Squid 3 for https blocking?

killmasta93

Hi,
So I have been trying to block https facebook and had no luck :(.
First i installed squid then squid guard then i realize it does not block https
then i installed squid 3 which it says it blocks https but im lost in configuring it.

This is my setup in proxy server interface: LAN
proxy port 3128
allow user on interface is checked
transparent http proxy checked

proxy filter squidguard is checked
and black list is checked with the shallalist
on the tab common acl the target rule deny is social network
do not allow ip addresses in url is checked
then i created in target categories a new name called test
then i added domain name
facebook.com es-la.facebook.com static.ak.fbcdn.net login.facebook.com www.login.facebook.com fbcdn.net fbcdn.com static.ak.connect.facebook.com

but now im confused on the part of reverse proxy

here are some snap shots

Thank you

chris4916

@killmasta93:

This is my setup in proxy server interface: LAN
proxy port 3128
allow user on interface is checked
transparent http proxy checked

Do not waste time (except for reading some documentation  ;D):

• transparent proxy will not handle HTTPS (except if you implement nasty "man in the middle" stuff but who would like to do this ???)

If you want to filter HTTPS, which does make sense BTW, then switch to explicit proxy, and implement WPAD in case you don't want to configure proxy on each and every device.

KOM

WPAD Autoconfigure for Squid

killmasta93

Hi,

Thank you for your response. I will give it a try and let you know how it goes. Another question so squidguard is pointless or keep it just for the heck of it? and I have to keep squid

Thank you

chris4916

Squid and Squidguard are two different beasts.

Squid acts as HTTP proxy and provides access control based on various rule types. It can't really filter URL and content but can delegate this task to external service like Squidguard.
If you want to implement content filtering, blacklist and stuff like this, you do need both Squid and Squidguard.

killmasta93

I think i might just roll back to pfsense 2.1 i have been reading alot, and most people in general having problems with 2.2.2. Im even having trouble with port forwarding…i will keep you posted to see if 2.1 seems more stable

Thank you

KOM

I got tired of all the funniness with Squid and decided to roll my own.  Squid3, squidGuard, Lightsquid and Sarg on a Ubuntu box.  Works like a charm.

killmasta93

KOM but you said WPAD? How does squidGuard work without Squid?

KOM

KOM but you said WPAD? How does squidGuard work without Squid?

I don't understand your question.  WPAD is a generic technology allows a client to find the Squid proxy automatically.  Squid relies on squidGuard to do URL filtering.

killmasta93

ohhh never mind i got it sorry for the ignorance  :-[