SQUIDGUARD NOT BLOCKING PORN VIA BLACKLIST (SHALLALIST)



  • Hi experts, I have configurated a PfSense Firewall from the scratch on my HyperV enviromment, averting was going well, I had configurated many options, such as DHCP, SSL Certificates, etc. The most important thing in my scenario to get to work is the restrictions to access certains web contents (e.g. porn, gambling, drugs, etc.). I start to block porn, I installed Squid Proxy Server and SquidGuard Proxy Filter, as I saw in many tutorials and videos, I configured proxy filter with blacklist option, the list I obtained from Shallalist. However, blocking is working for some porn sites and is not working for others (the majority by the way). How can I block all porn contents and web sites that contains porn? Bellow my proxy server and proxy filter configuration:

    SQUID PROXY SERVER:
    Enable Squid Proxy: CHECKED
    Keep Settings/Data: CHECKED
    Proxy Interface: LAN
    Port Proxy: 3128
    Allow Users on Interface: CHECKED
    Transparent HTTP Proxy: CHECKED
    Transparent Proxy Interface: LAN
    Enable Access Logging: CHECKED
    ALL OTHERS OPTIONS ARE DEFAULT.

    SQUIDGUARD PROXY FILTER:
    GENERAL OPTIONS:
    Enable: CHECKED
    Apply button: CLICKED
    Enable GUI Log: CHECKED
    Blacklist: CHECKED
    Blacklist URL: Shallaist tar.gz package URL address (not permited to copy in this post)

    COMMOM ACL OPTIONS:
    Target Rules List: [blk_BL_porn] -> DENY , Default access [all] -> ALLOW, All others entries are default.
    Do not allow IP-Adresses in URL: CHECKED
    Redirect Mode: int error page
    Use SafeSearch Engine: CHECKED
    Rewrite: none
    Log: CHECKED

    BLACKLIST OPTION:
    Blacklist succesfully downloaded and installed.

    ALL OTHERS OPTIONS ARE DEFAULT.


  • Netgate Administrator

    From that list of settings it looks like you're not filtering https. Is it only blocking http sites?

    Steve



  • Hi Stephenw10, thaks for the reply, how and where can I check that?


  • Netgate Administrator

    It's in the main Squid setup just below the http settings. You probably want 'splice all' if you are trying to do this transparently.



  • Thanks, but did not find any option for HTTPS filtering in Squid Server general options, the only option I found is "HTTPS/SSL Interception", which when I check, just stop to browse in any HTTPS web site.


  • Netgate Administrator

    Yup, because it's not setup correctly. You are probably trying to bump all without loading the CA onto all your clients so you just see a cert error.
    See the complete walkthrough here: https://youtu.be/xm_wEezrWf4?t=636

    Steve


Log in to reply