Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block all site except some with Squid?

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 3 Posters 14.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bczeon27
      last edited by

      Hi,

      I am new to PFSense.  I am looking to block all the HTTP access in the local lan network with some exception.  (Whitelist)

      I read some where that I can change the squid.conf using an acl like

      
      acl whitelist dstdomain "/etc/squid/whitelist"
      http_access deny !whitelist
      
      

      How do I access the squid.conf in PFSense

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Install squidGuard and use it to limit site access. With that you can define a list of sites under Destinations that are good, and deny access to all others

        And you can also set ACLs such that a person or group can get to a different set of sites, or no sites at all, basically whatever you want.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          jigpe
          last edited by

          Is it possible to block HTTPS in squidguard?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            As I told you in the other thread where you asked, only if you program the proxy settings into the clients. You cannot filter HTTPS transparently.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • B
              bczeon27
              last edited by

              Thank you! Jimp.

              I tried it out.  It works.

              Another questions, can I define a specific white list per individual MAC or IP address?

              Scenario would be,
              Allow Computer A to only access amazon.com
              Allow Computer B to only access google.com

              Thanks!

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Yes, if you use squidguard you can make an ACL that matches a specific IP or set of IPs, and then a destination list that you can allow or deny them access to.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • B
                  bczeon27
                  last edited by

                  Wow, Jimp.  Thanks!

                  I know this is off the topic.  I got the pfsense book.  But, I want to know more about secure networking.  Do you recommend any book that teaches networks infrastructure and security?

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    @bczeon27:

                    I know this is off the topic.  I got the pfsense book.  But, I want to know more about secure networking.  Do you recommend any book that teaches networks infrastructure and security?

                    Nothing comes to mind, really. There are lots of books out there, but none jump out at me for that. You might start a new thread under "general discussion" to ask everyone.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.