Bug 1323211 - "squidGuard" doesn't guard - no errormessages when failing
Summary: "squidGuard" doesn't guard - no errormessages when failing
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: squidGuard
Version: epel7
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-01 14:35 UTC by Bjoern Rasmussen
Modified: 2016-07-10 02:21 UTC (History)
2 users (show)

Fixed In Version: squidGuard-1.4-26.fc22 squidGuard-1.4-26.fc23 squidGuard-1.4-26.fc24 squidGuard-1.4-10.el6 squidGuard-1.4-26.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-30 14:52:07 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
squidGuard.conf (3.34 KB, text/plain)
2016-04-01 14:35 UTC, Bjoern Rasmussen
no flags Details
squid.conf (3.22 KB, text/plain)
2016-04-01 14:38 UTC, Bjoern Rasmussen
no flags Details

Description Bjoern Rasmussen 2016-04-01 14:35:50 UTC
Created attachment 1142581 [details]
squidGuard.conf

Description of problem:

To work or not, "squidGuard" depends on the correct order of lines of text in its config-file.


Version-Release number of selected component (if applicable):

# squidGuard -v
SquidGuard: 1.4 Berkeley DB 5.3.21: (May 11, 2012)


How reproducible:


Steps to Reproduce:

Change the order of "dest"-lines in /etc/squid/squidGuard.conf.

This works:

dest bad {
        domainlist proxy/domains
        urllist proxy/urls
        domainlist redirector/domains
        urllist redirector/urls
        domainlist spyware/domains
        urllist spyware/urls
        domainlist suspect/domains
        urllist suspect/urls
        domainlist violence/domains
        urllist violence/urls
        domainlist warez/domains
        urllist warez/urls

        domainlist ads/domains
        urllist ads/urls
# domainlist adult/domains - blir vel merget?
# urllist adult/urls - blir vel merget?
        domainlist aggressive/domains
        urllist aggressive/urls
        domainlist audio-video/domains
        urllist audio-video/urls
        domainlist drugs/domains
        urllist drugs/urls
        domainlist gambling/domains
        urllist gambling/urls
        domainlist hacking/domains
        urllist hacking/urls
        domainlist mail/domains
        domainlist porn/domains
        urllist porn/urls

#? domainlist proxy/domains
#? urllist proxy/urls
#? domainlist redirector/domains
#? urllist redirector/urls
#? domainlist spyware/domains
#? urllist spyware/urls
#? domainlist suspect/domains
#? urllist suspect/urls
#? domainlist violence/domains
#? urllist violence/urls
#? domainlist warez/domains
#? urllist warez/urls
}


This doesn't work:

dest bad {
        domainlist ads/domains
        urllist ads/urls
# domainlist adult/domains - blir vel merget?
# urllist adult/urls - blir vel merget?
        domainlist aggressive/domains
        urllist aggressive/urls
        domainlist audio-video/domains
        urllist audio-video/urls
        domainlist drugs/domains
        urllist drugs/urls
        domainlist gambling/domains
        urllist gambling/urls
        domainlist hacking/domains
        urllist hacking/urls
        domainlist mail/domains
        domainlist porn/domains
        urllist porn/urls

      domainlist proxy/domains
#? urllist proxy/urls
#? domainlist redirector/domains
#? urllist redirector/urls
#? domainlist spyware/domains
#? urllist spyware/urls
#? domainlist suspect/domains
#? urllist suspect/urls
#? domainlist violence/domains
#? urllist violence/urls
#? domainlist warez/domains
#? urllist warez/urls
}

If any of the "#?" are removed for the */urls, it won't work. Its ok to remove "#?" from the */domains. Moving the whole remarked section and removing all "#?" works.

Test with "echo "http://something [^] 192.168.x.x/ - - GET" | squidGuard -c /etc/squid/squidGuard.conf -d". If it works, redirectet page is shown.


Actual results:

"squidGuard" doesn't guard - no errormessages when failing


Expected results:

If it works, redirectet page is shown.


Additional info:

Not good for security, since squid/squidGuard doesn't log any errors when failing.

See complete squidGuard.conf and squid.conf files enclosed!

# squid -v
Squid Cache: Version 3.3.8

Deleting all squidGuard databases and then recompile doesn't help.

Comment 1 Bjoern Rasmussen 2016-04-01 14:38:50 UTC
Created attachment 1142588 [details]
squid.conf

Comment 2 manuel wolfshant 2016-04-01 14:40:34 UTC
You have no actual log clauses in your config. See  http://www.squidguard.org/Doc/extended.html#blocklog for an example.

Comment 3 Bjoern Rasmussen 2016-04-01 14:55:03 UTC
Thanks for your quick response!

I know. But there is nothing in the logs showing that squidGuard doesn't work (i.e. doesn't block anything). When it works, it blocks everything defined under dest "bad". There are no error messages, leading me to think everything is ok. Still no domains or urls are blocked.

Comment 4 Fedora Update System 2016-06-21 14:27:43 UTC
squidGuard-1.4-25.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-a218333fce

Comment 5 Fedora Update System 2016-06-21 14:28:05 UTC
squidGuard-1.4-25.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-32850bf4cb

Comment 6 Fedora Update System 2016-06-21 14:28:19 UTC
squidGuard-1.4-25.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-9babc0b545

Comment 7 Fedora Update System 2016-06-21 14:28:33 UTC
squidGuard-1.4-25.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b9cbdbca8

Comment 8 Fedora Update System 2016-06-21 14:28:47 UTC
squidGuard-1.4-10.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e7c7e5786e

Comment 9 Fedora Update System 2016-06-21 14:46:57 UTC
squidGuard-1.4-26.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8a01aa629

Comment 10 Fedora Update System 2016-06-21 14:47:15 UTC
squidGuard-1.4-26.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b19472a3c

Comment 11 Fedora Update System 2016-06-21 14:47:32 UTC
squidGuard-1.4-26.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-fbb5a65729

Comment 12 Fedora Update System 2016-06-21 14:47:48 UTC
squidGuard-1.4-26.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d3e4c82ed7

Comment 13 Fedora Update System 2016-06-22 01:47:59 UTC
squidGuard-1.4-10.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e7c7e5786e

Comment 14 Fedora Update System 2016-06-22 02:18:41 UTC
squidGuard-1.4-26.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d3e4c82ed7

Comment 15 Fedora Update System 2016-06-22 02:25:54 UTC
squidGuard-1.4-26.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fbb5a65729

Comment 16 Fedora Update System 2016-06-22 02:26:02 UTC
squidGuard-1.4-26.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b19472a3c

Comment 17 Fedora Update System 2016-06-22 02:53:50 UTC
squidGuard-1.4-26.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f8a01aa629

Comment 18 Fedora Update System 2016-06-30 14:51:50 UTC
squidGuard-1.4-26.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2016-06-30 19:52:46 UTC
squidGuard-1.4-26.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2016-06-30 21:28:23 UTC
squidGuard-1.4-26.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 21 Fedora Update System 2016-07-09 23:18:23 UTC
squidGuard-1.4-10.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2016-07-10 02:21:09 UTC
squidGuard-1.4-26.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.