SquidGuard : to block all internet excep few web sites

Guest · Mar 6, 2009, 4:49 PM

Hi all,

I want Squidguard to block all internet excep few sites.

So I set the "Default access" to "Deny", and define the list of websites I want to allow, and set these sites to "Whitelist" in the "Default".

Problem is that I can't access LAN anymore (can't define ip addresses in the domains list).

So my question is how to allow LAN then ?

Thank you.

dvserg · Mar 6, 2009, 5:21 PM

What mean 'I can't access LAN anymore ' ? You have webserver in LAN ?
Or possible you must check you firewall rules ?
Squid + squidGuard filter http access only.

Guest · Mar 6, 2009, 5:31 PM

You have webserver in LAN ?

Yes indeed, I need to access web pages on internal web site (http://192.168.1.1/…).

So I want to create a rule to whitelist (for exemple) tf1.fr, rtl.be and also to whitelist 192.168.1.1

But it is not allowed (at least on squidguard web gui) to set an ip (192.168.1.1) in the domain lists, so I'm stuck.

Thank you.

dvserg · Mar 6, 2009, 5:50 PM

@romegas:

You have webserver in LAN ?

Yes indeed, I need to access web pages on internal web site (http://192.168.1.1/…).

So I want to create a rule to whitelist (for exemple) tf1.fr, rtl.be and also to whitelist 192.168.1.1

But it is not allowed (at least on squidguard web gui) to set an ip (192.168.1.1) in the domain lists, so I'm stuck.

Thank you.

Try:
uncheck
squid: General >
Do NOT proxy Private Address Space (RFC 1918)

enter you webserver here:
squid > Access control
Unrestricted IPs

Guest · Mar 7, 2009, 8:05 AM

@dvserg:

Try:
uncheck
squid: General >
Do NOT proxy Private Address Space (RFC 1918)

enter you webserver here:
squid > Access control
Unrestricted IPs

I tryed both but no chance, still stuck. Below is the message I get.

Request denied by pfSense proxy: 403 Forbidden
Reason:
Client address: 192.168.1.72
Client group: test
Target group: none
URL: http://192.168.1.150/

Guest · Mar 7, 2009, 10:19 AM

I've found a way to do what I want but it's dirty one.

On IE->Options->Connections->Network parameters->Advanced

here I set the internal IP I want to access on the LAN (http://192.168.1.1; …) and it works, I can't access internet anymore except for the few sites in the squidguard whitelist, and I can access all web site on the lan. Now I have to do it on every computer, so dirty fix.

Guest · Mar 8, 2009, 10:42 AM

@romegas:

I've found a way to do what I want but it's dirty one.
On IE->Options->Connections->Network parameters->Advanced

Really it's not a good fix because any user can add a domain in these settings and it won't be block by squidguard.

Any idea ?

dvserg · Mar 8, 2009, 6:48 PM

If disable squidGuard - you internal site accessible?

Guest · Mar 9, 2009, 8:20 AM

@dvserg:

If disable squidGuard - you internal site accessible?

Yes it is. It's the squidguard rule that prevents me to access internal web site.

dvserg · Mar 9, 2009, 10:39 AM

@romegas:

@dvserg:

If disable squidGuard - you internal site accessible?

Yes it is. It's the squidguard rule that prevents me to access internal web site.

Pls post to my PM you SG config (Tab 'Log')

Guest · Mar 10, 2009, 9:50 AM

@dvserg:

Pls post to my PM you SG config (Tab 'Log')

Hi dvserg, it's posted.

dvserg · Mar 10, 2009, 11:41 AM

@romegas:

@dvserg:

Pls post to my PM you SG config (Tab 'Log')

Hi dvserg, it's posted.

Hi
Sorry, i look this nearest time.
Thanks