Bug #2287

Squidguard: whitelist not working correctly

Added by Giacomo Sanchietti almost 8 years ago. Updated almost 8 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squidguard
Target version:v6.4-beta2
Security class: Resolution:
Affected version:v6.4-beta1 NEEDINFO:No

Description

Expected behavior
Domains in whitelist should never be blocked, no matter what categories are blocked.

Current behavior
Sites in whitelist are ignored and blocked by SquidGuard.

The problem is in squidGuard.conf template: whitelist must be the first acl in list.

Associated revisions

Revision 15cc8926
Added by Giacomo Sanchietti almost 8 years ago

templates, nethserver-squidguard-update-custom-list: fix whitelist behavior and apply modifications from web ui. Refs #2287

Revision 711cf364
Added by Giacomo Sanchietti almost 8 years ago

nethserver-squidguard-update-custom-list: hide action output. Refs #2287

History

#1 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

Proposed fix:

--- /etc/e-smith/templates/etc/squid/squidGuard.conf/99acl    2013-07-26 16:07:36.000000000 +0200
+++ /etc/e-smith/templates-custom/etc/squid/squidGuard.conf/99acl    2013-10-04 10:52:59.014038764 +0200
@@ -10,6 +10,7 @@
     default \{
 {
     $OUT.="        pass ";
+    $OUT.=" whitelist !blacklist !files ";
     my $allowed =  $squidguard{'AllowedCategories'} || '';
     foreach my $a (split(',',$allowed)) {
         if (exists($categories{$a})) { #do not add non-existing categories
@@ -26,7 +27,6 @@
     if ($blockipaccess eq 'enabled') { 
         $OUT.=" !in-addr ";
     }
-    $OUT.=" whitelist !blacklist !files ";
     my $blockall = $squidguard{'BlockAll'} || 'disabled';
     if ($blockall eq 'enabled') {
         $OUT.=" none\n";

#2 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
New package in nethserver-testing:
  • nethserver-squidguard-1.0.2-4.0gitdebef29d.ns6.noarch.rpm
Test case
  • Configure as Server&Gateway (Install nethserver-firewall-base and nethserver-dnsmasq)
  • Enable web filter from UI
  • In a root console, download and select a blocked category (see nethserver-squidguard for details).
  • Test the site in the blocked category is not reachable
  • In UI, add the site domain to the whitelist and check the site is browseable.

(Currently tested and working in our production firewall)

#5 Updated by Davide Principi almost 8 years ago

  • Assignee set to Davide Principi

#6 Updated by Davide Principi almost 8 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

#7 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
In nethserver-updates:
  • nethserver-squidguard-1.0.3-1.ns6.noarch.rpm

Also available in: Atom PDF