Squid Proxy filtering question

bjm3805 · Jun 13, 2014, 3:16 AM

I am relatively new to pfsense and squid proxy. My goal is to block all traffic to all website via the blacklist and allow access to only a few websites (via whitelist).

I am not exactly sure the best way to accomplish this. Is there a regex that I can specify for the blacklist?

bjm3805 · Jun 13, 2014, 1:19 PM

to help clarify, see the attached image of how I am trying to filter. Any suggestions on how to accomplish this would be most appreciated.

![6-13-2014 9-18-55 AM.jpg](/public/imported_attachments/1/6-13-2014 9-18-55 AM.jpg)
![6-13-2014 9-18-55 AM.jpg_thumb](/public/imported_attachments/1/6-13-2014 9-18-55 AM.jpg_thumb)

KOM · Jun 13, 2014, 8:27 PM

You need either SquidGuard or DansGuardian to do filtering like that. Squid by itself is mainly a caching server.

bjm3805 · Jun 14, 2014, 3:44 AM

Is there any assistance in getting them installed and configured as I am trying to? Is it straight forward?

KOM · Jun 16, 2014, 2:25 PM

It's not too hard. Start here:

https://doc.pfsense.org/index.php/SquidGuard_package

https://www.youtube.com/watch?v=czU56xmJAmE

bjm3805 · Jun 17, 2014, 3:06 AM

thanks for the help. I have it installed and by default I stopped traffic. I configured a target rule with the domains I am allowing. It works for google.com and one other. For blocked URL's, the browser is just timing out at the proxy server. I would expect it to quickly realize it isnt in the target rule and immediately redirect to the internal error page.

I must be missing something subtle in the configuration

KOM · Jun 17, 2014, 1:25 PM

Under Services - Proxy filter - Common ACL, what do you have for 'Redirect mode' and 'Redirect info'?

bjm3805 · Jun 17, 2014, 1:54 PM

int error page (enter error message)

nothing in redirect info

KOM · Jun 17, 2014, 6:09 PM

That is where you set your behaviour. If you want it to redirect internally, you will need to specify the URL to redirect to in the 'Redirect info' field. For example, on my config, if a user hits a blocked page, I redirect them to our company website:

Redirect mode: ext URL redirect (enter URL)
Redirect info: http://www.mycompany.com/

bjm3805 · Jun 19, 2014, 1:59 AM

I tried just in the target category and in the common acl (specifying an error message only) and neither seem to work.

Furthermore, only 2 of the 10 domains I defined in the domain list work. It seems like only the first 3 are working.

Here is what I have:

google.com 192.168.1.1 five9.com mail.extracz.com backtolearn.com explore-schools.com achieveyourcareer.com iframe.plattformpartners.com intranet.backtolearnmedia.com partners.backtolearn.com

KOM · Jun 19, 2014, 2:50 PM

I just tried your config and it's working fine for me.

First, I created a Target category named 'Google' and filled it with your domain/IP list and set its description to 'Test WL'.

Next, I created a custom Group ACL so that I could test without screwing up access for my users. I called my group "Test". The group has only my IP address in it. For Target Rules, I have Test WL [Google] on top set to Whitelist, and my Default access [all] set to Deny. Redirect mode is Ext URL redirect (enter URL) and Redirect is http://www.mycompany.com.

When you make your changes, SquidGuard has a little weirdness that makes you go back to the General tab, click Save and then click Apply. If you don't do this, your changes won't be acted on and nothing will work as you expected.

Now when I go to any URL that isn't in your list, I get my company page. When I go to any of your URLs, they work perfectly.