Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Proxy and Squidguard and WPAD

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rolf1316
      last edited by

      Hi,

      I'm trying to block facebook,youtube,and dropbox in our network using squid and squidguard, and wpad.

      I've been successful in doing this in a basic network setup ( wan + lan interfaces )

      basically squid runs in lan and I configured WPAD in DHCP settings and the DNS resolver as well.

      with this config.

      function FindProxyForURL(url, host)
      {
          if (isPlainHostName(host) ||
              shExpMatch(host, "*.local") ||
              isInNet(dnsResolve(host), "192.168.1.1",  "255.255.255.0"))
              return "DIRECT";

      return "PROXY 192.168.1.1:3128";
      }

      and in DHCP settings its configured :

      number: 252 type: string value: "http://192.168.1.1/wpad.dat"
      number: 252 type: string value: "http://192.168.1.1/wpad.da"
      number: 252 type: string value: "http://192.168.1.1/proxy.pac"

      and in DNS resolver :

      Host: wpad
      Domain: mylocaldomain.local
      IP Address: 192.168.1.1
      Description: WPAD Autoconfigure Host

      in Google chrome
      They block all succesfully (facebook,youtube)

      But it fails to block in firefox

      Now My question is ,

      If I uncheck the Check to enable the Squid proxy.

      My internet will be cut off ( in Google Chrome browser, its saying that I don't have internet connection but can ping 8.8.8.8(google) ).

      If I use Firefox browser I can browse through anywhere as well..

      What seems to be causing this problem?

      Plus can WPAD be configured to cater to VLANS but only using DNS resolver/forwarder as well? if so How? (is there a sample config?)

      TIA

      1 Reply Last reply Reply Quote 0
      • P
        pfsensation
        last edited by

        Firefox has its own connection management settings. Most likely it's bypassing the proxy altogether, just block ports 80 - 443 to enforce usage of the proxy.

        Why chrome doesn't work when you turn off Squid? That's because Chrome uses Windows proxy settings, WPAD is telling it to use a proxy that is no longer working. And as I said earlier, Firefox uses it's own connection settings, therefore it'll work until you make that detect proxy settings automatically.

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Yes, you need to ensure that FF is set to Auto-detect proxy for this network.  It's usually a good idea to block 80/443 tcp on LAN so that people can't just ignore the proxy.

          1 Reply Last reply Reply Quote 0
          • K
            killmasta93
            last edited by

            well recently been noticing auto detect takes a tab bit slow, i found out putting a GPO to automatic proxy URL makes the navigation quicker as it finds it faster. Also some sites do not like blocking port 80 so just block port 443  and let transparent squid take care of the port 80

            Tutorials:

            https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              If you're running in transparent mode then there is no need to block anything on LAN.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.