Installing SquidGuard 1.14_4 pfsense 2.3.2(amd64)
-
Auto-detect relies on you having configured WPAD. Have you done this? Also, unless you add a block on LAN for tcp 80/443 then the users can easily get around your proxy.
By the way, the proper forum for squid/squidguard is the Cache/Proxy forum.
-
Hi KOM,
Yes, i set in the rules to block the port 80/443. Please see attache images. In matter of the WPAD i did not config here because i enable a transparent proxy in my squid. because i set my pfsense box into admin but i want a restriction and minimal browsing in the admin side.
Thanks,
papartsharingan
 -
You don't show enough of your rules. I have no idea where they are relative to other rules. Rules are processed top-down.
In matter of the WPAD i did not config here because i enable a transparent proxy in my squid.
This detail would have been nice to know beforehand. I don't use squid in transparent mode as it's a royal pain in the ass. Use explicit mode along with WPAD and you will be able to use squidguard to filter HTTPS URLs.
-
Hi KOM,
here is my firewall rules please attach image..
And do you have any link to the correct config of WPAD?.
Thanks,
papartsharingan
 -
All of your ALL IP rules are useless since that traffic is handled by the Default Allow LAN to Any rule at the bottom. Get rid of all of those rules and then your users will not be able to go around the proxy.
-
Hi KOM,
What do you mean by rid?
you mean the default allow LAN to any rule will be transfer to top above the pfblocker?
thanks,
papartsharngan
-
Please, avoid multiposts. https://forum.pfsense.org/index.php?topic=124567.0
Additionally, both posted in wrong forum. :(
-
What do you mean by rid?
rid = delete
you mean the default allow LAN to any rule will be transfer to top above the pfblocker?
No. I didn't say anything about the pfBlocker rules. I said delete all of your user rules contained within the ALL IP section because their functionality is already handled by the Default Allow rule.
-
Hi KOM,
1 Last question here..
No. I didn't say anything about the pfBlocker rules. I said delete all of your user rules contained within the ALL IP section because their functionality is already handled by the Default Allow rule.
What if i will disabled the Default allow LAN to any rule?..is it ok?…
because i cant't delete the ALL IP it is because in there i can adjust there bandwithd and other options in rules.
thanks,
papartsharingan
-
What if i will disabled the Default allow LAN to any rule?..is it ok?…
If you do that then nothing on your network will have Internet access except for those users under ALL IP.
because i cant't delete the ALL IP it is because in there i can adjust there bandwithd and other options in rules.
There are better ways to use traffic shaping or limiters to manage bandwidth. Having a hard cap per user usually isn't optimal as bandwidth above the cap doesn't get used.
-
Hi KOM,
If you do that then nothing on your network will have Internet access except for those users under ALL IP.
This is what i want..
thanks KOM
papartsharingan
-
There are better ways to use traffic shaping or limiters to manage bandwidth. Having a hard cap per user usually isn't optimal as bandwidth above the cap doesn't get used.
I don't have any config on that
-
Then head on over to the Traffic Shaping forum and start asking questions.
-
Thanks KOM
-
It seems the old known problem ( http://https* ) is still present on version 2.3.4
Also, for some reason, when using HTTPS for pfsense console, Squidguard is not redirecting the error page for Https, but http.
Still investigatin it here…
