Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block EXE downloads for one group of users but not another?

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      getut
      last edited by

      Hello… brand new pfsense user here.

      I am trying to find a way to split my users into 2 groups. One highly restricted with no application or zip file downloads and another mainly unshackled. I've got the category based filtering working fine for this purpose but am down now to just the file blocking portion that I need to implement.

      I am in non-transparent proxy mode and I am using the captive portal tied to windows active directory radius method of authentication. I am aware of regex blocking in squid, but that would seem to block for everyone. I only need to do this for authenticated subgroups of users. Please help me.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Use squidGuard. With squidGuard you can setup ACLs, and have certain actions ("Destinations") apply to only certain groups.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • G
          getut
          last edited by

          @jimp:

          Use squidGuard. With squidGuard you can setup ACLs, and have certain actions ("Destinations") apply to only certain groups.

          Would you be meaning using the target categories tab? That is the only place I see where anything like regexes can be used. I'm already using squidguard for category based filtering, but didn't know it could also be used for custom file extension etc.

          I'm going to dig through as much squidguard docs as I can find. If you know of any in particular that describe how to use squidguard for this purpose please post them. Meanwhile I'll be searching myself.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            There are several other threads here on this forum about blocking extensions with squidguard, proper regexes to do it, etc. Some searching should turn them up.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • G
              getut
              last edited by

              @jimp:

              There are several other threads here on this forum about blocking extensions with squidguard, proper regexes to do it, etc. Some searching should turn them up.

              Ok.. I'll look again. I had searched and found more than I could shake a stick at but the ones I found I must have misunderstood or not read deeply enough, but they seemed to be all or none regex blocking. But I'll admit I'm coming from a Bluecoat environment though, so I am probably scanning the threads looking for something similar to how it was done there and missing things.

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                @getut:

                @jimp:

                There are several other threads here on this forum about blocking extensions with squidguard, proper regexes to do it, etc. Some searching should turn them up.

                Ok.. I'll look again. I had searched and found more than I could shake a stick at but the ones I found I must have misunderstood or not read deeply enough, but they seemed to be all or none regex blocking. But I'll admit I'm coming from a Bluecoat environment though, so I am probably scanning the threads looking for something similar to how it was done there and missing things.

                http://diskatel.narod.ru/sgquick.htm

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.