OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: cmonty14 on April 04, 2022, 02:03:24 am
-
Hi,
I completed setup of Web Filtering following the documentation (https://docs.opnsense.org/manual/how-tos/proxywebfilter.html).
However, after clicking "Download ACLs" there are no categories to select in the relevant field for any of the configured lists, in my case UT1 web filter (ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz) and shallalist.de web filter (http://shallalist.de/Downloads/shallalist.tar.gz).
Can you please advise how to troubleshoot this issue?
THX
-
http://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz
Could you try it ?
-
Hi,
It's an old threat, but I have the same problem. The ACL is not showing up, so i guess, it is downloading nothing. But the url is correct.
Do you have same issue?
-
I am facing the same issue. I am a newbie.
Anyone ?
ver. 23.7 fresh Install on N95 with 16GB ram 2x NIC
-
Same problem here!
I configured https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz as Remote ACL. Testing this URL in the browser works perfectly, but "Download ACL" fails: After downloading no categories are selectable.
I did some further investigation: SSH to opnsense and start the python script on the shell:
root@opnsense:~ # python3 /usr/local/opnsense/scripts/proxy/fetchACLs.py
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/response.py", line 444, in _error_catcher
yield
File "/usr/local/lib/python3.9/site-packages/urllib3/response.py", line 567, in read
data = self._fp_read(amt) if not fp_closed else b""
File "/usr/local/lib/python3.9/site-packages/urllib3/response.py", line 533, in _fp_read
return self._fp.read(amt) if amt is not None else self._fp.read()
File "/usr/local/lib/python3.9/http/client.py", line 463, in read
n = self.readinto(b)
File "/usr/local/lib/python3.9/http/client.py", line 507, in readinto
n = self.fp.readinto(b)
File "/usr/local/lib/python3.9/socket.py", line 704, in readinto
return self._sock.recv_into(b)
File "/usr/local/lib/python3.9/ssl.py", line 1275, in recv_into
return self.read(nbytes, buffer)
File "/usr/local/lib/python3.9/ssl.py", line 1133, in read
return self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/opnsense/scripts/proxy/fetchACLs.py", line 381, in <module>
main()
File "/usr/local/opnsense/scripts/proxy/fetchACLs.py", line 325, in main
for filename, basefilename, file_ext, line in acl.download():
File "/usr/local/opnsense/scripts/proxy/fetchACLs.py", line 153, in download
self.fetch()
File "/usr/local/opnsense/scripts/proxy/fetchACLs.py", line 88, in fetch
data = req.raw.read(10240)
File "/usr/local/lib/python3.9/site-packages/urllib3/response.py", line 593, in read
raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
File "/usr/local/lib/python3.9/contextlib.py", line 137, in __exit__
self.gen.throw(typ, value, traceback)
File "/usr/local/lib/python3.9/site-packages/urllib3/response.py", line 449, in _error_catcher
raise ReadTimeoutError(self._pool, None, "Read timed out.")
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='dsi.ut-capitole.fr', port=443): Read timed out.
Internet connectivity is VDSL 100 from German Telekom, the script ran several minutes before throwing this error above. Downloading the file in a browser takes only a few seconds (27 MB). So I believe there must be a bug in the Download Remote ACL section...
I also had a look at the internet traffic (tcpdump on WAN, limited to host IP "dst.ut-capitale.fr"). While running the python script there was constantly traffic from that IP. A lot of incoming TCP packets which all got ACKed.
Any ideas?
-
Looks like it does or did not work at all. Ever. I tried several versions of opnsense, back to version 19.1, no success. So I just set unbound blocklist, and I am satisfied with it at the moment.