidGuard.conf is:
Code:
logdir /var/log/squidGuard
dbhome /etc/squidGuard/db

#src privileged {
#       user            USER
#}

dest timewaster {
        domainlist      timewaster
}

dest porn {
        domainlist      porn
}

dest warez {
        domainlist      warez
}

acl {
#       privileged {
#               pass !porn !warez all
#       }
        default {
                pass !timewaster !porn !warez all
                redirect http://our-webserver/proxy/index.php?ip=%a&user=%i&url=%u&dest=%t&src=%s&domain=%n&path=%p
        }
}

When the config file is as I pasted above, it works properly:
Code:
gw1 squid # echo "http://www.bittorrent.com IP/- USER GET" | squidGuard -d
2015-02-27 17:27:17 [23695] New setting: logdir: /var/log/squidGuard
2015-02-27 17:27:17 [23695] New setting: dbhome: /etc/squidGuard/db
2015-02-27 17:27:17 [23695] init domainlist /etc/squidGuard/db/timewaster
2015-02-27 17:27:17 [23695] loading dbfile /etc/squidGuard/db/timewaster.db
2015-02-27 17:27:17 [23695] init domainlist /etc/squidGuard/db/porn
2015-02-27 17:27:17 [23695] loading dbfile /etc/squidGuard/db/porn.db
2015-02-27 17:27:17 [23695] init domainlist /etc/squidGuard/db/warez
2015-02-27 17:27:17 [23695] loading dbfile /etc/squidGuard/db/warez.db
2015-02-27 17:27:17 [23695] squidGuard 1.4 started (1425054437.437)
2015-02-27 17:27:17 [23695] squidGuard ready for requests (1425054437.437)
2015-02-27 17:27:17 [23695] source not found
2015-02-27 17:27:17 [23695] no ACL matching source, using default
http://10.0.0.24/proxy/index.php?ip=IP&user=USER&url=http://www.bittorrent.com&dest=warez&src=default&domain=&path= IP/- USER GET
2015-02-27 17:27:17 [23695] squidGuard stopped (1425054437.438)

But when I uncomment the commented lines, this happens:
Code:
gw1 squid # echo "http://www.bittorrent.com IP/- USER GET" | squidGuard -d
2015-02-27 17:28:26 [23740] New setting: logdir: /var/log/squidGuard
2015-02-27 17:28:26 [23740] New setting: dbhome: /etc/squidGuard/db
Segmentation fault


Again, I need to use the "src" section, but it is clearly the cause of the segfault. Anyone knows why?
My versions are:
Code:
net-proxy/squidguard-1.4-r4  USE="-ldap"
net-proxy/squid-3.5.1  USE="htcp pam ssl wccp wccpv2 -caps -ecap -esi (-ipf-transparent) -ipv6 -kerberos (-kqueue) -ldap -logrotate -mysql -nis (-pf-transparent) -postgres -qos -radius -samba -sasl (-selinux) -snmp -sqlite -ssl-crtd {-test} -tproxy"

_________________
format c:
emerge system


Last edited by mocsokmike on Mon Mar 09, 2015 11:50 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Sat Feb 28, 2015 12:50 am    Post subject: Reply with quote

No configuration file input, no matter how ill-formed, can cause a non-buggy program to crash. If you are getting a crash, then you have found a bug. Please report it to the developers.
Back to top
View user's profile Send private message
mocsokmike
Tux's lil' helper
Tux's lil' helper


Joined: 04 Aug 2005
Posts: 116
Location: Budapest, Hungary

PostPosted: Wed Mar 04, 2015 12:09 pm    Post subject: Reply with quote

I sent a bug report to their e-mail address I found on their website, and will post the results here.

EDIT: http://openbsd.7691.n7.nabble.com/Fix-www-squidguard-segfault-on-64-bit-td232627.html
Think I will move away from SG and try to find something similar instead.

EDIT 2: five days after sending the bug report I received this:
Code:
<sg-bugs@squidguard.org>: connect to mail.squidguard.org[85.214.21.246]:25:
    Connection refused

I think squidguard is dead. I could do what I wanted using Squid alone, so from my point of view this problem does not exist anymore.
_________________
format c:
emerge system
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum