Project

General

Profile

Actions

Bug #10768

closed

Squidguard overwrites Advanced Config from Squid Proxy in HA Configurations

Added by Andreas Tillwicks about 5 years ago. Updated about 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
squidguard
Target version:
-
Start date:
07/16/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.5-p1
Affected Plus Version:
Affected Architecture:
amd64

Description

If you are using a PFsense HA configuration with a virtual HA_IP, you have to add these HA virtual IP to the advanced configuration settings in the Squid advanced config section for example http_port xx.xx.xxx:8080 on each HA Member.

If in this Configuration SQuidguard starts to reconfig or refresh its blacklists it will overwrite the whole Squidporxy advanced config section and deletes the http_port config. In addition this will sync to all the HA Members and all clients that try to connect to the virtual HA_ip will fail, because Squid is not listening on the HA_ip..

SquidGuard should be adding, not overwriting this configsection and if changes occurs just change his config section. To do this perhaps add some comments to get the Squidguard section and just change this section.

Actions #1

Updated by Viktor Gurov about 5 years ago

If you are using a PFsense HA configuration with a virtual HA_IP, you have to add these HA virtual IP to the advanced configuration settings in the Squid advanced config section for example http_port xx.xx.xxx:8080 on each HA Member.

In the latest Squid package versions you can select HA_IP in the 'Proxy Interface(s)' list,
see https://forum.netgate.com/topic/154406/squid-ha-support

Actions #2

Updated by Viktor Gurov about 5 years ago

  • Status changed from New to Rejected

+ squidGuard doesn't remove Custom Options (Before Auth), Custom Options (After Auth) and Custom Options (SSL/MITM)

Actions

Also available in: Atom PDF