• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Squid Proxy and Squidguard and WPAD

Scheduled Pinned Locked Moved Cache/Proxy
5 Posts 4 Posters 2.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rolf1316
    last edited by May 18, 2017, 9:20 AM

    Hi,

    I'm trying to block facebook,youtube,and dropbox in our network using squid and squidguard, and wpad.

    I've been successful in doing this in a basic network setup ( wan + lan interfaces )

    basically squid runs in lan and I configured WPAD in DHCP settings and the DNS resolver as well.

    with this config.

    function FindProxyForURL(url, host)
    {
        if (isPlainHostName(host) ||
            shExpMatch(host, "*.local") ||
            isInNet(dnsResolve(host), "192.168.1.1",  "255.255.255.0"))
            return "DIRECT";

    return "PROXY 192.168.1.1:3128";
    }

    and in DHCP settings its configured :

    number: 252 type: string value: "http://192.168.1.1/wpad.dat"
    number: 252 type: string value: "http://192.168.1.1/wpad.da"
    number: 252 type: string value: "http://192.168.1.1/proxy.pac"

    and in DNS resolver :

    Host: wpad
    Domain: mylocaldomain.local
    IP Address: 192.168.1.1
    Description: WPAD Autoconfigure Host

    in Google chrome
    They block all succesfully (facebook,youtube)

    But it fails to block in firefox

    Now My question is ,

    If I uncheck the Check to enable the Squid proxy.

    My internet will be cut off ( in Google Chrome browser, its saying that I don't have internet connection but can ping 8.8.8.8(google) ).

    If I use Firefox browser I can browse through anywhere as well..

    What seems to be causing this problem?

    Plus can WPAD be configured to cater to VLANS but only using DNS resolver/forwarder as well? if so How? (is there a sample config?)

    TIA

    1 Reply Last reply Reply Quote 0
    • P
      pfsensation
      last edited by May 18, 2017, 1:33 PM

      Firefox has its own connection management settings. Most likely it's bypassing the proxy altogether, just block ports 80 - 443 to enforce usage of the proxy.

      Why chrome doesn't work when you turn off Squid? That's because Chrome uses Windows proxy settings, WPAD is telling it to use a proxy that is no longer working. And as I said earlier, Firefox uses it's own connection settings, therefore it'll work until you make that detect proxy settings automatically.

      1 Reply Last reply Reply Quote 0
      • K
        KOM
        last edited by May 18, 2017, 3:27 PM

        Yes, you need to ensure that FF is set to Auto-detect proxy for this network.  It's usually a good idea to block 80/443 tcp on LAN so that people can't just ignore the proxy.

        1 Reply Last reply Reply Quote 0
        • K
          killmasta93
          last edited by May 19, 2017, 4:54 AM

          well recently been noticing auto detect takes a tab bit slow, i found out putting a GPO to automatic proxy URL makes the navigation quicker as it finds it faster. Also some sites do not like blocking port 80 so just block port 443  and let transparent squid take care of the port 80

          Tutorials:

          https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

          1 Reply Last reply Reply Quote 0
          • K
            KOM
            last edited by May 19, 2017, 1:48 PM

            If you're running in transparent mode then there is no need to block anything on LAN.

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received