I need to block all sites and allow just a few
-
Hi, I'm new to linux and i've set up a pfsense box with squid and squidguard, i need transparent proxy because i can't access every machine on network and set cert and anything else for 2 reasons, 1°, too many pcs; 2° there a Sony streamer that i can't config ip or cert, so it only works with dhcp(ask Sony why).
The initial allowed sites are:
Any .gov site
any tjrs or tj
google
facebook
youtube to just one machine the streamer -
Have a look at pfBlockerNG, not sure if allow *.gov, etc … and then reject anything else
https://forum.pfsense.org/index.php?topic=102470.0
I don't use it myself, but it's what I'd be looking at if I needed to.
-
pfBlocker might be too heavy for just an URL filter. Squid + squidguard could do it.
-
Hi, I'm new to linux and i've set up a pfsense box…
Just to get you disillusioned from the beginning: pfSense is based on FreeBSD which is NOT Linux.
So with pfSense you are new to FreeBSD. ;) -
-
@KOM:
pfBlocker might be too heavy for just an URL filter. Squid + squidguard could do it.
squid cant block https and squid guard need to name every single domain in the world to block and that is way too much even if i knew all domains, i've tried cheating it by blocking a single "." as any domain in the world will have a".", but it block everything even white listed sites or i don't know how to use it
-
-
squid cant block https
That's news to me. It seems to work just fine for me and others.
squid guard need to name every single domain in the world to block
What are you talking about??? Just set the default ACL to block all and then put allowed URLs in the whitelist.
-
@KOM:
squid cant block https
That's news to me. It seems to work just fine for me and others.
squid guard need to name every single domain in the world to block
What are you talking about??? Just set the default ACL to block all and then put allowed URLs in the whitelist.
Squid can't filter https, that is because ssl, and the reason ssl interception option on squid conf, but it doen't work(cause certificate issues)
BTW squid can block https on non transparent proxy mode, which is silly because anyone with a brain can bypass it on non transparent mode
Squid Guard block all option does what it says block everything even white listed sites, just tested it
as it read block then allow and not allow then block, or there's a option to change which direction it get first(block/allow; allow/block) -
Squid can't filter https, that is because ssl, and the reason ssl interception option on squid conf, but it doen't work(cause certificate issues)
Nonsense. It sounds like you don't have it configure properly.
BTW squid can block https on non transparent proxy mode, which is silly because anyone with a brain can bypass it on non transparent mode
It never occurred to you to block 80,443 tcp on LAN?
Squid Guard block all option does what it says block everything even white listed sites, just tested it
I'm pretty sure you can and you're doing it wrong.
as it read block then allow and not allow then block, or there's a option to change which direction it get first(block/allow; allow/block)
Sorry, what? I don't understand what you're trying to say.
Watch this:
https://www.youtube.com/watch?v=xm_wEezrWf4
