Squid Proxy and Squidguard and WPAD
rolf1316 last edited by
I'm trying to block facebook,youtube,and dropbox in our network using squid and squidguard, and wpad.
I've been successful in doing this in a basic network setup ( wan + lan interfaces )
basically squid runs in lan and I configured WPAD in DHCP settings and the DNS resolver as well.
with this config.
function FindProxyForURL(url, host)
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "192.168.1.1", "255.255.255.0"))
return "PROXY 192.168.1.1:3128";
and in DHCP settings its configured :
and in DNS resolver :
IP Address: 192.168.1.1
Description: WPAD Autoconfigure Host
in Google chrome
They block all succesfully (facebook,youtube)
But it fails to block in firefox
Now My question is ,
If I uncheck the Check to enable the Squid proxy.
My internet will be cut off ( in Google Chrome browser, its saying that I don't have internet connection but can ping 22.214.171.124(google) ).
If I use Firefox browser I can browse through anywhere as well..
What seems to be causing this problem?
Plus can WPAD be configured to cater to VLANS but only using DNS resolver/forwarder as well? if so How? (is there a sample config?)
pfsensation last edited by
Firefox has its own connection management settings. Most likely it's bypassing the proxy altogether, just block ports 80 - 443 to enforce usage of the proxy.
Why chrome doesn't work when you turn off Squid? That's because Chrome uses Windows proxy settings, WPAD is telling it to use a proxy that is no longer working. And as I said earlier, Firefox uses it's own connection settings, therefore it'll work until you make that detect proxy settings automatically.
KOM last edited by
Yes, you need to ensure that FF is set to Auto-detect proxy for this network. It's usually a good idea to block 80/443 tcp on LAN so that people can't just ignore the proxy.
killmasta93 last edited by
well recently been noticing auto detect takes a tab bit slow, i found out putting a GPO to automatic proxy URL makes the navigation quicker as it finds it faster. Also some sites do not like blocking port 80 so just block port 443 and let transparent squid take care of the port 80
KOM last edited by
If you're running in transparent mode then there is no need to block anything on LAN.