Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard : to block all internet excep few web sites

    Scheduled Pinned Locked Moved pfSense Packages
    12 Posts 2 Posters 12.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dvserg
      last edited by

      What mean 'I can't access LAN anymore ' ? You have webserver in LAN ?
      Or possible you must check you firewall rules ?
      Squid + squidGuard filter http access only.

      SquidGuardDoc EN  RU Tutorial
      Localization ru_PFSense

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        You have webserver in LAN ?

        Yes indeed, I need to access web pages on internal web site (http://192.168.1.1/…).

        So I want to create a rule to whitelist (for exemple) tf1.fr, rtl.be and also to whitelist 192.168.1.1

        But it is not allowed (at least on squidguard web gui) to set an ip (192.168.1.1) in the domain lists, so I'm stuck.

        Thank you.

        1 Reply Last reply Reply Quote 0
        • D
          dvserg
          last edited by

          @romegas:

          You have webserver in LAN ?

          Yes indeed, I need to access web pages on internal web site (http://192.168.1.1/…).

          So I want to create a rule to whitelist (for exemple) tf1.fr, rtl.be and also to whitelist 192.168.1.1

          But it is not allowed (at least on squidguard web gui) to set an ip (192.168.1.1) in the domain lists, so I'm stuck.

          Thank you.

          Try:
          uncheck
          squid: General >
          Do NOT proxy Private Address Space (RFC 1918)

          enter you webserver here:
          squid > Access control
          Unrestricted IPs

          SquidGuardDoc EN  RU Tutorial
          Localization ru_PFSense

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            @dvserg:

            Try:
            uncheck
            squid: General >
            Do NOT proxy Private Address Space (RFC 1918)

            enter you webserver here:
            squid > Access control
            Unrestricted IPs

            I tryed both but no chance, still stuck. Below is the message I get.


            Request denied by pfSense proxy: 403 Forbidden
            Reason:
            Client address: 192.168.1.72
            Client group: test
            Target group: none
            URL: http://192.168.1.150/


            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              I've found a way to do what I want but it's dirty one.

              On IE->Options->Connections->Network parameters->Advanced

              here I set the internal IP I want to access on the LAN (http://192.168.1.1; …) and it works, I can't access internet anymore except for the few sites in the squidguard whitelist, and I can access all web site on the lan. Now I have to do it on every computer, so dirty fix.

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                @romegas:

                I've found a way to do what I want but it's dirty one.
                On IE->Options->Connections->Network parameters->Advanced

                Really it's not a good fix because any user can add a domain in these settings and it won't be block by squidguard.

                Any idea ?

                1 Reply Last reply Reply Quote 0
                • D
                  dvserg
                  last edited by

                  If disable squidGuard - you internal site accessible?

                  SquidGuardDoc EN  RU Tutorial
                  Localization ru_PFSense

                  1 Reply Last reply Reply Quote 0
                  • ?
                    Guest
                    last edited by

                    @dvserg:

                    If disable squidGuard - you internal site accessible?

                    Yes it is. It's the squidguard rule that prevents me to access internal web site.

                    1 Reply Last reply Reply Quote 0
                    • D
                      dvserg
                      last edited by

                      @romegas:

                      @dvserg:

                      If disable squidGuard - you internal site accessible?

                      Yes it is. It's the squidguard rule that prevents me to access internal web site.

                      Pls post to my PM you SG config (Tab 'Log')

                      SquidGuardDoc EN  RU Tutorial
                      Localization ru_PFSense

                      1 Reply Last reply Reply Quote 0
                      • ?
                        Guest
                        last edited by

                        @dvserg:

                        Pls post to my PM you SG config (Tab 'Log')

                        Hi dvserg, it's posted.

                        1 Reply Last reply Reply Quote 0
                        • D
                          dvserg
                          last edited by

                          @romegas:

                          @dvserg:

                          Pls post to my PM you SG config (Tab 'Log')

                          Hi dvserg, it's posted.

                          Hi
                          Sorry, i look this nearest time.
                          Thanks

                          SquidGuardDoc EN  RU Tutorial
                          Localization ru_PFSense

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.