PFSENSE, Squid + SquidGuard User based ACL´s



  • Hi Guys,

    Saw a lot of documentation regarding how to setup Squid + SquidGuard, however all of them were IP Based.

    So, the question (if you can save me digging time) is:

    Is it possible to perform web filtering in pfsense against userlists acls (i.e local user with ncsa_auth + htpasswd)

    src usrs-adv {
        userlist  users-adv  #
        log users-advlogs
    }
    src usrs-std {
        userlist  users-std  #
        log users-stdlogs

    acl {
            usrs-adv {
    pass exemptions !blacklist !porn !spyware !tracker !webradio !webtv !chat !tunning all
    redirect http://localhost:8080/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
        }

    usrs-std {
    pass exemptions !blacklist !porn !chat !dating !downloads !gamble !hacking !movies !music !spyware !tracker !warez !webradio !webtv  !tunning all
    redirect http://localhost:8080/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
        }
    }

    If yes, or no.. I appreciate your time.
    Thanks



  • I don't think so.  Here is what you have to work with when using a squidguard ACL:

    Enter client's IP address or domain or "username" here. To separate them use space.

    Example:
    IP: 192.168.0.1 - Subnet: 192.168.0.0/24 or 192.168.1.0/255.255.255.0 - IP-Range: 192.168.1.1-192.168.1.10
    Domain: foo.bar matches foo.bar or *.foo.bar
    Username: 'user1'
    Ldap search (Ldap filter must be enabled in General Settings): ldapusersearch ldap://192.168.0.100/DC=domain,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=domain%2cDC=com))