Help finishing setting up squid guard

c9870

so i got SG most of the way setup only have a few things i need help with a few things.

what i have:

i need to block youtube and other data hogs during a certain times of the day, while allowing it during other times. (have the time set to block in the pic below).

What i need help with:
1. actually having it not block during the specified time i tell it not to block.
1a. it blocks good during the period i set for it to block, but continues to block during the other time.

2. Blocking https://www.youtube.com
2a. if people go to secure youtube, or use a bookmark that has the https, or embeded youtube videos (normally ads) the videos still load.

is there any settings i can change / update to fix these issues.

Thanks in advance

from Log > Proxy Config

This file is automatically generated by pfSense

Do not edit manually !

http_port 192.168.1.1:3128
http_port 127.0.0.1:3128 intercept
icp_port 7
dns_v4_first off
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language en
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 5
shutdown_lifetime 3 seconds

Allow local network(s) on interface(s)

acl localnet src 192.168.1.0/24
uri_whitespace strip

Break HTTP standard for flash videos. Keep them in cache even if asked not to.

refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private

Let the clients favorite video site through with full caching

acl youtube dstdomain .youtube.com
cache allow youtube

Windows Update refresh_pattern

range_offset_limit -1
refresh_pattern -i microsoft.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i my.windowsupdate.website.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
cache_mem 1024 MB
maximum_object_size_in_memory 1024 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 28000 32 256
minimum_object_size 0 KB
maximum_object_size 30000 KB
offline_mode oncache_swap_low 90
cache_swap_high 95

Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320

No redirector configured

#Remote proxies

Setup some default acls

acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

Define protocols used for redirects

acl HTTP proto HTTP
acl HTTPS proto HTTPS

acl blacklist dstdom_regex -i '/var/squid/acl/blacklist.acl'
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 4100000 KB allsrc
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100

Throttle extensions matched in the url

acl throttle_exts urlpath_regex -i '/var/squid/acl/throttle_exts.acl'
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc

Reverse Proxy settings

Package Integration

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass off
url_rewrite_children 5

Custom options

Block access to blacklist domains

http_access deny blacklist

Setup allowed acls

Allow local network(s) on interface(s)

http_access allow localnet

Default block all to be sure

http_access deny allsrc

FROM LOG > Filter Config

============================================================

SquidGuard configuration file

This file generated automaticly with SquidGuard configurator

(C)2006 Serg Dvoriancev

email: dv_serg@mail.ru

============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

enables SG durring the metered time

time blockmetered {
weekly * 00:00-03:00
weekly * 08:00-23:59
}

time unmetered {
weekly * 03:00-07:59
}

blocks durring metered time

src blockACLall {
ip 192.168.1.104
log block.log
}

dest blk_blacklists_ads {
domainlist blk_blacklists_ads/domains
urllist blk_blacklists_ads/urls
log block.log
}

dest blk_blacklists_aggressive {
domainlist blk_blacklists_aggressive/domains
urllist blk_blacklists_aggressive/urls
log block.log
}

dest blk_blacklists_audio-video {
domainlist blk_blacklists_audio-video/domains
urllist blk_blacklists_audio-video/urls
log block.log
}

dest blk_blacklists_drugs {
domainlist blk_blacklists_drugs/domains
urllist blk_blacklists_drugs/urls
log block.log
}

dest blk_blacklists_gambling {
domainlist blk_blacklists_gambling/domains
urllist blk_blacklists_gambling/urls
log block.log
}

dest blk_blacklists_hacking {
domainlist blk_blacklists_hacking/domains
urllist blk_blacklists_hacking/urls
log block.log
}

dest blk_blacklists_mail {
domainlist blk_blacklists_mail/domains
log block.log
}

dest blk_blacklists_porn {
domainlist blk_blacklists_porn/domains
urllist blk_blacklists_porn/urls
log block.log
}

dest blk_blacklists_proxy {
domainlist blk_blacklists_proxy/domains
urllist blk_blacklists_proxy/urls
log block.log
}

dest blk_blacklists_redirector {
domainlist blk_blacklists_redirector/domains
urllist blk_blacklists_redirector/urls
log block.log
}

dest blk_blacklists_spyware {
domainlist blk_blacklists_spyware/domains
urllist blk_blacklists_spyware/urls
log block.log
}

dest blk_blacklists_suspect {
domainlist blk_blacklists_suspect/domains
urllist blk_blacklists_suspect/urls
log block.log
}

dest blk_blacklists_violence {
domainlist blk_blacklists_violence/domains
urllist blk_blacklists_violence/urls
log block.log
}

dest blk_blacklists_warez {
domainlist blk_blacklists_warez/domains
urllist blk_blacklists_warez/urls
log block.log
}

blocks youtube and redirects to the exede data notice page

dest youtubeblock {
domainlist youtubeblock/domains
redirect http://notice.exede.net/dap-redirect.php
log block.log
}

Blocks a range of Domains associated to Windows Update

dest windowsupdateblk {
domainlist windowsupdateblk/domains
redirect http://notice.exede.net/dap-redirect.php&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
log block.log
}

rew safesearch {
s@(google../search?.q=.)@&safe=active@i
s@(google../images.q=.)@&safe=active@i
s@(google../groups.q=.)@&safe=active@i
s@(google../news.q=.)@&safe=active@i
s@(yandex../yandsearch?.text=.)@&fyandex=1@i
s@(search.yahoo../search.p=.)@&vm=r&v=1@i
s@(search.live../.q=.)@&adlt=strict@i
s@(search.msn../.q=.)@&adlt=strict@i
s@(.bing..*/.q=.)@&adlt=strict@i
log block.log
}

acl {

blocks durring metered time

blockACLall within blockmetered {
pass blk_blacklists_mail !youtubeblock !windowsupdateblk !blk_blacklists_aggressive !blk_blacklists_audio-video !blk_blacklists_drugs !blk_blacklists_gambling !blk_blacklists_hacking !blk_blacklists_porn !blk_blacklists_proxy !blk_blacklists_redirector !blk_blacklists_spyware !blk_blacklists_suspect !blk_blacklists_violence !blk_blacklists_warez all
redirect http://notice.exede.net/dap-redirect.php
log block.log
} else {
pass youtubeblock windowsupdateblk blk_blacklists_mail all
redirect http://notice.exede.net/dap-redirect.php
log block.log
}

default {
pass blk_blacklists_mail all
redirect http://notice.exede.net/dap-redirect.php
log block.log
}
}

Untitled.jpg_thumb

ast

I'm also new to pfsense, I believe you can do this via firewall rules and schedules.