Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid: white-list several domains only and block-list the rest

    Cache/Proxy
    3
    3
    2212
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andrewg last edited by

      Hi everyone,

      Question: How using Squid allow only white-listed domains, and block the rest?

      For example, I would like to allow only "forum.pfsense.org" domain and block the rest. What I should put into blacklist field?
      When I do the following:

      
whitelist:
forum.pfsense.org

blacklist:
.

      it also breaks access to "forum.pfsense.org". What is wildcard for blacklist field should be in such case?
      I have tried ".*" as well - result the same.

      All changes are done via standard GUI, pfSense v2.3.3

      Thank you in advance!

      1 Reply Last reply Reply Quote 0
      • B
        baloy4 last edited by

        Great! We have the same network plan. Hope someone will help us, as we are new to pfSense as well. We need to whitelist about 20 work-related websites, then block everything else.

        Our pfSense server is working fine right now (online) as a router with DHCP enabled. We already installed Squid Proxy Server and SquidGuard Proxy Filter, and downloaded Shalla and URLBlacklist.com's list. Tried to follow some forum's guide in blocking and whitelisting, but no luck.

        Please, please, please help!

        1 Reply Last reply Reply Quote 0
        • S
          sichent Banned last edited by

          Something like https://docs.diladele.com/faq/filtering/locked_policy.html ?

          I am not sure why your .* regex does not work in blacklist - most probably the squid conf that is generated expects domain names and NOT domain regex. Then try to specify something like (not tested):

          acl all_others dstdom_regex .*
          http_access deny all_others

          See http://wiki.squid-cache.org/SquidFaq/SquidAcl

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy