Author Topic: Squid transparent blocking all sites.  (Read 2667 times)

miquim

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Squid transparent blocking all sites.
« on: November 13, 2012, 01:11:25 pm »
When i enable the transparent mode all my sites are blocked,

my HTTP Proxy -> Access Rules is this:

Time period      Source    Decision   
 All time                Any            Allow All            

i dont understend this!!!

please help me!!!!

Sam Graf

  • Guest
Re: Squid transparent blocking all sites.
« Reply #1 on: November 14, 2012, 03:40:49 pm »
Hi, and welcome!

That's odd; I don't understand it either. I've not encountered any problems with the proxy preventing all access on my 3.0 test setup, nor have I seen any indication here of this being a common problem.

So are you actually seeing a block message from the proxy? If so, what exactly is it saying? If not, could there be other factors involved? For instance, does the Zentyal machine itself have Internet access?

miquim

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Squid transparent blocking all sites.
« Reply #2 on: November 15, 2012, 01:38:26 am »
is this message showing to me.


O seguinte erro foi encontrado ao tentar recuperar a URL:  http://www.google.com.br/

Acesso Negado.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Seu administrador do cache é webmaster.

Escorpiom

  • Zen Hero
  • *****
  • Posts: 897
  • Karma: +25/-1
    • View Profile
Re: Squid transparent blocking all sites.
« Reply #3 on: November 15, 2012, 02:30:43 am »
Check the default rule, this is a typical misconfiguration.
Also, what version are you using?

Cheers.
Marcus' Rule:
Blanks & capitals = avoid it and you'll avoid problems...

miquim

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Squid transparent blocking all sites.
« Reply #4 on: November 16, 2012, 12:38:35 pm »
i am using a zentyal 3.0.

in my HTTP Proxy -> Access Rules is the same the last post,
and my HTTP Proxy -> Filter Profiles has a default  with shallalist categorized list.


patmagee1024

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +2/-0
    • View Profile
Re: Squid transparent blocking all sites.
« Reply #5 on: May 05, 2013, 02:21:36 am »
I wanted to resurrect this thread because I have had the same issue for months and I'm just getting around to posting about it. This wasn't a problem initially. I actually used this to block sites that products like SpyBot report as a malware threat, thus protecting all computers at once along with all smartphones using my wifi. Very effective solution when it worked.

On the dashboard check the status of the HTTP Proxy module to see if it is stopped. Mine does the same thing and the dashboard reports the module as stopped. Hit the restart icon next to it and nothing happens. There is no block message, it's like all packets just get dropped. Browser simply reports the site might be down, etc.

Running core 3.0.20


--General Settings--
Transparent proxy using port 3128
Ad blocking not selected
Kerberos not selected
500 MB cache
No exemptions (cache or proxy)

--Access Rules--
Time=All Time
Source=Any
Apply 'default' profile

I also tried a network object for this as well and get the same results.(The object was 192.168.0.0/24)

--Filter Profiles>default
Threshold=no
Antivirus=no
Domains and URLs=Nothing checked and no rules
Domain Categories -Here's where the problem happens-
Everything works as long as there is no decision on any category or allow all (of course this doesn't block anything)
If I set a category to 'deny all' my system blocks all web traffic to the internet for all systems. I originally figured something changed and my custom list was causing the problem so I loaded the shallasecure file and got the same results.

I want to purge all history of lists I have installed (to get a true clean start) but I haven't figured out where that is contained yet.

Any thoughts would be much appreciated. I would like to be able to use this again but for the moment I have to leave it unconfigured in order to reach the web.


christian

  • Guest
Re: Squid transparent blocking all sites.
« Reply #6 on: May 05, 2013, 06:41:48 am »
I wanted to resurrect this thread because I have had the same issue for months and I'm just getting around to posting about it. This wasn't a problem initially. I actually used this to block sites that products like SpyBot report as a malware threat, thus protecting all computers at once along with all smartphones using my wifi. Very effective solution when it worked.

On the dashboard check the status of the HTTP Proxy module to see if it is stopped. Mine does the same thing and the dashboard reports the module as stopped. Hit the restart icon next to it and nothing happens. There is no block message, it's like all packets just get dropped. Browser simply reports the site might be down, etc.

If HTTP proxy service is not running, then you will not access internet except using HTTPS, that's pretty obvious  8)
You should focus on syslog and look for messages while you start HTTP proxy service. Perhaps looking at Zentyal log may help too.

patmagee1024

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +2/-0
    • View Profile
[SOLVED] Re: Squid transparent blocking all sites.
« Reply #7 on: May 06, 2013, 02:58:09 pm »
As it turns out I may have solved my problem already. It turns out squid changed the way it handles acl lists. I found my custom list had some duplicates and squid bombs out now rather than just dealing with the duplicates (thus the stopped http service). Additionally, if squid loads a subdomain (e.g. pat.home.com) and then tries to load the domain again (e.g. home.com) it will bomb out now rather than just issuing warnings like it used to do. A patch has been issued for this but it will be a while before it gets into the Ubuntu distribution.

I found entries in the syslog mentioning bungled acl list. When searching for that I found the info in the above paragraph. I got rid of the duplicates and such and my list is working now like it's supposed to.

Edited to correct usage of domain and subdomain.
« Last Edit: May 06, 2013, 04:18:17 pm by patmagee1024 »

christian

  • Guest
Re: Squid transparent blocking all sites.
« Reply #8 on: May 06, 2013, 03:08:23 pm »
Cool.
Cool too to have stamped your post as [SOLVED] unfortunately, you have to do this updating the very first post if you want it to be visible.

I also suppose there is a typo when you wrote
Quote
if squid loads a domain (e.g. pat.home.com) and then tries to load the subdomain again (e.g. home.com)

here home.com is the domain and pat.home.com the sub-domain  ;)

patmagee1024

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +2/-0
    • View Profile
Re: Squid transparent blocking all sites.
« Reply #9 on: May 06, 2013, 04:17:22 pm »
As usual you are correct on both. I can't modify the original subject since I didn't start it. Hopefully people that search will find mine showing solved.