Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to disable http (web) access with SQUID installed.

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 5 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AndreasP
      last edited by

      Hello

      I just installed PFSENSE last night and its great. I believe to have everything setup, except I'm having one issue.

      I installed squid with the content filter.  I setup my time restrictions, and that is working.  I tested the web surfing on the PC's  everything works.

      But my problem is if you remove the proxy info in the web browser, you will then have full internet access.

      I have this setup at home, to keep my teenage son up all night surfing "the web".  But he figures out,  or a buddy tells him to remove that info, he will have access to internet 24x7.  So is there a way to stop that and all web browsing has to go through squid?  I know the transparent option forces all browsing that way. but then I can not use user accounts and time restrictions.

      Any help would be greatly appreciated.

      Andreas

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        You have 2 choices:

        1. Block all outbound traffic by default and only allows access to the destination ports you want - not including port 80/TCP and 443/TCP - this is the better choice
        2. Block port 80/TCP and 443/TCP
        1 Reply Last reply Reply Quote 0
        • L
          linch
          last edited by

          So here is how you can make it :):

          Block all outbound access from the internal LAN to external world. Allow only from Internal lan –> to the LAN interface of the PFSense.
          This way you will actually allow only the requests to the Proxy - and without the proxy involved - no Internet ;). The only issue you will have to resolve is with the DNS queries... but as it was mentioned in the upper post - just block the HTP/HTTPS from LAN net to external nets.

          I hope this will help you (and will help me - when my son grows enough to workaround my restrictions ;)).

          1 Reply Last reply Reply Quote 0
          • S
            Supermule Banned
            last edited by

            Put your son on fixed DHCP lease, sp the same mac, gets the same IP no matter what. Then you can run schedules to make him go to bed.

            Much easier…. So when the block begins, he gets thrown of the net.

            1 Reply Last reply Reply Quote 0
            • E
              Eugene
              last edited by

              Donate your son's computer and find a girl-friend for him ;)

              http://ru.doc.pfsense.org

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.