Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squidguard Web Filter Issues

    Scheduled Pinned Locked Moved pfSense Packages
    44 Posts 3 Posters 40.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coachs88
      last edited by

      Okay. So now I have users allowed to interface and it is partially working.. but it is blocking all websites again, for all users. Not just the limited workstations.

      I followed all previous directions and thought this would get everything. I can tell it's going in the right direction so I must have proxy filter sat up wrong somehow.. also, is there anythiing I need to do in the access control tab?

      If I attach more screen shots would you be able to tell me what I'm doing wrong?

      "You are merely a better target in the light."

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        You could post screens of Target categories, group acl and common acl.

        But I think, if all users get blocked, you have to go to "Common ACL" and check "allow" there for any target rules.

        1 Reply Last reply Reply Quote 0
        • C
          coachs88
          last edited by

          Here you go. Hope these help.

          proxy3.png
          proxy3.png_thumb

          "You are merely a better target in the light."

          1 Reply Last reply Reply Quote 0
          • C
            coachs88
            last edited by

            Group ACL

            proxy4.png
            proxy4.png_thumb

            "You are merely a better target in the light."

            1 Reply Last reply Reply Quote 0
            • C
              coachs88
              last edited by

              Target categories

              proxy5.png
              proxy5.png_thumb

              "You are merely a better target in the light."

              1 Reply Last reply Reply Quote 0
              • N
                Nachtfalke
                last edited by

                Hi,

                in "Common ACL" and "Group ACL" it would be necessary to see what is in "Target Rules List (click here)"

                Further in "Groups ACL": Why did you enter every single IP in Client (source) ? Why didn't you just enter a hole subnet 192.168..40.0/24 ?

                "Target Categories"…...you haven't entered anything there. This makes no sense. Either you enter the sites you want to ALLOW or you enter the sites you want to block.

                What do you want to realize ?
                What should the hosts you entered in "Group ACL" shoul do ?
                Do you just want to block same sites like porn or something else or do you want that everything of the internet is blocked except some sites ?

                1 Reply Last reply Reply Quote 0
                • C
                  coachs88
                  last edited by

                  Sorry.. that was a bad screen shot. I do have stuff entered in the target categories. here is a better one.

                  There is only 1 subnet at my company. I entered individual clients as a way to separate restricted workstations from admin workstations.

                  What I want to happen is this: restricted workstations have EVERYTHING blocked except a few websites which are needed to do their job. Everything else must be blocked. I.e personal email, facebook, youtube, porn, etc etc. Which is why I want it all blocked by default for those certain workstations. Does that make sense? I hope this screenshot clears up some confusion.

                  proxy6.png
                  proxy6.png_thumb

                  "You are merely a better target in the light."

                  1 Reply Last reply Reply Quote 0
                  • N
                    Nachtfalke
                    last edited by

                    okay.

                    I think there is a mistake in the "Expressions" block.
                    Expressions are - that's the way I understand it - if an URL contains a word of this. For example if the expression is:

                    .porn.

                    This means every URL with the word "porn" in front, at the end or somewhere in the middle is blocked:
                    www.XYZporn.com
                    www.pornXYZ.com
                    www.ABCpornXYZ.com

                    You have to put your IPs and URLs in the block "Domain list".
                    The text above explains it. Just enter there:

                    
                    google.com 12.23.34.45 12.12.34.34 34.34.34.34 example.com amazon.com
                    
                    

                    PS: If you are using IPs, you must be sure, that you didn't check the box "Do not allow IP addresses in URLs".
                    It is better to use domain names in the "domain list" so the IP behind this domain can change and you do not need to change this from time to time in SquidGuard. If it is not possible to use domain names, then remember the checkbox with "Do not allow IP addresses in URLs"

                    To your question if this make sense:
                    Yes it does. I am doing this the same way.

                    1 Reply Last reply Reply Quote 0
                    • C
                      coachs88
                      last edited by

                      Sorry for the delayed reply.. haven't been into work for a few days, have been terribly sick with mono.

                      Anyway, I tried your suggestion of instead of having expressions, having all the domains I want to whitelist instead. Now instead of them all getting blocked on all workstations, it isn't blocking anything at all!

                      Should I post screen shots again? I really don't understand what I'm missing at this point.

                      "You are merely a better target in the light."

                      1 Reply Last reply Reply Quote 0
                      • N
                        Nachtfalke
                        last edited by

                        Sure, you can post again all tabs of SquidGuard.

                        But you want to realize the same as I am doing and I posted all necessary options in my screenshots. Perhaps you are missing one little checkbox ;-)

                        Further, after changing anything in SquidGuard, are you applying "Save" and after this "Apply" on the first tab of SquidGuard ? This is neccessary for a working proxy filter!

                        1 Reply Last reply Reply Quote 0
                        • C
                          coachs88
                          last edited by

                          Okay. Here are the updated screenshots. I hope you can help.

                          Filter is working perfectly on limited workstations but it isn't allowing all access to admin workstations.

                          prxy1.png
                          prxy1.png_thumb

                          "You are merely a better target in the light."

                          1 Reply Last reply Reply Quote 0
                          • C
                            coachs88
                            last edited by

                            Another

                            prxy2.png
                            prxy2.png_thumb

                            "You are merely a better target in the light."

                            1 Reply Last reply Reply Quote 0
                            • C
                              coachs88
                              last edited by

                              Next

                              prxy3.png
                              prxy3.png_thumb

                              "You are merely a better target in the light."

                              1 Reply Last reply Reply Quote 0
                              • C
                                coachs88
                                last edited by

                                Next

                                prxy4.png
                                prxy4.png_thumb

                                "You are merely a better target in the light."

                                1 Reply Last reply Reply Quote 0
                                • C
                                  coachs88
                                  last edited by

                                  Last one

                                  prxy5.png
                                  prxy5.png_thumb

                                  "You are merely a better target in the light."

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    Nachtfalke
                                    last edited by

                                    Hi,

                                    proxy3.png:

                                    uncheck "Do not allow IP addresses bypass"
                                    defaulf access: allow and NOT deny.
                                    This page is for the admin workstations, like you call it ;)
                                    All that you deny on this page is a restriction for you admin workstation.

                                    proxy4.png:
                                    Is ok, but here you can check:
                                    "Do not allow IP addresses bypass" BUT ONLY if you dot not have any IP addresses in proxy5.png

                                    Head up - you got it :-)

                                    1 Reply Last reply Reply Quote 0
                                    • C
                                      coachs88
                                      last edited by

                                      Dang..

                                      I have done all of these things and it still isn't working how I want. It is still blocking all access to limited workstations. Every other computer (admin) it is blocking access except the whitelist.

                                      I don't understand what could possibly be going wrong at this point.  :-[

                                      "You are merely a better target in the light."

                                      1 Reply Last reply Reply Quote 0
                                      • N
                                        Nachtfalke
                                        last edited by

                                        Can you show me again your changed "Common ACL" tab.
                                        And, do you click ALWAYS "Save" and "apply" on "General settings" tab ?

                                        1 Reply Last reply Reply Quote 0
                                        • C
                                          coachs88
                                          last edited by

                                          Here you go.

                                          commonacl.png
                                          commonacl.png_thumb

                                          "You are merely a better target in the light."

                                          1 Reply Last reply Reply Quote 0
                                          • N
                                            Nachtfalke
                                            last edited by

                                            Hmmmm, I can not see any difference to my filter config. Not sure why it is not working.

                                            Please try to save and apply settings in squid guard again and then check "Filter GUI" in squid guard. Perhaps there is some info because it isn't working. please also try to check system logs after reconfiguring squidguard.

                                            perhaps you can focus the maintainer of SquidGuard "dvserge" to this thread. I am at the end of my know how.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.