Bug #3398

Global whitelist not working when URLBlacklist.com is the Blacklists database

Added by Davide Marini about 5 years ago. Updated about 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squidguard
Target version:v6.8-beta1
Security class: Resolution:
Affected version:v6.7 NEEDINFO:No

Description

  • Content Filter (squidGuard)
  • Blacklist in use : URLBlacklist.com

The global whitelist isn't working, this problem seems to not appear with other blacklists DB (as Shalla or Touluse)

Making some test and analisys I found that urlblacklist.com downloaded also a whitelist and in the squidguard.conf file there is just the downloaded whitelist and not the global whitelist of nethserver.
There is a sort of override of the nethserver's whitelist.

extract from squidguard.conf with urlblacklist.com DB:


dest whitelist {
      domainlist /var/squidGuard/blacklists/whitelist/domains
      urllist /var/squidGuard/blacklists/whitelist/urls
      logfile urlfilter.log
}

extract from squidguard.conf with Shalla DB (no problems in this case) :


dest whitelist {
      domainlist /var/squidGuard/blacklists/custom/whitelist/domains
      urllist /var/squidGuard/blacklists/custom/whitelist/urls
      logfile urlfilter.log
}

To avoid any problem It should be enough to rename the custom whitelist with a name not present in any blacklist, for example : neth_whitelist, neth_blacklist ...

Associated revisions

Revision 24d2177f
Added by Giacomo Sanchietti about 5 years ago

squidGuard.conf: avoid name clash on global whitelist and blacklist. Refs #3398

Revision d98bcea4
Added by Giacomo Sanchietti about 5 years ago

squidGuard.conf: avoid name clash on global whitelist and blacklist. Refs #3398

History

#1 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.8-beta1
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Added nh_ prefix to whitelist and blacklist.

#4 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
In nethserver-testing:
  • nethserver-squidguard-1.4.2-1.1.g24d2177.ns6.noarch.rpm
Test case 1
  • Check the bug is not reproducible
Test case 2
  • Add a domain to the whitelist and check it's not blocked
  • Add a domain to the blacklist and check it's blocked

#5 Updated by Davide Marini about 5 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Installed blacklists from UrlBlacklacklist.com, custom whitelist enabled in the filter section:

the whitelist section taken from urlblacklist.com does not appear in the squidGuard.conf

[root@vmdavide67 ~]# grep -i whitelist /etc/squid/squidGuard.conf
dest whitelist {
      domainlist /var/squidGuard/blacklists/custom/whitelist/domains
      urllist /var/squidGuard/blacklists/custom/whitelist/urls
        pass whitelist  !blacklist  !in-addr  !builtin  !pers  !whitelist  all

after installing the updated packet squidGuard.conf has the right configuration:

[root@vmdavide67 ~]# grep -i whitelist /etc/squid/squidGuard.conf
dest whitelist {
      domainlist /var/squidGuard/blacklists/whitelist/domains
      urllist /var/squidGuard/blacklists/whitelist/urls
dest nh_whitelist {
      domainlist /var/squidGuard/blacklists/custom/whitelist/domains
      urllist /var/squidGuard/blacklists/custom/whitelist/urls
        pass nh_whitelist  !nh_blacklist  !in-addr  !builtin  !pers  !whitelist  all

and the content filter works as expected.

#6 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in
  • 6.8/nethserver-base: nethserver-squidguard-1.4.3-1.ns6.noarch.rpm
  • 7.2/nethserver-testing: nethserver-squidguard-1.4.3-1.4.gcaa0e97.ns7.noarch.rpm

Also available in: Atom PDF