Hi,
I recently upgraded my HTTP Proxy module from 3.0 to 3.0.2 and it seems that the way that domain-category filtering is implemented has been changed.
Previously, the domain category lists were linked to via the Dansguardian configuration list files, so that when the user attempted to browse to a domain in
a blocked category they were shown a friendly Dansguardian 'blocked' page explaining why they were being blocked (local admin policy) and in which
domain category the blocked site was included.
Now the blocked domains are added to Squid's acl configuration, so when the user attempts to browse to a domain in a blocked category they receive
an abrupt '403 Forbidden' message from their browser, which means they cannot tell whether the site is blocked due to local policy, or whether the site itself
is broken.
While this change may be more efficient in operation, it is definitely a backwards step in system usability and if possible I would like to vote for a return to
the previous implementation.
Now for the bug report:
I have at the top of my access-policy list, a policy for the network object 'Banned' which applies the 'Deny All' action.
Most of the time, the 'Banned' object has no members and when this is the case http access is blocked for all sites for all users.
The above configuration worked fine with Http Proxy module version 3.0.
Adding a dummy member to the 'Banned' object seems to make everything work as expected.
Regards,
Yatsura.