SQUIDGUARD NOT BLOCKING PORN VIA BLACKLIST (SHALLALIST)
-
Hi experts, I have configurated a PfSense Firewall from the scratch on my HyperV enviromment, averting was going well, I had configurated many options, such as DHCP, SSL Certificates, etc. The most important thing in my scenario to get to work is the restrictions to access certains web contents (e.g. porn, gambling, drugs, etc.). I start to block porn, I installed Squid Proxy Server and SquidGuard Proxy Filter, as I saw in many tutorials and videos, I configured proxy filter with blacklist option, the list I obtained from Shallalist. However, blocking is working for some porn sites and is not working for others (the majority by the way). How can I block all porn contents and web sites that contains porn? Bellow my proxy server and proxy filter configuration:
SQUID PROXY SERVER:
Enable Squid Proxy: CHECKED
Keep Settings/Data: CHECKED
Proxy Interface: LAN
Port Proxy: 3128
Allow Users on Interface: CHECKED
Transparent HTTP Proxy: CHECKED
Transparent Proxy Interface: LAN
Enable Access Logging: CHECKED
ALL OTHERS OPTIONS ARE DEFAULT.SQUIDGUARD PROXY FILTER:
GENERAL OPTIONS:
Enable: CHECKED
Apply button: CLICKED
Enable GUI Log: CHECKED
Blacklist: CHECKED
Blacklist URL: Shallaist tar.gz package URL address (not permited to copy in this post)COMMOM ACL OPTIONS:
Target Rules List: [blk_BL_porn] -> DENY , Default access [all] -> ALLOW, All others entries are default.
Do not allow IP-Adresses in URL: CHECKED
Redirect Mode: int error page
Use SafeSearch Engine: CHECKED
Rewrite: none
Log: CHECKEDBLACKLIST OPTION:
Blacklist succesfully downloaded and installed.ALL OTHERS OPTIONS ARE DEFAULT.
-
From that list of settings it looks like you're not filtering https. Is it only blocking http sites?
Steve
-
Hi Stephenw10, thaks for the reply, how and where can I check that?
-
It's in the main Squid setup just below the http settings. You probably want 'splice all' if you are trying to do this transparently.
-
Thanks, but did not find any option for HTTPS filtering in Squid Server general options, the only option I found is "HTTPS/SSL Interception", which when I check, just stop to browse in any HTTPS web site.
-
Yup, because it's not setup correctly. You are probably trying to bump all without loading the CA onto all your clients so you just see a cert error.
See the complete walkthrough here: https://youtu.be/xm_wEezrWf4?t=636Steve
