Bug #2287
Squidguard: whitelist not working correctly
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-squidguard | |||
| Target version: | v6.4-beta2 | |||
| Security class: | Resolution: | |||
| Affected version: | v6.4-beta1 | NEEDINFO: | No | 
Description
Expected behavior
Domains in whitelist should never be blocked, no matter what categories are blocked.
Current behavior
Sites in whitelist are ignored and blocked by SquidGuard.
The problem is in squidGuard.conf template: whitelist must be the first acl in list.
Associated revisions
templates, nethserver-squidguard-update-custom-list: fix whitelist behavior and apply modifications from web ui. Refs #2287
nethserver-squidguard-update-custom-list: hide action output. Refs #2287
History
#1
     Updated by Giacomo Sanchietti almost 8 years ago
    Updated by Giacomo Sanchietti almost 8 years ago
    - Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
Proposed fix:
--- /etc/e-smith/templates/etc/squid/squidGuard.conf/99acl    2013-07-26 16:07:36.000000000 +0200
+++ /etc/e-smith/templates-custom/etc/squid/squidGuard.conf/99acl    2013-10-04 10:52:59.014038764 +0200
@@ -10,6 +10,7 @@
     default \{
 {
     $OUT.="        pass ";
+    $OUT.=" whitelist !blacklist !files ";
     my $allowed =  $squidguard{'AllowedCategories'} || '';
     foreach my $a (split(',',$allowed)) {
         if (exists($categories{$a})) { #do not add non-existing categories
@@ -26,7 +27,6 @@
     if ($blockipaccess eq 'enabled') { 
         $OUT.=" !in-addr ";
     }
-    $OUT.=" whitelist !blacklist !files ";
     my $blockall = $squidguard{'BlockAll'} || 'disabled';
     if ($blockall eq 'enabled') {
         $OUT.=" none\n";
#2
     Updated by Giacomo Sanchietti almost 8 years ago
    Updated by Giacomo Sanchietti almost 8 years ago
    - Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3
     Updated by Giacomo Sanchietti almost 8 years ago
    Updated by Giacomo Sanchietti almost 8 years ago
    - Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#4
     Updated by Giacomo Sanchietti almost 8 years ago
    Updated by Giacomo Sanchietti almost 8 years ago
    - Status changed from MODIFIED to ON_QA
- Assignee deleted (Giacomo Sanchietti)
- % Done changed from 60 to 70
New package in nethserver-testing:
	
    - nethserver-squidguard-1.0.2-4.0gitdebef29d.ns6.noarch.rpm
- Configure as Server&Gateway (Install nethserver-firewall-base and nethserver-dnsmasq)
- Enable web filter from UI
- In a root console, download and select a blocked category (see nethserver-squidguard for details).
- Test the site in the blocked category is not reachable
- In UI, add the site domain to the whitelist and check the site is browseable.
(Currently tested and working in our production firewall)
#5
     Updated by Davide Principi almost 8 years ago
    Updated by Davide Principi almost 8 years ago
    - Assignee set to Davide Principi
#6
     Updated by Davide Principi almost 8 years ago
    Updated by Davide Principi almost 8 years ago
    - Status changed from ON_QA to VERIFIED
- Assignee deleted (Davide Principi)
- % Done changed from 70 to 90
VERIFIED
#7
     Updated by Giacomo Sanchietti almost 8 years ago
    Updated by Giacomo Sanchietti almost 8 years ago
    - Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
	
    - nethserver-squidguard-1.0.3-1.ns6.noarch.rpm