[SOLVED]pfsense 2.43: squidguard doesn't deny to download exe, mp3, etc

  • Hey everybody.
    I installed pfSense 24.3 (x64) and i'm don't know how to deny download exe, mp3 and others extensions.
    I created a rule:


    After this i trying to write a this rule


    but this does not work.

  • Netgate Administrator

    More information needed.

    Where are you configuring that?

    How are you testing it?

    What result are you seeing? What do you expect to see?


  • Thanks for your reply.
    My steps for testing:

    1. added into "Proxy filter SquidGuard: Target categoriesEditTarget categories" new item with including regexp from my first post, named for example "block_ext";
    2. into "Proxy filter SquidGuard: Groups Access Control List (ACL)EditGroups ACL" add new group, for example "dis_ext", add in "client (source)" ip-address my test PC.
      There in the "Target Rules List" I set DENY for "block_ext";
    3. I go to "PackageProxy filter SquidGuard: General settingsGeneral settings" and click to "Apply";
    1. On my test PC I open web-browser and try go to address, for example, any site where I can download exe. Here I click to "download program" and this is possible.

    Sorry for my very bad English!

  • Netgate Administrator


    Do you have Squid setup to proxy http and https?

    Do other target categories block correctly?

    Do you see the .exe files in the Squid log being passed?


  • Hello.
    Yes, I selected "Transparent HTTP Proxy" for LAN.
    I was create new CA cert, export and install on my test PC.
    Also I was select "HTTPS/SSL Interception" for LAN, check my new CA-cert,
    set: SSL Proxy Compatibility Mode" - Modern,
    Remote Cert Checks - Do not verify remote certificate,
    Certificate Adapt - Sets the "Not before" (setValidBefore)

    After, I tested download exe on my test PC. And it is possible.
    In log I see link to exe.

  • Netgate Administrator

    Ok, so it's seeing the file pass but just not triggering on the acl.
    Try adding a target category with only .exe in it. If that triggers we know it's the regex not working as expected.


  • Hello!
    This is miracle!
    I created the rule


    and when I trying to download exe or mp3 - SquidGuard blocked it!

    my screenshot

    Thank you for you help for me!!!

    Maybe this theme to be helps for somebody.

  • Netgate Administrator

    Great! So looks like it was just a regex issue. Thanks for the follow up.


Log in to reply