Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - rbarceloss

Pages1
#1
Web Proxy Filtering and Caching / Squid donĀ“t feed access.log file
January 18, 2018, 01:31:19 PM
I have a problem with my fresh new OPNsense, I just start to play with OPNsense at 2 days ago, and after some configs and updates to the last realese version I activate WebProxy. But my /var/log/squid/access.log still clean. cache.log and store.log have data. I already activated the proxy, and local cache, I surf by these proxy and no data of access. Someone have any clue about my problem?

File /usr/local/etc/squidsquid.conf
Code Select
#
# Automatic generated configuration for Squid.
# Do not edit this file manually.
#


# Setup transparent mode listeners on loopback interfaces
http_port 127.0.0.1:3128 intercept
http_port [::1]:3128 intercept

# Setup regular listeners configuration
http_port 189.84.217.165:3128 
http_port 10.10.10.5:3128 


acl ftp proto FTP
http_access allow ftp


# Setup ftp proxy

# Rules allowing access from your local networks.
# Generated list of (internal) IP networks from where browsing
# should be allowed. (Allow interface subnets).
acl localnet src 189.84.217.160/29 # Possible internal network (interfaces v4)
acl localnet src 10.10.10.0/24 # Possible internal network (interfaces v4)
# Default allow for local-link and private networks
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

# ACL lists

# ACL - Remote fetched Blacklist (remoteblacklist)
acl remoteblacklist_ShallaBlackList dstdomain "/usr/local/etc/squid/acl/ShallaBlackList"

# ACL - Block browser/user-agent - User defined (browser)

# ACL - SSL ports, default are configured in config.xml
# Configured SSL ports (if defaults are not listed, then they have been removed from the configuration!):
acl SSL_ports port 443 # https

# Default Safe ports are now defined in config.xml
# Configured Safe ports (if defaults are not listed, then they have been removed from the configuration!):
# ACL - Safe_ports
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# ICAP SETTINGS
# disable icap
icap_enable off

# Pre-auth plugins
include /usr/local/etc/squid/pre-auth/*.conf

# Authentication Settings





# ACL list (Deny) remoteblacklist_ShallaBlackList
http_access deny remoteblacklist_ShallaBlackList



# Deny requests to certain unsafe ports

http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost


# Auth plugins
include /usr/local/etc/squid/auth/*.conf

#
# Access Permission configuration:
#
# Deny request from unauthorized clients

#
# ACL - localnet - default these include ranges from selected interfaces (Allow local subnets)
http_access allow localnet

# ACL - localhost
http_access allow localhost

# Deny all other access to this proxy
http_access deny all
# Post-auth plugins
include /usr/local/etc/squid/post-auth/*.conf

# Caching settings
cache_mem 256 MB
cache_dir ufs /var/squid/cache 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache

#
# Add any of your own refresh_pattern entries above these.
#

# http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)     4320 80% 129600 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 129600 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)       4320 80% 129600 reload-into-ims

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# Squid Options

logformat opnsense      %>a %[ui %>eui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log stdio:/var/log/squid/access.log opnsense
cache_store_log stdio:/var/log/squid/store.log
# URI hanlding with Whitespaces (default=strip)
uri_whitespace strip
# Disable squid logfile rotate to use system defaults
logfile_rotate 0
# Define visible hostname
visible_hostname localhost
# Define visible email
cache_mgr admin@localhost.local
Pages1