darold / squidguardmgr Goto Github PK

This is a TODO memo to share.
One important thing SG Manager is behind hand config editing yet is source ordering. In most cace, this doesn't matter, but my client bumped into the problem. They have considerablly many client network segments and require such filters among others, like below:

SRCGRPNAME[alpha]: 192.168.0.0/16 -> DST: ! www.one.com, any
SRCGRPNAME[beta]: 192.168.1.1-192.168.1.100 -> DST: ! www.two.com, any

The source group name in squidguard.conf 'alpha' and 'beta' above are those I employed without deep thought. Many LInux programs out there sort such group lists based on "unique address first" rule. But SquidGuard, a speed freak doesn't, instead uses simpler "appears first" rule. As SquidGuard Manager sorts lists alphanumerically on source-name before saving them to squidguard.conf, the two always reside in above order. In consequence, say, request from client 192.168.1.1 is recognized as [alpha] group, filter breaks!
For the time being, I made an messy operation guideline that source group name must be, if expressed with regexp ^[a-z][0-9][0-9][0-9]_.+ where more unique network address must have alphanumerically 'less' name. By the by, SquidGuard doesn't like group names that start with a number and if found, complains and stops working.
SquidGuard Manager should acquire a capability to manage order of source groups, say, like firewall policy management interfaces? calculate specificity of addresses before saving? what if some group stores addresses in separate file and some directly on conf file? Just seize sorting is not a solution because it breaks when added new source groups. Appearence order of objects other than source (destination groups, ACLs etc.) doesn't matter.

When i Create a new Source with execuserlist with a programm /tmp/test.sh "ALL" , it shows up correct in the Webinterface and it works without a problem.
But everytime i edit it, the programm lose it's argument. The value is then /tmp/test.sh and not /tmp/test.sh "ALL" as it should be
https://guides.github.com/features/mastering-markdown/

Hi Everyone,

with the SquidguardMGR 1.14 Version i can't edit the Filter list.

The List Edit Icon is simply not clickable.
But the List exist and some domains are in the domains file when i loook at it with vi.
Output of ls -lah :
-rw-r----- 1 squid nogroup 12 Feb 5 16:00 domains

Best regards
marcohald

This is an improvement request.

Filters created by squidguardmgr auto configuration features could go in a zone inside:

# DON'T REMOVE THIS LINE NEEDED BY SQUIDGUARDMGR : FILTERS BEGIN
dest adv {
        domainlist      adv/domains
        urllist adv/urls
}
dest aggressive {
        domainlist      aggressive/domains
        urllist aggressive/urls
}
...
dest webtv {
        domainlist      webtv/domains
        urllist webtv/urls
}
# DON'T REMOVE THIS LINE NEEDED BY SQUIDGUARDMGR : FILTERS END

This would allow users to remove them or reautocreate them with no arm to the rest of the file (except double filters name).

Regards,

That's not a bugg but an improvement request.

Shalla lists comme with subfolder like automobile, finance...

When asking for filter generation all those filters regarding subfolders are not generated.

Regards

Hi,

When i open or manage lists, there is no content, and log shows:

CGI::param called in list context from package main line 114, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

ii libcgi-pm-perl 4.09-1 all module for Common Gateway Interface applications

debian jessie

Can you explain this problem?
Thanx
Laszlo

Using default squidGuard.conf file coming with wheezy installation. If I ask auto creation in squidguardmgr filters page, all the lines in the rules/classes are doubled like this:

# Global variables
logdir  /var/log/squidguard
dbhome  /var/lib/squidguard/db

# Time rules
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
        weekly mtwhf 08:00-16:30
        weekly *-*-01 08:00-16:30
        weekly mtwhf 08:00-16:30
        weekly *-*-01 08:00-16:30
}

# Source addresses
src admin {
        ip      1.2.3.4  1.2.3.5
        ip      1.2.3.4  1.2.3.5
        user    root foo bar
        user    root foo bar
        within  workhours
}
src foo-clients {
        ip      172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
        ip      172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
}
src bar-clients {
        ip      172.16.4.0/26
        ip      172.16.4.0/26
}

Regards,

Hello,

When changing an ACL, configuration file is rewritten. When having some rules like:
dest local {
}
dest good {
}
that comes with the default squidguard wheezy package. They are removed. So it looks impossible to have empty rules.

Regards,