How to disable http (web) access with SQUID installed.



  • Hello

    I just installed PFSENSE last night and its great. I believe to have everything setup, except I'm having one issue.

    I installed squid with the content filter.  I setup my time restrictions, and that is working.  I tested the web surfing on the PC's  everything works.

    But my problem is if you remove the proxy info in the web browser, you will then have full internet access.

    I have this setup at home, to keep my teenage son up all night surfing "the web".  But he figures out,  or a buddy tells him to remove that info, he will have access to internet 24x7.  So is there a way to stop that and all web browsing has to go through squid?  I know the transparent option forces all browsing that way. but then I can not use user accounts and time restrictions.

    Any help would be greatly appreciated.

    Andreas



  • You have 2 choices:

    1. Block all outbound traffic by default and only allows access to the destination ports you want - not including port 80/TCP and 443/TCP - this is the better choice
    2. Block port 80/TCP and 443/TCP


  • So here is how you can make it :):

    Block all outbound access from the internal LAN to external world. Allow only from Internal lan –> to the LAN interface of the PFSense.
    This way you will actually allow only the requests to the Proxy - and without the proxy involved - no Internet ;). The only issue you will have to resolve is with the DNS queries... but as it was mentioned in the upper post - just block the HTP/HTTPS from LAN net to external nets.

    I hope this will help you (and will help me - when my son grows enough to workaround my restrictions ;)).


  • Banned

    Put your son on fixed DHCP lease, sp the same mac, gets the same IP no matter what. Then you can run schedules to make him go to bed.

    Much easier…. So when the block begins, he gets thrown of the net.



  • Donate your son's computer and find a girl-friend for him ;)


Log in to reply