Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    squidGuard: allowlist and subdomains

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 794 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrIT
      last edited by MrIT

      Hi everyone,

      I am still struggeling with our squidGuard setup at our school.

      The plan: Only allow certain websites for our students and deny all others.

      The implementation: For every website/service I want to allow, I've added a target category and specified all (known) domains in the "Domain List". I also added a Group ACL for our students network. I set all target categories to "whitelist" and set "Default Access [all]" to "deny".

      075f3bc7-28ca-4a74-8ca8-62ded467804c-image.png
      ....

      0ab8ec8b-2c33-4e70-8f89-59cf04ffd7f9-image.png

      It works quite well, except I do not quite understand how this setup handles subdomains.

      My investigation: when I added "apple.com" to the domain list of a target category, "itunes.apple.com" is blocked. But for our school domain, I only added "hgg-broich.de" and no subdomain is blocked (like foo.hgg-broich.de).

      So my question is: how does squidGuard handle subdomains in my "deny all but..." setup? And my followup question: how can I make subdomains work?

      Regards
      Marcel

      M 1 Reply Last reply Reply Quote 0
      • M
        MrIT @MrIT
        last edited by

        @mrit
        Okay, figured it out myself (and with the help of the WayBackMachine). Turns out, subdomains are only included for a domain if the domain is the only entry in the domain list.

        So makes it very hard for me, to also add subdomains (as wildcard) to my allowlist. Maybe it works using regular expressions...

        Source: https://web.archive.org/web/20210727190453/http://www.squidguard.org/Doc/aboutblocking.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.