Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid: white-list several domains only and block-list the rest

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andrewg
      last edited by

      Hi everyone,

      Question: How using Squid allow only white-listed domains, and block the rest?

      For example, I would like to allow only "forum.pfsense.org" domain and block the rest. What I should put into blacklist field?
      When I do the following:

      
whitelist:
forum.pfsense.org

blacklist:
.

      it also breaks access to "forum.pfsense.org". What is wildcard for blacklist field should be in such case?
      I have tried ".*" as well - result the same.

      All changes are done via standard GUI, pfSense v2.3.3

      Thank you in advance!

      1 Reply Last reply Reply Quote 0
      • B
        baloy4
        last edited by

        Great! We have the same network plan. Hope someone will help us, as we are new to pfSense as well. We need to whitelist about 20 work-related websites, then block everything else.

        Our pfSense server is working fine right now (online) as a router with DHCP enabled. We already installed Squid Proxy Server and SquidGuard Proxy Filter, and downloaded Shalla and URLBlacklist.com's list. Tried to follow some forum's guide in blocking and whitelisting, but no luck.

        Please, please, please help!

        1 Reply Last reply Reply Quote 0
        • S
          sichent Banned
          last edited by

          Something like https://docs.diladele.com/faq/filtering/locked_policy.html ?

          I am not sure why your .* regex does not work in blacklist - most probably the squid conf that is generated expects domain names and NOT domain regex. Then try to specify something like (not tested):

          acl all_others dstdom_regex .*
          http_access deny all_others

          See http://wiki.squid-cache.org/SquidFaq/SquidAcl

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.