SquidGuard : to block all internet excep few web sites

Guest

You have webserver in LAN ?

Yes indeed, I need to access web pages on internal web site (http://192.168.1.1/…).

So I want to create a rule to whitelist (for exemple) tf1.fr, rtl.be and also to whitelist 192.168.1.1

But it is not allowed (at least on squidguard web gui) to set an ip (192.168.1.1) in the domain lists, so I'm stuck.

Thank you.

dvserg

@romegas:

You have webserver in LAN ?

Yes indeed, I need to access web pages on internal web site (http://192.168.1.1/…).

So I want to create a rule to whitelist (for exemple) tf1.fr, rtl.be and also to whitelist 192.168.1.1

But it is not allowed (at least on squidguard web gui) to set an ip (192.168.1.1) in the domain lists, so I'm stuck.

Thank you.

Try:
uncheck
squid: General >
Do NOT proxy Private Address Space (RFC 1918)

enter you webserver here:
squid > Access control
Unrestricted IPs

Guest

@dvserg:

Try:
uncheck
squid: General >
Do NOT proxy Private Address Space (RFC 1918)

enter you webserver here:
squid > Access control
Unrestricted IPs

I tryed both but no chance, still stuck. Below is the message I get.

---

Request denied by pfSense proxy: 403 Forbidden
Reason:
Client address: 192.168.1.72
Client group: test
Target group: none
URL: http://192.168.1.150/

---

Guest

I've found a way to do what I want but it's dirty one.

On IE->Options->Connections->Network parameters->Advanced

here I set the internal IP I want to access on the LAN (http://192.168.1.1; …) and it works, I can't access internet anymore except for the few sites in the squidguard whitelist, and I can access all web site on the lan. Now I have to do it on every computer, so dirty fix.

Guest

@romegas:

I've found a way to do what I want but it's dirty one.
On IE->Options->Connections->Network parameters->Advanced

Really it's not a good fix because any user can add a domain in these settings and it won't be block by squidguard.

Any idea ?

dvserg

If disable squidGuard - you internal site accessible?

Guest

@dvserg:

If disable squidGuard - you internal site accessible?

Yes it is. It's the squidguard rule that prevents me to access internal web site.

dvserg

@romegas:

@dvserg:

If disable squidGuard - you internal site accessible?

Yes it is. It's the squidguard rule that prevents me to access internal web site.

Pls post to my PM you SG config (Tab 'Log')

Guest

@dvserg:

Pls post to my PM you SG config (Tab 'Log')

Hi dvserg, it's posted.

dvserg

@romegas:

@dvserg:

Pls post to my PM you SG config (Tab 'Log')

Hi dvserg, it's posted.

Hi
Sorry, i look this nearest time.
Thanks