Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SquidGuard Not Blocking Porn Sites

    pfSense Packages
    6
    14
    3599
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ITlomb last edited by

      Greetings.

      Please may i request your assistance. With my latest PFsense installation. i setup SquidGaurd proxy with the shallalist rules set, Under the Common ACL Rules there is an option to block/Deny Porn.
      Ive applied the changes, Restarted PFsense, But these sites are still accessible.

      Not sure now as I thought that itll just work.

      Any suggestions?

      Thank you

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        Any changes you make in Squidguard must be saved and then applied via the General Settings page.

        Second, how do you know they aren't blocked? Have you confirmed the URL in question is in the list? Have you confirmed that your client is actually using the proxy?

        1 Reply Last reply Reply Quote 0
        • I
          ITlomb last edited by

          Greetings Kom

          This time round i did as mentioned. Made sure to save changes then applied. For good measure i restarted Firewall again. Still no luck. I am using a Transparent Proxy so clients shouldnt need to have any proxy settings setup.

          I have a PC here that im testing with, ( i obviously clean my IE Settings/DNS ) when testing so as to not get the cache pages. Doesnt matter what i search in Google i am always able to access these sites.

          Im not sure what you mean by " is the URL in Q in the list?" Under SquidGaurd Prxy CommonACL-TargetRulz- it just has the option to block_BL_Porn.

          Am fairly new to Pfsense :(

          1 Reply Last reply Reply Quote 0
          • KOM
            KOM last edited by

            Go to the Shallalist site. On the right, click Search for URL/Domains. Type in the URL and see if it's in the list at all, and if so, which category it's in.

            Are these sites https? Do you have https support properly configured? It's not simple. When testing, does the Squidguard log show anything?

            IIRC there was also something about how some part of squidguard wouldn't work unless a default Whitelist ACL was created first, but I don't remember the specifics.

            1 Reply Last reply Reply Quote 0
            • I
              ITlomb last edited by

              Hi Kom.

              Thanks for your response.

              Did as mentioned. Shallalist def shows the result .. Im using xnxx.com as an example. Looks like its https.
              as for the domain part i think its "porn/domain" according to shallalist website.

              When you say "Do I have HTTPS support properly configured". Then im not sure i understand completely as ive followed all the basic setups on Squid/Squidgaurd.

              Squidgaurd log doesnt show up when testing searching xnxx.com.

              I def do have a whitelist in my ACL- Target catargories.

              I do have SNORT as well, not sure if this is now also to be part of my problem. But even disablins SNORT still same problem. I getting the feeling my Squid is brocken. LOl

              Regards

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by

                Have you had a look at this official video from Netgate about configuring squid & squidguard?

                https://www.youtube.com/watch?v=xm_wEezrWf4

                1 Reply Last reply Reply Quote 0
                • I
                  ITlomb last edited by

                  Hi Kom

                  Yes i have seen this vid, and did wat was suggested, i watched this vid prior to installation.

                  1 Reply Last reply Reply Quote 0
                  • L
                    LostInIgnorance last edited by

                    Have you flushed the cache on squid prior to doing this test as I have seen it pull from there and not block as it was able to pull the cached copy.

                    1 Reply Last reply Reply Quote 0
                    • I
                      ITlomb last edited by

                      Greetings LostInIgnorance.

                      Am sorry for long delay in response, was on leave,

                      Under my Proxy server --> SquidHDisk cache settings --> Clear Disk Cache NOW.
                      -- I did clear that Cache and restarted Firewall. Still no difference.

                      I did notice Under Dynamic and Update Contect: Cache Dynamic Content radio block is unticked. Not sure if this has means anything or if it needs to be ticked.

                      Are there other Squid Cache areas that one needs to also clear?

                      Thank you

                      1 Reply Last reply Reply Quote 0
                      • T
                        toimagine last edited by

                        I too just within the week followed that same video and the firewall isn't blocking sites.
                        I followed it to the "T"

                        I found another link that talks about setting up the wpad.da file for https. I did this and verified that the test PC is using the routers DNS. Still not blocking. Is there anything else left out of the video that is obvious that we could be missing?

                        I may open a thread so that I don't troll yours, but I believe that we might be both having the same issue.

                        I'm setting up on a new Netgate SG-3100 Ver. 2.4.3
                        Squid 0.4.43_1
                        squidGuard 1.16.4

                        1 Reply Last reply Reply Quote 0
                        • I
                          ITlomb last edited by

                          Hi toimagine.

                          If you do find a solution. please let me know. At the moment i am looking at SNORT as there too are rules to test and hoping that might also solve this issue. When i do , i will revert back with the solution i found.

                          1 Reply Last reply Reply Quote 0
                          • R
                            revengineer last edited by

                            Just for grins, you did go to the squidguard->blacklist tab and hit the download button, right? I once reinstalled pfsense and restored my config and had the same problem.... until I manually downloaded the list in the above manner.

                            1 Reply Last reply Reply Quote 0
                            • I
                              ITlomb last edited by

                              HI Revengineer

                              As an extra effort, i did redownload blacklist, restarted firewall etc.
                              Made sure the Target rule is set to deny.

                              Still no difference.

                              1 Reply Last reply Reply Quote 0
                              • W
                                waqasalisha last edited by

                                squid guard not deduct most of Https website like youtube/facebook and other https secure site. so you need to block these all site from Firewall Rules with IP cidr

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post

                                Products

                                • Platform Overview
                                • TNSR
                                • pfSense Plus
                                • Appliances

                                Services

                                • Training
                                • Professional Services

                                Support

                                • Subscription Plans
                                • Contact Support
                                • Product Lifecycle
                                • Documentation

                                News

                                • Media Coverage
                                • Press
                                • Events

                                Resources

                                • Blog
                                • FAQ
                                • Find a Partner
                                • Resource Library
                                • Security Information

                                Company

                                • About Us
                                • Careers
                                • Partners
                                • Contact Us
                                • Legal
                                Our Mission

                                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                Subscribe to our Newsletter

                                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                © 2021 Rubicon Communications, LLC | Privacy Policy