Help, please.... Proxy is not responding - Waiting for proxy to respond
1,165 views
Skip to first unread message
g...@brainlair.net
Sep 16, 2015, 11:37:58 AM9/16/15
to e2guardian
I've successfully built e2guardian from source and tried the DEB package.
I'm getting the following in the syslog for both:
Sep 16 10:23:11 tower e2guardian[5421]: Started sucessfully.
Sep 16 10:23:11 tower e2guardian[5421]: Proxy is not responding - Waiting for proxy to respond
This is on a Ubuntu (12.04.5 LTS / kernel 3.2.0-90-generic) machine that's been running both the latest repository version of DG and whatever the latest source is that I built myself.
FredB
Sep 16, 2015, 1:30:10 PM9/16/15
to e2gua...@googlegroups.com
More information please
Squid listening port ?
E2guardian configuration ?
Squid listening port ?
E2guardian configuration ?
g...@brainlair.net
Sep 16, 2015, 2:52:29 PM9/16/15
to e2guardian
> Squid listening port ?
Ah! Now I feel like a complete idiot!
I had DG running on port 8000 and Squid on 3128. I completely forgot that I had disabled DG and reconfigured Squid for port 8000! It's working fine now.
Sep 16 13:47:35 tower e2guardian[6960]: Started sucessfully.
jab...@gmail.com
Jun 17, 2016, 10:18:32 AM6/17/16
to e2guardian, g...@brainlair.net
Good Morning! I am a beginner in e2guardian tool and came across the same message to restart my Freebsd. I use Squid + E2guardian.
"Proxy is not responding - Waiting for proxy to Respond"
Could you please inform me help me exactly what I have to do to fix?
I thank you.
FredB
Jun 20, 2016, 4:54:06 AM6/20/16
to e2guardian
Squid is not responding, so check
1 - Squid is running and his configuration is right ?
2 - proxyip and proxyport are configured ?
1 - Squid is running and his configuration is right ?
2 - proxyip and proxyport are configured ?
jab...@gmail.com
Jun 20, 2016, 9:40:33 AM6/20/16
to e2guardian
Good Morning! First of all thanks for the help.
I am Brazilian and I am using the google translator so I apologize.
used versions: Squid 3.5.19 | e2guardian 3.4.0.3
----------------------------------------------------------------------------
The following information may be useful:
sockstat -4l | grep squid
squid squid 773 6 udp4 *:10466 *:*
squid squid 773 67 tcp4 192.168.20.253:3128 *:*
sockstat -4l | grep e2guardian
nobody e2guardian 1035 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1034 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1011 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1010 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1009 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1008 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1007 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1006 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1005 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1004 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1003 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1002 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 961 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 960 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 959 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 958 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 957 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 956 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 955 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 954 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 953 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 952 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 951 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 950 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 949 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 948 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 947 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 946 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 945 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 944 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 943 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 942 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 939 6 tcp4 192.168.20.253:3127 *:*
I can show that both tools are running.
----------------------------------------------------------------------------
Squid configuration file
##### Início Autenticação no AD #####
auth_param negotiate program /usr/local/libexec/squid/negotiate_kerberos_auth -s HTTP/nameserver.n...@namedomain.com
auth_param negotiate children 150 startup=20 idle=20
auth_param negotiate keep_alive on
##### Início Verificação dos Grupos no AD #####
external_acl_type squid_grupo_ad ttl=600 children-max=35 ipv4 %LOGIN /usr/local/libexec/squid/ext_ldap_group_acl -v 3 -R -K -b "dc=namedomain,dc=com" \
-D sq...@namedomain.com -W /usr/local/etc/squid/authpw -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=Proxy Squid,dc=namedomain.com,dc=com))" \
-h nameserver.namedomain.com
##### Libera FTP #####
acl SSL_ports port 21
acl ftp proto FTP
http_access allow ftp
##### Início ACLS #####
acl acessototalS external squid_grupo_ad acessototal
##### Início http_access #####
http_access allow acessototalS
http_access deny all
follow_x_forwarded_for allow localhost
##### CONFIGURAÇÕES GERAIS #####
http_port 192.168.20.253:3128
error_directory /usr/local/etc/squid/errors/pt-br
log_mime_hdrs on
access_log stdio:/proxy/squid/logs/access.log squid
cache_mem 1724 MB
maximum_object_size_in_memory 100 KB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 512 MB
minimum_object_size 0 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 93
cache_dir diskd /proxy/squid/cache 16000 16 256 Q1=72 Q2=64
cache_log /proxy/squid/cache-logs/cache.log
cache_store_log none
visible_hostname no
logfile_rotate 15
coredump_dir none
httpd_suppress_version_string off
##### Refresh ####
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
---------------------------------------------------------------------------
e2guardian the configuration file
]# e2guardian config file for version 3.4.0.3
# Language dir where languages are stored for internationalisation.
# The HTML template within this dir is only used when reportinglevel
# is set to 3. When used, e2guardian will display the HTML file instead of
# using the perl cgi script. This option is faster, cleaner
# and easier to customise the access denied page.
# The language file is used no matter what setting however.
#
languagedir = '/usr/local/share/e2guardian/languages'
# language to use from languagedir.
language = 'ptbrazilian'
# Logging Settings
#
# 0 = none 1 = just denied 2 = all text based 3 = all requests
loglevel = 2
# Log Exception Hits
# Log if an exception (user, ip, URL, phrase) is matched and so
# the page gets let through. Can be useful for diagnosing
# why a site gets through the filter.
# 0 = never log exceptions
# 1 = log exceptions, but do not explicitly mark them as such
# 2 = always log & mark exceptions (default)
logexceptionhits = 2
# Log File Format
# 1 = Dansguardian format (space delimited)
# 2 = CSV-style format
# 3 = Squid Log File Format
# 4 = Tab delimited
# 5 = Protex format â.. Tab delimited, squid style format with extra fields
# for filter block/result codes, reasons, filter group, and system name â..
# used in arrays so that combined logs show originating server.
# 6 = Protex format with server field blanked
# used in stand-alone systems.
logfileformat = 3
# truncate large items in log lines
# allowable values 10 to 32000
# default 2000
# unlimited not longer allowed - 0 will now set default of 2000
#maxlogitemlength = 2000
# anonymize logs (blank out usernames & IPs)
#anonymizelogs = off
# Syslog logging
#
# Use syslog for access logging instead of logging to the file
# at the defined or built-in "loglocation"
#logsyslog = off
#Suffix to append to program name when logging through syslog
# Default is the e2Guardian instance number
#namesuffix = $z
# Log file location
#
# Defines the log directory and filename.
#loglocation = '/var/log/access.log'
loglocation = '/proxy/e2guardian/log/access.log'
# Dymamic statistics log file location
#
# Defines the dstats file directory and filename.
# Once every 'dstatinterval' seconds, stats on number of children, in use and free, number of
# connections and connections per second are written to this
# file. Format is similar to sar.
# Default is not to write stats.
dstatlocation = '/var/log/e2guardian/dstats.log'
# Interval between stats output
# Default 300 = 5 mins
# Minimum 60
# Maximum 3600 = 1 hour
#dstatinterval = 300 # = 5 minutes
# Statistics log file location
#
# Defines the stat file directory and filename.
# Only used in conjunction with maxips > 0
# Once every 3 minutes, the current number of IPs in the cache, and the most
# that have been in the cache since the daemon was started, are written to this
# file. IPs persist in the cache for 7 days.
statlocation = '/var/log/stats'
# Network Settings
#
# the IP that e2guardian listens on. If left blank e2guardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to a certain IP. To bind to multiple interfaces,
# specify each IP on an individual filterip line.
# If mapportstoips is 'on' you can have the same IP twice so long as
# it has a different port.
filterip = 192.168.20.253
# the ports that e2guardian listens to. Specify one line per filterip
# line. If both mapportstoips and mapauthtoports are set to 'on'
# you can specify<F3> different authentication mechanisms per port but
# only if the mechanisms can co-exist (e.g. basic/proxy auth can't)
filterports = 3127
#filterports = 8081
# Map ports to IPs
# If enabled map filterports to filterip - number of filterports must then be same as
# number of filterip
# If disabled will listen on all filterports on all filterips.
# on (default) | off
#mapportstoips= off
# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 192.168.20.253
# the port e2guardian connects to proxy on
proxyport = 3128
# Proxy timeout
# Set tcp timeout between the Proxy and e2guardian
# Min 5 - Max 100
proxytimeout = 20
#Proxy failure log interval
# The interval between log status entries when proxy is not responding
# minimum is proxytimeout - maximum 3600 (= 1 hour)
# default = 600 (= 10 mins)
#proxyfailureloginterval = 600
# Proxy header exchange
# Set timeout between the Proxy and e2guardian
# Min 20 - Max 300
proxyexchange = 20
# Pconn timeout
# how long a persistent connection will wait for other requests
# squid apparently defaults to 1 minute (persistent_request_timeout),
# so wait slightly less than this to avoid duff pconns.
# Min 5 - Max 300
pcontimeout = 55
# Whether to retrieve the original destination IP in transparent proxy
# setups and check it against the domain pulled from the HTTP headers.
#
# Be aware that when visiting sites which use a certain type of round-robin
# DNS for load balancing, DG may mark requests as invalid unless DG gets
# exactly the same answers to its DNS requests as clients. The chances of
# this happening can be increased if all clients and servers on the same LAN
# make use of a local, caching DNS server instead of using upstream DNS
# directly.
#
# See http://www.kb.cert.org/vuls/id/435052
# on (default) | off
#!! Not compiled !! originalip = off
# Banned image replacement
# Images that are banned due to domain/url/etc reasons including those
# in the adverts blacklists can be replaced by an image. This will,
# for example, hide images from advert sites and remove broken image
# icons from banned domains.
# on (default) | off
usecustombannedimage = on
custombannedimagefile = '/usr/local/share/e2guardian/transparent1x1.gif'
#Banned flash replacement
usecustombannedflash = on
custombannedflashfile = '/usr/local/share/e2guardian/blockedflash.swf'
# Filter groups options
# filtergroups sets the number of filter groups. A filter group is a set of content
# filtering options you can apply to a group of users. The value must be 1 or more.
# e2guardian will automatically look for e2guardianfN.conf where N is the filter
# group. To assign users to groups use the filtergroupslist option. All users default
# to filter group 1. You must have some sort of authentication to be able to map users
# to a group. The more filter groups the more copies of the lists will be in RAM so
# use as few as possible.
filtergroups = 1
filtergroupslist = '/usr/local/etc/e2guardian/lists/filtergroupslist'
# Authentication files location
bannediplist = '/usr/local/etc/e2guardian/lists/bannediplist'
exceptioniplist = '/usr/local/etc/e2guardian/lists/exceptioniplist'
# Per-Room definition directory
# A directory containing text files containing the room's name followed by IPs or ranges
# and optionally site and url lists
# Think of it as bannediplist and/or exceptions on crack
#Â perroomdirectory = '/usr/local/etc/e2guardian/lists/rooms/'
# Show weighted phrases found
# If enabled then the phrases found that made up the total which excedes
# the naughtyness limit will be logged and, if the reporting level is
# high enough, reported. on | off
showweightedfound = on
# Positive (clean) result caching for URLs
# Caches good pages so they don't need to be scanned again.
# It also works with AV plugins.
# 0 = off (recommended for ISPs with users with disimilar browsing)
# 1000 = recommended for most users
# 5000 = suggested max upper limit
# If you're using an AV plugin then use at least 5000.
urlcachenumber = 1000
#
# Age before they are stale and should be ignored in seconds
# 0 = never
# 900 = recommended = 15 mins
urlcacheage = 900
# Cache for content (AV) scan results as 'clean'
# By default, to save CPU, files scanned and found to be
# clean are inserted into the clean cache and NOT scanned
# again for a while. If you don't like this then choose
# to disable it.
# on = cache results; do not re-scan
# off = do not cache; always re-scan
# (on|off) default = on.
scancleancache = on
# Smart, Raw and Meta/Title phrase content filtering options
# Smart is where the multiple spaces and HTML are removed before phrase filtering
# Raw is where the raw HTML including meta tags are phrase filtered
# Meta/Title is where only meta and title tags are phrase filtered (v. quick)
# CPU usage can be effectively halved by using setting 0 or 1 compared to 2
# 0 = raw only
# 1 = smart only
# 2 = both of the above (default)
# 3 = meta/title
phrasefiltermode = 2
# Lower casing options
# When a document is scanned the uppercase letters are converted to lower case
# in order to compare them with the phrases. However this can break Big5 and
# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented
# characters are supported.
# 0 = force lower case (default)
# 1 = do not change case
# 2 = scan first in lower case, then in original case
preservecase = 0
# Note:
# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase
# filtering passes. If you have a large enough userbase for this to be a
# worry, and need to filter pages in exotic character encodings, it may be
# better to run two instances on separate servers: one with preservecase 1
# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one
# with preservecase 0 and ASCII/UTF-8 lists.
# Hex decoding options
# When a document is scanned it can optionally convert %XX to chars.
# If you find documents are getting past the phrase filtering due to encoding
# then enable. However this can break Big5 and other 16-bit texts.
# off = disabled (default)
# on = enabled
hexdecodecontent = off
# Force Quick Search rather than DFA search algorithm
# The current DFA implementation is not totally 16-bit character compatible
# but is used by default as it handles large phrase lists much faster.
# If you wish to use a large number of 16-bit character phrases then
# enable this option.
# off (default) | on (Big5 compatible)
forcequicksearch = off
# Reverse lookups for banned site and URLs.
# If set to on, e2guardian will look up the forward DNS for an IP URL
# address and search for both in the banned site and URL lists. This would
# prevent a user from simply entering the IP for a banned address.
# It will reduce searching speed somewhat so unless you have a local caching
# DNS server, leave it off and use the Blanket IP Block option in the
# bannedsitelist file instead.
reverseaddresslookups = off
# Reverse lookups for banned and exception IP lists.
# If set to on, e2guardian will look up the forward DNS for the IP
# of the connecting computer. This means you can put in hostnames in
# the exceptioniplist and bannediplist.
# If a client computer is matched against an IP given in the lists, then the
# IP will be recorded in any log entries; if forward DNS is successful and a
# match occurs against a hostname, the hostname will be logged instead.
# It will reduce searching speed somewhat so unless you have a local DNS server,
# leave it off.
reverseclientiplookups = off
# Perform reverse lookups on client IPs for successful requests.
# If set to on, e2guardian will look up the forward DNS for the IP
# of the connecting computer, and log host names (where available) rather than
# IPs against requests.
# This is not dependent on reverseclientiplookups being enabled; however, if it
# is, enabling this option does not incur any additional forward DNS requests.
logclienthostnames = off
# Build bannedsitelist and bannedurllist cache files.
# This will compare the date stamp of the list file with the date stamp of
# the cache file and will recreate as needed.
# If a .processed file exists for an item (e.g. domain/URL) list, then that
# will be used instead, if it is up to date (i.e. newer than the unprocessed
# list file).
# NOTE: this option is no longer needed, buggy and is depreciated
# NOTE: So leave it 'off' unless you require it for some non-standard set-up!
# on | off, default = off
# createlistcachefiles = off
# Prefer cached list files
# If enabled, e2guardian will always prefer to load ".processed" versions of
# list files, regardless of their time stamps relative to the original
# unprocessed lists. This is not generally useful unless you have a specific
# list update process which results in - for example - up-to-date, pre-sorted
# ".processed" list files with dummy unprocessed files.
# on | off, default = off
prefercachedlists = off
# Max content filter size
# Sometimes web servers label binary files as text which can be very
# large which causes a huge drain on memory and cpu resources.
# To counter this, you can limit the size of the document to be
# filtered and get it to just pass it straight through.
# This setting also applies to content regular expression modification.
# The value must not be higher than maxcontentramcachescansize
# The size is in Kibibytes - eg 2048 = 2Mb
# use 0 to set it to maxcontentramcachescansize
#
# IMPORTANT: Note that setting this to "0" turns off all features which
# extract phrases from page content, including banned & exception
# phrases (not just weighted), search term filtering, and scanning for
# links to banned URLs.
maxcontentfiltersize = 256
# Max content ram cache scan size
# This is only used if you use a content scanner plugin such as AV
# This is the max size of file that DG will download and cache
# in RAM. After this limit is reached it will cache to disk
# This value must be less than or equal to maxcontentfilecachescansize.
# The size is in Kibibytes - eg 10240 = 10Mb
# use 0 to set it to maxcontentfilecachescansize
# This option may be ignored by the configured download manager.
maxcontentramcachescansize = 2000
# Max content file cache scan size
# This is only used if you use a content scanner plugin such as AV
# This is the max size file that DG will download
# so that it can be scanned or virus checked.
# This value must be greater or equal to maxcontentramcachescansize.
# The size is in Kibibytes - eg 10240 = 10Mb
maxcontentfilecachescansize = 20000
# File cache dir
# Where DG will download files to be scanned if too large for the
# RAM cache.
filecachedir = '/tmp'
# Delete file cache after user completes download
# When a file gets save to temp it stays there until it is deleted.
# You can choose to have the file deleted when the user makes a sucessful
# download. This will mean if they click on the link to download from
# the temp store a second time it will give a 404 error.
# You should configure something to delete old files in temp to stop it filling up.
# on|off (defaults to on)
deletedownloadedtempfiles = on
# Initial Trickle delay
# This is the number of seconds a browser connection is left waiting
# before first being sent *something* to keep it alive. The
# *something* depends on the download manager chosen.
# Do not choose a value too low or normal web pages will be affected.
# A value between 20 and 110 would be sensible
# This may be ignored by the configured download manager.
initialtrickledelay = 2
# Trickle delay
# This is the number of seconds a browser connection is left waiting
# before being sent more *something* to keep it alive. The
# *something* depends on the download manager chosen.
# This may be ignored by the configured download manager.
trickledelay = 1
# Download Managers
# These handle downloads of files to be filtered and scanned.
# They differ in the method they deal with large downloads.
# Files usually need to be downloaded 100% before they can be
# filtered and scanned before being sent on to the browser.
# Normally the browser can just wait, but with content scanning,
# for example to AV, the browser may timeout or the user may get
# confused so the download manager has to do some sort of
# 'keep alive'.
#
# There are various methods possible but not all are included.
# The author does not have the time to write them all so I have
# included a plugin systam. Also, not all methods work with all
# browsers and clients. Specifically some fancy methods don't
# work with software that downloads updates. To solve this,
# each plugin can support a regular expression for matching
# the client's user-agent string, and lists of the mime types
# and extensions it should manage.
#
# Note that these are the matching methods provided by the base plugin
# code, and individual plugins may override or add to them.
# See the individual plugin conf files for supported options.
#
# The plugins are matched in the order you specify and the last
# one is forced to match as the default, regardless of user agent
# and other matching mechanisms.
#
downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/fancy.conf'
#downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/trickle.conf'
downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/default.conf'
# Content Scanners (Also known as AV scanners)
# These are plugins that scan the content of all files your browser fetches
# for example to AV scan. The options are limitless. Eventually all of
# e2guardian will be plugin based. You can have more than one content
# scanner. The plugins are run in the order you specify.
# This is one of the few places you can have multiple options of the same name.
#
# Some of the scanner(s) require 3rd party software and libraries eg clamav.
# See the individual plugin conf file for more options (if any).
#
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/clamdscan.conf'
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/avastdscan.conf'
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/kavdscan.conf'
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/icapscan.conf'
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/commandlinescan.conf'
# Content scanner timeout
# Some of the content scanners support using a timeout value to stop
# processing (eg AV scanning) the file if it takes too long.
# If supported this will be used.
# The default of 60 seconds is probably reasonable.
contentscannertimeout = 60
# Content scan exceptions
# If 'on' exception sites, urls, users etc will be scanned
# This is probably not desirable behavour as exceptions are
# supposed to be trusted and will increase load.
# Correct use of grey lists are a better idea.
# (on|off) default = off
contentscanexceptions = off
# Auth plugins
#
# Handle the extraction of client usernames from various sources, such as
# Proxy-Authorisation headers and ident servers, enabling requests to be
# handled according to the settings of the user's filter group.
# Multiple plugins can be specified, and will be used per port in the order
# filterports are listed.
#
# If you do not use multiple filter groups, you need not specify this option.
#
authplugin = '/usr/local/etc/e2guardian/authplugins/proxy-basic.conf'
#authplugin = '/usr/local/etc/e2guardian/authplugins/proxy-digest.conf'
#!! Not compiled !! authplugin = '/usr/local/etc/e2guardian/authplugins/proxy-ntlm.conf'
#authplugin = '/usr/local/etc/e2guardian/authplugins/ident.conf'
#authplugin = '/usr/local/etc/e2guardian/authplugins/ip.conf'
# Map auth to ports
# If enabled map auth plugins to ips/ports - number of authplugins must then be same as
# number of ports
# If disabled scan authplugins on all ports - number of authplugins can then be different
# to number of ports
# on (default) | off
#mapauthtoports = off
# Re-check replaced URLs
# As a matter of course, URLs undergo regular expression search/replace (urlregexplist)
# *after* checking the exception site/URL/regexpURL lists, but *before* checking against
# the banned site/URL lists, allowing certain requests that would be matched against the
# latter in their original state to effectively be converted into grey requests.
# With this option enabled, the exception site/URL/regexpURL lists are also re-checked
# after replacement, making it possible for URL replacement to trigger exceptions based
# on them.
# Defaults to off.
recheckreplacedurls = off
# Misc settings
# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
# header. This may help solve some problem sites that need to know the
# source ip. on | off
forwardedfor = on
# if on it uses the X-Forwarded-For: <clientip> to determine the client
# IP. This is for when you have squid between the clients and e2guardian.
# Warning - headers are easily spoofed. on | off
usexforwardedfor = on
# as mentioned above, the headers can be easily spoofed in order to fake the
# request origin by setting the X-Forwarded-For header. If you have the
# "usexforwardedfor" option enabled, you may want to specify the IPs from which
# this kind of header is allowed, such as another upstream proxy server for
# instance If you want authorize multiple IPs, specify each one on an individual
# xforwardedforfilterip line.
# xforwardedforfilterip =
# if on it logs some debug info regarding fork()ing and accept()ing which
# can usually be ignored. These are logged by syslog. It is safe to leave
# it on or off
logconnectionhandlingerrors = on
# If on it logs detailed error info regarding SSL error returns.
# These are logged by syslog. Default is off.
#
logsslerrors = off
# Fork pool options
# If on, this causes DG to write to the log file whenever child processes are
# created or destroyed (other than by crashes). This information can help in
# understanding and tuning the following parameters, but is not generally
# useful in production.
logchildprocesshandling = off
# sets the maximum number of processes to spawn to handle the incoming
# connections. Max value usually 250 depending on OS.
# On large sites you might want to try 380.
maxchildren = 180
# sets the minimum number of processes to spawn to handle the incoming connections.
# On large sites you might want to try 64.
minchildren = 20
# sets the minimum number of processes to be kept ready to handle connections.
# On large sites you might want to try 16.
minsparechildren = 16
# sets the minimum number of processes to spawn when it runs out
# On large sites you might want to try 20.
preforkchildren = 10
# sets the maximum number of processes to have doing nothing.
# When this many are spare it will cull some of them.
# On large sites you might want to try 64.
maxsparechildren = 32
# sets the maximum age of a child process before it croaks it.
# This is the number of connections they handle before exiting.
# On large sites you might want to try 10000.
maxagechildren = 500
# sets the number of child process to kill/fork at each 5 sec interval.
# during at gentle restart
# defaults to preforkchildren
# gentlechunk=10
# Sets the maximum number client IP addresses allowed to connect at once.
# Use this to set a hard limit on the number of users allowed to concurrently
# browse the web. Set to 0 for no limit, and to disable the IP cache process.
maxips = 0
# Process options
# (Change these only if you really know what you are doing).
# These options allow you to run multiple instances of e2guardian on a single machine.
# Remember to edit the log file path above also if that is your intention.
# IPC filename
#
# Defines IPC server directory and filename used to communicate with the log process.
ipcfilename = '/tmp/.e2guardianipc'
# URL list IPC filename
#
# Defines URL list IPC server directory and filename used to communicate with the URL
# cache process.
urlipcfilename = '/tmp/.e2guardianurlipc'
# IP list IPC filename
#
# Defines IP list IPC server directory and filename, for communicating with the client
# IP cache process.
ipipcfilename = '/tmp/.e2guardianipipc'
# PID filename
#
# Defines process id directory and filename.
#pidfilename = '/var/run/e2guardian.pid'
# Disable daemoning
# If enabled the process will not fork into the background.
# It is not usually advantageous to do this.
# on|off (defaults to off)
nodaemon = off
# Disable logging process
# on|off (defaults to off)
nologger = off
# Enable logging of "ADs" category blocks
# on|off (defaults to off)
logadblocks = off
# Enable logging of client User-Agent
# Some browsers will cause a *lot* of extra information on each line!
# on|off (defaults to off)
loguseragent = off
# Daemon runas user and group
# This is the user that e2guardian runs as. Normally the user/group nobody.
# Uncomment to use. Defaults to the user set at compile time.
# Temp files created during virus scanning are given owner and group read
# permissions; to use content scanners based on external processes, such as
# clamdscan, the two processes must run with either the same group or user ID.
#daemonuser = 'nobody'
#daemongroup = 'nobody'
# Soft restart
# When on this disables the forced killing off all processes in the process group.
# This is not to be confused with the -g run time option - they are not related.
# on|off (defaults to off)
softrestart = off
# Mail program
# Path (sendmail-compatible) email program, with options.
# Not used if usesmtp is disabled (filtergroup specific).
#!! Not compiled !!mailer = '/usr/sbin/sendmail -t'
#SSL certificate checking path
#Path to CA certificates used to validate the certificates of https sites.
# if left blank openssl default ca certificate bundle will be used
#Leave as default unless you want to load non-default cert bundle
#sslcertificatepath = ''
#SSL man in the middle
#CA certificate path
#Path to the CA certificate to use as a signing certificate for
#generated certificates.
# default is blank - required if ssl_mitm is enabled.
#cacertificatepath = '/home/stephen/dginstall/ca.pem'
#CA private key path
#path to the private key that matches the public key in the CA certificate.
# default is blank - required if ssl_mitm is enabled.
#caprivatekeypath = '/home/stephen/dginstall/ca.key'
#Cert private key path
#The public / private key pair used by all generated certificates
# default is blank - required if ssl_mitm is enabled.
#certprivatekeypath = '/home/stephen/dginstall/cert.key'
#Generated cert path
#The location where generated certificates will be saved for future use.
#(must be writable by the dg user)
# default is blank - required if ssl_mitm is enabled.
#generatedcertpath = '/home/stephen/dginstall/generatedcerts/'
#Warning: if you change the cert start/end time from default on a running
# system you will need to clear the generated certificate
# store and also may get problems on running client browsers
#Generated cert start time (in unix time) - optional
# defaults to 1417872951 = 6th Dec 2014
# generatedcertstart = 1417872951
#Generated cert end time (in unix time) - optional
# defaults to generatedcertstart + 10 years
#genratedcertend =
# generatedcertstart =
# monitor helper path
# If defined this script/binary will be called with start or stop appended as follows:-
#
# At start after e2guardian has started monitorstart children with ' start' appended
# When e2guardian is stopping with ' stop' appended
# If cache stops responding with ' stop' appended
# When cache resumes with ' start' appended
# monitorhelper = '/usr/local/bin/mymonitor'
# monitor flag prefix path
# If defined path will be used to generate flag files as follows:-
#
# At start after e2guardian has started monitorstart children with 'running' appended
# When e2guardian is stopping with 'paused' appended
# If cache stops responding with 'paused' appended
# When cache resumes with 'running' appended
# monitorflagprefix = '/tmp/e2g_run_flag_'
# monitorstart - defaults to minchildren
# valid values between 1 and minchildren
# monitorstart = 0
I am Brazilian and I am using the google translator so I apologize.
used versions: Squid 3.5.19 | e2guardian 3.4.0.3
----------------------------------------------------------------------------
The following information may be useful:
sockstat -4l | grep squid
squid squid 773 6 udp4 *:10466 *:*
squid squid 773 67 tcp4 192.168.20.253:3128 *:*
sockstat -4l | grep e2guardian
nobody e2guardian 1035 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1034 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1011 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1010 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1009 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1008 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1007 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1006 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1005 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1004 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1003 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 1002 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 961 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 960 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 959 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 958 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 957 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 956 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 955 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 954 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 953 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 952 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 951 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 950 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 949 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 948 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 947 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 946 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 945 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 944 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 943 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 942 6 tcp4 192.168.20.253:3127 *:*
nobody e2guardian 939 6 tcp4 192.168.20.253:3127 *:*
I can show that both tools are running.
----------------------------------------------------------------------------
Squid configuration file
##### Início Autenticação no AD #####
auth_param negotiate program /usr/local/libexec/squid/negotiate_kerberos_auth -s HTTP/nameserver.n...@namedomain.com
auth_param negotiate children 150 startup=20 idle=20
auth_param negotiate keep_alive on
##### Início Verificação dos Grupos no AD #####
external_acl_type squid_grupo_ad ttl=600 children-max=35 ipv4 %LOGIN /usr/local/libexec/squid/ext_ldap_group_acl -v 3 -R -K -b "dc=namedomain,dc=com" \
-D sq...@namedomain.com -W /usr/local/etc/squid/authpw -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=Proxy Squid,dc=namedomain.com,dc=com))" \
-h nameserver.namedomain.com
##### Libera FTP #####
acl SSL_ports port 21
acl ftp proto FTP
http_access allow ftp
##### Início ACLS #####
acl acessototalS external squid_grupo_ad acessototal
##### Início http_access #####
http_access allow acessototalS
http_access deny all
follow_x_forwarded_for allow localhost
##### CONFIGURAÇÕES GERAIS #####
http_port 192.168.20.253:3128
error_directory /usr/local/etc/squid/errors/pt-br
log_mime_hdrs on
access_log stdio:/proxy/squid/logs/access.log squid
cache_mem 1724 MB
maximum_object_size_in_memory 100 KB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 512 MB
minimum_object_size 0 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 93
cache_dir diskd /proxy/squid/cache 16000 16 256 Q1=72 Q2=64
cache_log /proxy/squid/cache-logs/cache.log
cache_store_log none
visible_hostname no
logfile_rotate 15
coredump_dir none
httpd_suppress_version_string off
##### Refresh ####
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
---------------------------------------------------------------------------
e2guardian the configuration file
]# e2guardian config file for version 3.4.0.3
# Language dir where languages are stored for internationalisation.
# The HTML template within this dir is only used when reportinglevel
# is set to 3. When used, e2guardian will display the HTML file instead of
# using the perl cgi script. This option is faster, cleaner
# and easier to customise the access denied page.
# The language file is used no matter what setting however.
#
languagedir = '/usr/local/share/e2guardian/languages'
# language to use from languagedir.
language = 'ptbrazilian'
# Logging Settings
#
# 0 = none 1 = just denied 2 = all text based 3 = all requests
loglevel = 2
# Log Exception Hits
# Log if an exception (user, ip, URL, phrase) is matched and so
# the page gets let through. Can be useful for diagnosing
# why a site gets through the filter.
# 0 = never log exceptions
# 1 = log exceptions, but do not explicitly mark them as such
# 2 = always log & mark exceptions (default)
logexceptionhits = 2
# Log File Format
# 1 = Dansguardian format (space delimited)
# 2 = CSV-style format
# 3 = Squid Log File Format
# 4 = Tab delimited
# 5 = Protex format â.. Tab delimited, squid style format with extra fields
# for filter block/result codes, reasons, filter group, and system name â..
# used in arrays so that combined logs show originating server.
# 6 = Protex format with server field blanked
# used in stand-alone systems.
logfileformat = 3
# truncate large items in log lines
# allowable values 10 to 32000
# default 2000
# unlimited not longer allowed - 0 will now set default of 2000
#maxlogitemlength = 2000
# anonymize logs (blank out usernames & IPs)
#anonymizelogs = off
# Syslog logging
#
# Use syslog for access logging instead of logging to the file
# at the defined or built-in "loglocation"
#logsyslog = off
#Suffix to append to program name when logging through syslog
# Default is the e2Guardian instance number
#namesuffix = $z
# Log file location
#
# Defines the log directory and filename.
#loglocation = '/var/log/access.log'
loglocation = '/proxy/e2guardian/log/access.log'
# Dymamic statistics log file location
#
# Defines the dstats file directory and filename.
# Once every 'dstatinterval' seconds, stats on number of children, in use and free, number of
# connections and connections per second are written to this
# file. Format is similar to sar.
# Default is not to write stats.
dstatlocation = '/var/log/e2guardian/dstats.log'
# Interval between stats output
# Default 300 = 5 mins
# Minimum 60
# Maximum 3600 = 1 hour
#dstatinterval = 300 # = 5 minutes
# Statistics log file location
#
# Defines the stat file directory and filename.
# Only used in conjunction with maxips > 0
# Once every 3 minutes, the current number of IPs in the cache, and the most
# that have been in the cache since the daemon was started, are written to this
# file. IPs persist in the cache for 7 days.
statlocation = '/var/log/stats'
# Network Settings
#
# the IP that e2guardian listens on. If left blank e2guardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to a certain IP. To bind to multiple interfaces,
# specify each IP on an individual filterip line.
# If mapportstoips is 'on' you can have the same IP twice so long as
# it has a different port.
filterip = 192.168.20.253
# the ports that e2guardian listens to. Specify one line per filterip
# line. If both mapportstoips and mapauthtoports are set to 'on'
# you can specify<F3> different authentication mechanisms per port but
# only if the mechanisms can co-exist (e.g. basic/proxy auth can't)
filterports = 3127
#filterports = 8081
# Map ports to IPs
# If enabled map filterports to filterip - number of filterports must then be same as
# number of filterip
# If disabled will listen on all filterports on all filterips.
# on (default) | off
#mapportstoips= off
# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 192.168.20.253
# the port e2guardian connects to proxy on
proxyport = 3128
# Proxy timeout
# Set tcp timeout between the Proxy and e2guardian
# Min 5 - Max 100
proxytimeout = 20
#Proxy failure log interval
# The interval between log status entries when proxy is not responding
# minimum is proxytimeout - maximum 3600 (= 1 hour)
# default = 600 (= 10 mins)
#proxyfailureloginterval = 600
# Proxy header exchange
# Set timeout between the Proxy and e2guardian
# Min 20 - Max 300
proxyexchange = 20
# Pconn timeout
# how long a persistent connection will wait for other requests
# squid apparently defaults to 1 minute (persistent_request_timeout),
# so wait slightly less than this to avoid duff pconns.
# Min 5 - Max 300
pcontimeout = 55
# Whether to retrieve the original destination IP in transparent proxy
# setups and check it against the domain pulled from the HTTP headers.
#
# Be aware that when visiting sites which use a certain type of round-robin
# DNS for load balancing, DG may mark requests as invalid unless DG gets
# exactly the same answers to its DNS requests as clients. The chances of
# this happening can be increased if all clients and servers on the same LAN
# make use of a local, caching DNS server instead of using upstream DNS
# directly.
#
# See http://www.kb.cert.org/vuls/id/435052
# on (default) | off
#!! Not compiled !! originalip = off
# Banned image replacement
# Images that are banned due to domain/url/etc reasons including those
# in the adverts blacklists can be replaced by an image. This will,
# for example, hide images from advert sites and remove broken image
# icons from banned domains.
# on (default) | off
usecustombannedimage = on
custombannedimagefile = '/usr/local/share/e2guardian/transparent1x1.gif'
#Banned flash replacement
usecustombannedflash = on
custombannedflashfile = '/usr/local/share/e2guardian/blockedflash.swf'
# Filter groups options
# filtergroups sets the number of filter groups. A filter group is a set of content
# filtering options you can apply to a group of users. The value must be 1 or more.
# e2guardian will automatically look for e2guardianfN.conf where N is the filter
# group. To assign users to groups use the filtergroupslist option. All users default
# to filter group 1. You must have some sort of authentication to be able to map users
# to a group. The more filter groups the more copies of the lists will be in RAM so
# use as few as possible.
filtergroups = 1
filtergroupslist = '/usr/local/etc/e2guardian/lists/filtergroupslist'
# Authentication files location
bannediplist = '/usr/local/etc/e2guardian/lists/bannediplist'
exceptioniplist = '/usr/local/etc/e2guardian/lists/exceptioniplist'
# Per-Room definition directory
# A directory containing text files containing the room's name followed by IPs or ranges
# and optionally site and url lists
# Think of it as bannediplist and/or exceptions on crack
#Â perroomdirectory = '/usr/local/etc/e2guardian/lists/rooms/'
# Show weighted phrases found
# If enabled then the phrases found that made up the total which excedes
# the naughtyness limit will be logged and, if the reporting level is
# high enough, reported. on | off
showweightedfound = on
# Positive (clean) result caching for URLs
# Caches good pages so they don't need to be scanned again.
# It also works with AV plugins.
# 0 = off (recommended for ISPs with users with disimilar browsing)
# 1000 = recommended for most users
# 5000 = suggested max upper limit
# If you're using an AV plugin then use at least 5000.
urlcachenumber = 1000
#
# Age before they are stale and should be ignored in seconds
# 0 = never
# 900 = recommended = 15 mins
urlcacheage = 900
# Cache for content (AV) scan results as 'clean'
# By default, to save CPU, files scanned and found to be
# clean are inserted into the clean cache and NOT scanned
# again for a while. If you don't like this then choose
# to disable it.
# on = cache results; do not re-scan
# off = do not cache; always re-scan
# (on|off) default = on.
scancleancache = on
# Smart, Raw and Meta/Title phrase content filtering options
# Smart is where the multiple spaces and HTML are removed before phrase filtering
# Raw is where the raw HTML including meta tags are phrase filtered
# Meta/Title is where only meta and title tags are phrase filtered (v. quick)
# CPU usage can be effectively halved by using setting 0 or 1 compared to 2
# 0 = raw only
# 1 = smart only
# 2 = both of the above (default)
# 3 = meta/title
phrasefiltermode = 2
# Lower casing options
# When a document is scanned the uppercase letters are converted to lower case
# in order to compare them with the phrases. However this can break Big5 and
# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented
# characters are supported.
# 0 = force lower case (default)
# 1 = do not change case
# 2 = scan first in lower case, then in original case
preservecase = 0
# Note:
# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase
# filtering passes. If you have a large enough userbase for this to be a
# worry, and need to filter pages in exotic character encodings, it may be
# better to run two instances on separate servers: one with preservecase 1
# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one
# with preservecase 0 and ASCII/UTF-8 lists.
# Hex decoding options
# When a document is scanned it can optionally convert %XX to chars.
# If you find documents are getting past the phrase filtering due to encoding
# then enable. However this can break Big5 and other 16-bit texts.
# off = disabled (default)
# on = enabled
hexdecodecontent = off
# Force Quick Search rather than DFA search algorithm
# The current DFA implementation is not totally 16-bit character compatible
# but is used by default as it handles large phrase lists much faster.
# If you wish to use a large number of 16-bit character phrases then
# enable this option.
# off (default) | on (Big5 compatible)
forcequicksearch = off
# Reverse lookups for banned site and URLs.
# If set to on, e2guardian will look up the forward DNS for an IP URL
# address and search for both in the banned site and URL lists. This would
# prevent a user from simply entering the IP for a banned address.
# It will reduce searching speed somewhat so unless you have a local caching
# DNS server, leave it off and use the Blanket IP Block option in the
# bannedsitelist file instead.
reverseaddresslookups = off
# Reverse lookups for banned and exception IP lists.
# If set to on, e2guardian will look up the forward DNS for the IP
# of the connecting computer. This means you can put in hostnames in
# the exceptioniplist and bannediplist.
# If a client computer is matched against an IP given in the lists, then the
# IP will be recorded in any log entries; if forward DNS is successful and a
# match occurs against a hostname, the hostname will be logged instead.
# It will reduce searching speed somewhat so unless you have a local DNS server,
# leave it off.
reverseclientiplookups = off
# Perform reverse lookups on client IPs for successful requests.
# If set to on, e2guardian will look up the forward DNS for the IP
# of the connecting computer, and log host names (where available) rather than
# IPs against requests.
# This is not dependent on reverseclientiplookups being enabled; however, if it
# is, enabling this option does not incur any additional forward DNS requests.
logclienthostnames = off
# Build bannedsitelist and bannedurllist cache files.
# This will compare the date stamp of the list file with the date stamp of
# the cache file and will recreate as needed.
# If a .processed file exists for an item (e.g. domain/URL) list, then that
# will be used instead, if it is up to date (i.e. newer than the unprocessed
# list file).
# NOTE: this option is no longer needed, buggy and is depreciated
# NOTE: So leave it 'off' unless you require it for some non-standard set-up!
# on | off, default = off
# createlistcachefiles = off
# Prefer cached list files
# If enabled, e2guardian will always prefer to load ".processed" versions of
# list files, regardless of their time stamps relative to the original
# unprocessed lists. This is not generally useful unless you have a specific
# list update process which results in - for example - up-to-date, pre-sorted
# ".processed" list files with dummy unprocessed files.
# on | off, default = off
prefercachedlists = off
# Max content filter size
# Sometimes web servers label binary files as text which can be very
# large which causes a huge drain on memory and cpu resources.
# To counter this, you can limit the size of the document to be
# filtered and get it to just pass it straight through.
# This setting also applies to content regular expression modification.
# The value must not be higher than maxcontentramcachescansize
# The size is in Kibibytes - eg 2048 = 2Mb
# use 0 to set it to maxcontentramcachescansize
#
# IMPORTANT: Note that setting this to "0" turns off all features which
# extract phrases from page content, including banned & exception
# phrases (not just weighted), search term filtering, and scanning for
# links to banned URLs.
maxcontentfiltersize = 256
# Max content ram cache scan size
# This is only used if you use a content scanner plugin such as AV
# This is the max size of file that DG will download and cache
# in RAM. After this limit is reached it will cache to disk
# This value must be less than or equal to maxcontentfilecachescansize.
# The size is in Kibibytes - eg 10240 = 10Mb
# use 0 to set it to maxcontentfilecachescansize
# This option may be ignored by the configured download manager.
maxcontentramcachescansize = 2000
# Max content file cache scan size
# This is only used if you use a content scanner plugin such as AV
# This is the max size file that DG will download
# so that it can be scanned or virus checked.
# This value must be greater or equal to maxcontentramcachescansize.
# The size is in Kibibytes - eg 10240 = 10Mb
maxcontentfilecachescansize = 20000
# File cache dir
# Where DG will download files to be scanned if too large for the
# RAM cache.
filecachedir = '/tmp'
# Delete file cache after user completes download
# When a file gets save to temp it stays there until it is deleted.
# You can choose to have the file deleted when the user makes a sucessful
# download. This will mean if they click on the link to download from
# the temp store a second time it will give a 404 error.
# You should configure something to delete old files in temp to stop it filling up.
# on|off (defaults to on)
deletedownloadedtempfiles = on
# Initial Trickle delay
# This is the number of seconds a browser connection is left waiting
# before first being sent *something* to keep it alive. The
# *something* depends on the download manager chosen.
# Do not choose a value too low or normal web pages will be affected.
# A value between 20 and 110 would be sensible
# This may be ignored by the configured download manager.
initialtrickledelay = 2
# Trickle delay
# This is the number of seconds a browser connection is left waiting
# before being sent more *something* to keep it alive. The
# *something* depends on the download manager chosen.
# This may be ignored by the configured download manager.
trickledelay = 1
# Download Managers
# These handle downloads of files to be filtered and scanned.
# They differ in the method they deal with large downloads.
# Files usually need to be downloaded 100% before they can be
# filtered and scanned before being sent on to the browser.
# Normally the browser can just wait, but with content scanning,
# for example to AV, the browser may timeout or the user may get
# confused so the download manager has to do some sort of
# 'keep alive'.
#
# There are various methods possible but not all are included.
# The author does not have the time to write them all so I have
# included a plugin systam. Also, not all methods work with all
# browsers and clients. Specifically some fancy methods don't
# work with software that downloads updates. To solve this,
# each plugin can support a regular expression for matching
# the client's user-agent string, and lists of the mime types
# and extensions it should manage.
#
# Note that these are the matching methods provided by the base plugin
# code, and individual plugins may override or add to them.
# See the individual plugin conf files for supported options.
#
# The plugins are matched in the order you specify and the last
# one is forced to match as the default, regardless of user agent
# and other matching mechanisms.
#
downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/fancy.conf'
#downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/trickle.conf'
downloadmanager = '/usr/local/etc/e2guardian/downloadmanagers/default.conf'
# Content Scanners (Also known as AV scanners)
# These are plugins that scan the content of all files your browser fetches
# for example to AV scan. The options are limitless. Eventually all of
# e2guardian will be plugin based. You can have more than one content
# scanner. The plugins are run in the order you specify.
# This is one of the few places you can have multiple options of the same name.
#
# Some of the scanner(s) require 3rd party software and libraries eg clamav.
# See the individual plugin conf file for more options (if any).
#
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/clamdscan.conf'
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/avastdscan.conf'
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/kavdscan.conf'
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/icapscan.conf'
#!! Not compiled !! contentscanner = '/usr/local/etc/e2guardian/contentscanners/commandlinescan.conf'
# Content scanner timeout
# Some of the content scanners support using a timeout value to stop
# processing (eg AV scanning) the file if it takes too long.
# If supported this will be used.
# The default of 60 seconds is probably reasonable.
contentscannertimeout = 60
# Content scan exceptions
# If 'on' exception sites, urls, users etc will be scanned
# This is probably not desirable behavour as exceptions are
# supposed to be trusted and will increase load.
# Correct use of grey lists are a better idea.
# (on|off) default = off
contentscanexceptions = off
# Auth plugins
#
# Handle the extraction of client usernames from various sources, such as
# Proxy-Authorisation headers and ident servers, enabling requests to be
# handled according to the settings of the user's filter group.
# Multiple plugins can be specified, and will be used per port in the order
# filterports are listed.
#
# If you do not use multiple filter groups, you need not specify this option.
#
authplugin = '/usr/local/etc/e2guardian/authplugins/proxy-basic.conf'
#authplugin = '/usr/local/etc/e2guardian/authplugins/proxy-digest.conf'
#!! Not compiled !! authplugin = '/usr/local/etc/e2guardian/authplugins/proxy-ntlm.conf'
#authplugin = '/usr/local/etc/e2guardian/authplugins/ident.conf'
#authplugin = '/usr/local/etc/e2guardian/authplugins/ip.conf'
# Map auth to ports
# If enabled map auth plugins to ips/ports - number of authplugins must then be same as
# number of ports
# If disabled scan authplugins on all ports - number of authplugins can then be different
# to number of ports
# on (default) | off
#mapauthtoports = off
# Re-check replaced URLs
# As a matter of course, URLs undergo regular expression search/replace (urlregexplist)
# *after* checking the exception site/URL/regexpURL lists, but *before* checking against
# the banned site/URL lists, allowing certain requests that would be matched against the
# latter in their original state to effectively be converted into grey requests.
# With this option enabled, the exception site/URL/regexpURL lists are also re-checked
# after replacement, making it possible for URL replacement to trigger exceptions based
# on them.
# Defaults to off.
recheckreplacedurls = off
# Misc settings
# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
# header. This may help solve some problem sites that need to know the
# source ip. on | off
forwardedfor = on
# if on it uses the X-Forwarded-For: <clientip> to determine the client
# IP. This is for when you have squid between the clients and e2guardian.
# Warning - headers are easily spoofed. on | off
usexforwardedfor = on
# as mentioned above, the headers can be easily spoofed in order to fake the
# request origin by setting the X-Forwarded-For header. If you have the
# "usexforwardedfor" option enabled, you may want to specify the IPs from which
# this kind of header is allowed, such as another upstream proxy server for
# instance If you want authorize multiple IPs, specify each one on an individual
# xforwardedforfilterip line.
# xforwardedforfilterip =
# if on it logs some debug info regarding fork()ing and accept()ing which
# can usually be ignored. These are logged by syslog. It is safe to leave
# it on or off
logconnectionhandlingerrors = on
# If on it logs detailed error info regarding SSL error returns.
# These are logged by syslog. Default is off.
#
logsslerrors = off
# Fork pool options
# If on, this causes DG to write to the log file whenever child processes are
# created or destroyed (other than by crashes). This information can help in
# understanding and tuning the following parameters, but is not generally
# useful in production.
logchildprocesshandling = off
# sets the maximum number of processes to spawn to handle the incoming
# connections. Max value usually 250 depending on OS.
# On large sites you might want to try 380.
maxchildren = 180
# sets the minimum number of processes to spawn to handle the incoming connections.
# On large sites you might want to try 64.
minchildren = 20
# sets the minimum number of processes to be kept ready to handle connections.
# On large sites you might want to try 16.
minsparechildren = 16
# sets the minimum number of processes to spawn when it runs out
# On large sites you might want to try 20.
preforkchildren = 10
# sets the maximum number of processes to have doing nothing.
# When this many are spare it will cull some of them.
# On large sites you might want to try 64.
maxsparechildren = 32
# sets the maximum age of a child process before it croaks it.
# This is the number of connections they handle before exiting.
# On large sites you might want to try 10000.
maxagechildren = 500
# sets the number of child process to kill/fork at each 5 sec interval.
# during at gentle restart
# defaults to preforkchildren
# gentlechunk=10
# Sets the maximum number client IP addresses allowed to connect at once.
# Use this to set a hard limit on the number of users allowed to concurrently
# browse the web. Set to 0 for no limit, and to disable the IP cache process.
maxips = 0
# Process options
# (Change these only if you really know what you are doing).
# These options allow you to run multiple instances of e2guardian on a single machine.
# Remember to edit the log file path above also if that is your intention.
# IPC filename
#
# Defines IPC server directory and filename used to communicate with the log process.
ipcfilename = '/tmp/.e2guardianipc'
# URL list IPC filename
#
# Defines URL list IPC server directory and filename used to communicate with the URL
# cache process.
urlipcfilename = '/tmp/.e2guardianurlipc'
# IP list IPC filename
#
# Defines IP list IPC server directory and filename, for communicating with the client
# IP cache process.
ipipcfilename = '/tmp/.e2guardianipipc'
# PID filename
#
# Defines process id directory and filename.
#pidfilename = '/var/run/e2guardian.pid'
# Disable daemoning
# If enabled the process will not fork into the background.
# It is not usually advantageous to do this.
# on|off (defaults to off)
nodaemon = off
# Disable logging process
# on|off (defaults to off)
nologger = off
# Enable logging of "ADs" category blocks
# on|off (defaults to off)
logadblocks = off
# Enable logging of client User-Agent
# Some browsers will cause a *lot* of extra information on each line!
# on|off (defaults to off)
loguseragent = off
# Daemon runas user and group
# This is the user that e2guardian runs as. Normally the user/group nobody.
# Uncomment to use. Defaults to the user set at compile time.
# Temp files created during virus scanning are given owner and group read
# permissions; to use content scanners based on external processes, such as
# clamdscan, the two processes must run with either the same group or user ID.
#daemonuser = 'nobody'
#daemongroup = 'nobody'
# Soft restart
# When on this disables the forced killing off all processes in the process group.
# This is not to be confused with the -g run time option - they are not related.
# on|off (defaults to off)
softrestart = off
# Mail program
# Path (sendmail-compatible) email program, with options.
# Not used if usesmtp is disabled (filtergroup specific).
#!! Not compiled !!mailer = '/usr/sbin/sendmail -t'
#SSL certificate checking path
#Path to CA certificates used to validate the certificates of https sites.
# if left blank openssl default ca certificate bundle will be used
#Leave as default unless you want to load non-default cert bundle
#sslcertificatepath = ''
#SSL man in the middle
#CA certificate path
#Path to the CA certificate to use as a signing certificate for
#generated certificates.
# default is blank - required if ssl_mitm is enabled.
#cacertificatepath = '/home/stephen/dginstall/ca.pem'
#CA private key path
#path to the private key that matches the public key in the CA certificate.
# default is blank - required if ssl_mitm is enabled.
#caprivatekeypath = '/home/stephen/dginstall/ca.key'
#Cert private key path
#The public / private key pair used by all generated certificates
# default is blank - required if ssl_mitm is enabled.
#certprivatekeypath = '/home/stephen/dginstall/cert.key'
#Generated cert path
#The location where generated certificates will be saved for future use.
#(must be writable by the dg user)
# default is blank - required if ssl_mitm is enabled.
#generatedcertpath = '/home/stephen/dginstall/generatedcerts/'
#Warning: if you change the cert start/end time from default on a running
# system you will need to clear the generated certificate
# store and also may get problems on running client browsers
#Generated cert start time (in unix time) - optional
# defaults to 1417872951 = 6th Dec 2014
# generatedcertstart = 1417872951
#Generated cert end time (in unix time) - optional
# defaults to generatedcertstart + 10 years
#genratedcertend =
# generatedcertstart =
# monitor helper path
# If defined this script/binary will be called with start or stop appended as follows:-
#
# At start after e2guardian has started monitorstart children with ' start' appended
# When e2guardian is stopping with ' stop' appended
# If cache stops responding with ' stop' appended
# When cache resumes with ' start' appended
# monitorhelper = '/usr/local/bin/mymonitor'
# monitor flag prefix path
# If defined path will be used to generate flag files as follows:-
#
# At start after e2guardian has started monitorstart children with 'running' appended
# When e2guardian is stopping with 'paused' appended
# If cache stops responding with 'paused' appended
# When cache resumes with 'running' appended
# monitorflagprefix = '/tmp/e2g_run_flag_'
# monitorstart - defaults to minchildren
# valid values between 1 and minchildren
# monitorstart = 0
jab...@gmail.com
Jun 20, 2016, 9:46:06 AM6/20/16
to e2guardian, jab...@gmail.com
Complementing the above information, both tools work perfectly. What happens is that when I restart the server, access to working and noticed the message I put when I requested help. After reiniciarlização if give a restart in e2guardian access back. I also noticed that during the day the message will reappear again and no access to. To work around I have to keep restarting the e2guardian.
The mesagem I speak is the "Proxy is not responding - Waiting for proxy to Respond"
The mesagem I speak is the "Proxy is not responding - Waiting for proxy to Respond"
jab...@gmail.com
Jun 20, 2016, 9:48:30 AM6/20/16
to e2guardian, jab...@gmail.com
This server is not in production.
This configuration shown this on a test server.
This configuration shown this on a test server.
I am very grateful for the help.
jfcollado...@gmail.com
Jan 17, 2018, 2:21:26 PM1/17/18
to e2guardian
Hi, I have the seem problem. Have you find the solution? Sorry by my english.
FredB
Jan 17, 2018, 2:39:41 PM1/17/18
to e2gua...@googlegroups.com
This message is explicit, e2 can't reach your proxy
Check your configuration (proxyport=, proxyip=)
Check your configuration (proxyport=, proxyip=)
FredB
Jan 18, 2018, 4:02:39 AM1/18/18
to e2guardian
Ok do you have something else in squid cache.log and syslog ? Maybe your bandwidth is totally full ?
Which value are your using proxytimeout ?
How e2guardian works ? not all ? sometimes ?
Which value are your using proxytimeout ?
How e2guardian works ? not all ? sometimes ?
FredB
Jan 18, 2018, 9:30:09 AM1/18/18
to e2guardian
proxytimeout -> e2guardian.conf ?
Nothing in syslog or message ?
>
Nothing in syslog or message ?
>
Reply all
Reply to author
Forward
0 new messages