<color><param>0100,0100,0100</param>Hi there, 


	I've just posted these two messages to the SquidGuard users list. The  
second one shows that SquidGuard is actualy working as expected and both 
 IP's are blocked for a specific site. 


However using squid and squidGuard together is proving a problem with the  
10.1.3.102 address and others, 10.1.*.* seems to fail, but 10.1.1.* are  
blocked. Incidentaly the server itself is on 10.1.1.* 


So is there a problem in the way that squid 2.4.S2 is passing the addresses  
to the redirector program compaired with 2.3.S1, as the box running the  
earlier version was fine and worked as expected ??? 


Thanks, 

			Lee 


------- Forwarded message follows ------- 


<color><param>0000,0000,0000</param>Hi there, 


	We've been running squid/squidguard for a while now, and its been pretty 

good. However I curently have a problem that some machines are passing  

through when they should not be. 


Take the configuration below. the machine 10.1.1.241 is being blocked  

access to the site www.boltblue.com, where as the machine 10.1.3.102 is  

not !!! 


Squid is not going into protection, nor is there an error in the logs.  


All i can think of is that there is either a bug (unlikely) or that somehow 

10.1.3.102 is somehow being negated elsewhere, but nither squid nor  

squidguard indicate this. 


All that has been done in months is that we've employed a new machine,  

however both are running the same squidGuard version (though squid is  

2.4Stable2 vs 2.3Stable1) 


Anyone got any ideas on whats happening, or even how to track down the  

problem (the -d isn't much good as there isn't an error, is there a debug 

so  

you can see squidGuard analysing things???) 


Ta, 

		Lee 


SquidGuard: 1.1.4 Sleepycat Software: Berkeley DB 2.7.7: (08/20/99) 


src bri-ed { 

             ip         10.1.1.240-10.1.1.241   # lee 

             ip         10.1.3.100-10.1.3.103   # Bristol 

             ip         10.1.3.129/255.255.255.255      # Booth9 

            } 

dest all-ed-ok  { 

                domainlist all-ed/domains 

                urllist    all-ed/urls 

                } 

acl   { 

        bri-ed { 

                pass !metro-all all-ed-ok none 

                } 

        default { 

                pass !metro-all all 

                redirect 

<underline><color><param>0000,8000,0000</param>http://10.1.1.16/cgi-bin/blocked.cgi?clientaddr=%a&url=%</underline><color><param>0000,0000,0000</param> 

                } 

	} 


------------------------------------------ 

Hi there, 


A bit of further testing shows : 


[root@proxy log]# echo "http://www.boltblue.com 10.1.1.241/- - GET" |  

/usr/local/bin/squidGuard -d 

http://10.1.1.16/cgi- 

bin/blocked.cgi?clientaddr=10.1.1.241&url=http://www.boltblue.com  

10.1.1.241/- - GET 

2001-11-26 16:14:13 [14588] squidGuard stopped (1006791253.267) 


echo "http://www.boltblue.com 10.1.3.102/- - GET" |  

/usr/local/bin/squidGuard -d 

http://10.1.1.16/cgi- 

bin/blocked.cgi?clientaddr=10.1.3.102&url=http://www.boltblue.com  

10.1.3.102/- - GET 

2001-11-26 16:14:29 [14591] squidGuard stopped (1006791269.686) 


To me this shows that SquidGuard is blocking on 10.1.3.102 as it is for  

10.1.1.241 


However since from 10.1.3.102 its posible to see the site and they are both  

going through the squid proxy.....I'd guess there is a fault in the way "Squid  

Cache: Version 2.4.STABLE2" passes the line to squidGuard ??? 


Any ideas on that one then ??? 


<color><param>0100,0100,0100</param>------- End of forwarded message ------- 

------- End of forwarded message -------

<nofill>
--
Lee Edward Armstrong (now in maried form!)http://www.darkwave.org.uk/~lee
My Clothes Will Impress You, And My Claws Will Undress You. - The Damned