Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SQUIDGUARD NOT BLOCKING PORN VIA BLACKLIST (SHALLALIST)

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      antoniojf
      last edited by antoniojf

      Hi experts, I have configurated a PfSense Firewall from the scratch on my HyperV enviromment, averting was going well, I had configurated many options, such as DHCP, SSL Certificates, etc. The most important thing in my scenario to get to work is the restrictions to access certains web contents (e.g. porn, gambling, drugs, etc.). I start to block porn, I installed Squid Proxy Server and SquidGuard Proxy Filter, as I saw in many tutorials and videos, I configured proxy filter with blacklist option, the list I obtained from Shallalist. However, blocking is working for some porn sites and is not working for others (the majority by the way). How can I block all porn contents and web sites that contains porn? Bellow my proxy server and proxy filter configuration:

      SQUID PROXY SERVER:
      Enable Squid Proxy: CHECKED
      Keep Settings/Data: CHECKED
      Proxy Interface: LAN
      Port Proxy: 3128
      Allow Users on Interface: CHECKED
      Transparent HTTP Proxy: CHECKED
      Transparent Proxy Interface: LAN
      Enable Access Logging: CHECKED
      ALL OTHERS OPTIONS ARE DEFAULT.

      SQUIDGUARD PROXY FILTER:
      GENERAL OPTIONS:
      Enable: CHECKED
      Apply button: CLICKED
      Enable GUI Log: CHECKED
      Blacklist: CHECKED
      Blacklist URL: Shallaist tar.gz package URL address (not permited to copy in this post)

      COMMOM ACL OPTIONS:
      Target Rules List: [blk_BL_porn] -> DENY , Default access [all] -> ALLOW, All others entries are default.
      Do not allow IP-Adresses in URL: CHECKED
      Redirect Mode: int error page
      Use SafeSearch Engine: CHECKED
      Rewrite: none
      Log: CHECKED

      BLACKLIST OPTION:
      Blacklist succesfully downloaded and installed.

      ALL OTHERS OPTIONS ARE DEFAULT.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        From that list of settings it looks like you're not filtering https. Is it only blocking http sites?

        Steve

        1 Reply Last reply Reply Quote 0
        • A
          antoniojf
          last edited by

          Hi Stephenw10, thaks for the reply, how and where can I check that?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            It's in the main Squid setup just below the http settings. You probably want 'splice all' if you are trying to do this transparently.

            1 Reply Last reply Reply Quote 0
            • A
              antoniojf
              last edited by

              Thanks, but did not find any option for HTTPS filtering in Squid Server general options, the only option I found is "HTTPS/SSL Interception", which when I check, just stop to browse in any HTTPS web site.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Yup, because it's not setup correctly. You are probably trying to bump all without loading the CA onto all your clients so you just see a cert error.
                See the complete walkthrough here: https://youtu.be/xm_wEezrWf4?t=636

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.