Pfsense squid + squidguard in transparent mode blocking by aliases
-
Hello, good morning, I'm about to configure the restrictions in my pfsense I have installed squid and squidguard I plan to do it by aliases, I wanted to know if it is good option for https and http content? Well, I'll simulate 2 networks, for example, accounting and support, and each of them, depending on the range of ips, will block certain content. I hope you understand me, I would greatly appreciate your comments.
-
You use ACLs for that. Different ACLs have different rules, and you can put different users where you want.
-
@KOM I implemented ACL but it did not work for me, it does not block the content I want. So I would like to implement the aliases :o
-
I'm not sure what you mean by aliases. You mean pfSense aliases? I'm not even sure how those would even apply. Why not get squid & squidguard working the way they should instead of giving up and then trying to invent something?
-
@KOM Through firewall rules and aliases in pfsense block unwanted content. Because I try squidguard with the black list, target categories and groups ACL but it does not block and I want it to do it more specifically. Thank you for your comments
-
@ab96 said in Pfsense squid + squidguard in transparent mode blocking by aliases:
Because I try squidguard with the black list, target categories and groups ACL but it does not block
Then you are doing something wrong. It works fine for me and others. I have six different ACLs for general users, management and specific users. The order of ACLs is VERY important.
Get squid working first. Block access to tcp80,443 on LAN so that users are forced to use the proxy. Transparent mode sucks, so configure WPAD to let the clients find the proxy on their own. You can still filter HTTPS URLs without having to install a trusted cert on every client.
-
@KOM Thanks for the advice, I will try to do it !!
-
There are also a zillion YouTube tutorials and other guides on how to configure all of this. Have you seen this official video from Netgate?
-
@KOM thanks, I'll check !