Prevent proxy / DNS filter bypass - whitelist domains

  • Hi,

    I need to limit the access of some PCs to the internet in a way that they can only access certain websites. (I think) I can't do it based on IP address since they change rather often and I'd need to whitelist probably half the cloud making the setup rather pointless. With squid I can limit access but afaik you can still bypass the proxy by connecting directly to an IP. The same is true for DNS filters.
    My current setup is a pfsense router running squid and doing DNS over TLS.
    Is there any way to prevent bypassing the filter? Or can pf adjust the rules so that during a dns lookup resolves to e.g. which then gets automatically allowed?

  • Netgate Administrator

    If you are forcing all traffic through Squid/Squidguard you can block IPs in the request directly. There is an option for that.


  • Found it, thx.
    I have a similar problem still. When I go to a website, the site itself might fetch scripts etc from other domains which would need to be whitelisted, too. Doing that manually is a hassle in particular when the external resources are fetched through while the other day it is Can squid whitelist a whole website?

Log in to reply