Squidguard Web Filter Issues
-
You are sure what you clients browse sites via proxy ?
Define proxy directly in clients browser and check access again. -
I guess I'm not sure, to be honest.
I wanted it sat up so the users didn't have to do anything, such as type in a proxy address. Won't they have to do it everytime they log in or something? The users at my job are NOT technically inclined AT ALL. I'm starting to feel as though I don't know enough to set this up.
What do I need to do to understand this properly? Is it even going to be possible to get this working at this point with my level of understanding?
-
I guess I'm not sure, to be honest.
I wanted it sat up so the users didn't have to do anything, such as type in a proxy address. Won't they have to do it everytime they log in or something? The users at my job are NOT technically inclined AT ALL. I'm starting to feel as though I don't know enough to set this up.
What do I need to do to understand this properly? Is it even going to be possible to get this working at this point with my level of understanding?
Now the question of efficiency filter. Please do as I wrote above, and check his work.
-
Okay.. I tried this but I'm still doing something wrong.
I'm not sure if I have the wrong proxy address or the wrong port.. I thought I entered the port I chose the proxy to listen to (3128) but that didn't work. Nor did port 8080 or 80. I must have the proxy address wrong. But if that isn't right I guess I don't know how else to find it.
Unless my proxy filter settings are somehow messed up?
I tried manually configuring the proxy in Mozilla Firefox.. and after I applied it no matter what site I chose, it wouldn't connect to any of them. At the bottom of the browser it just said "Connecting to ______.com" and then it would time out. :(
Sorry for being so inexperienced. I'm glad you folks are willing to push me in the right direction.
-
It is possible to see a screenshot of the settings of your proxy squid ? (pfsense - proxy's first page)
-
Certainly!
-
Here's the second part.
.png)
-
You have to check "Allow users on interface" so that the clients on you LAN interface are able to use the proxy.
Further you have checked "transparent proxy". This is okay. In this case you do not have to enter any proxy setting in your clients browser.
-
Okay. So now I have users allowed to interface and it is partially working.. but it is blocking all websites again, for all users. Not just the limited workstations.
I followed all previous directions and thought this would get everything. I can tell it's going in the right direction so I must have proxy filter sat up wrong somehow.. also, is there anythiing I need to do in the access control tab?
If I attach more screen shots would you be able to tell me what I'm doing wrong?
-
You could post screens of Target categories, group acl and common acl.
But I think, if all users get blocked, you have to go to "Common ACL" and check "allow" there for any target rules.
-
Here you go. Hope these help.
-
Group ACL
-
Target categories
-
Hi,
in "Common ACL" and "Group ACL" it would be necessary to see what is in "Target Rules List (click here)"
Further in "Groups ACL": Why did you enter every single IP in Client (source) ? Why didn't you just enter a hole subnet 192.168..40.0/24 ?
"Target Categories"…...you haven't entered anything there. This makes no sense. Either you enter the sites you want to ALLOW or you enter the sites you want to block.
What do you want to realize ?
What should the hosts you entered in "Group ACL" shoul do ?
Do you just want to block same sites like porn or something else or do you want that everything of the internet is blocked except some sites ? -
Sorry.. that was a bad screen shot. I do have stuff entered in the target categories. here is a better one.
There is only 1 subnet at my company. I entered individual clients as a way to separate restricted workstations from admin workstations.
What I want to happen is this: restricted workstations have EVERYTHING blocked except a few websites which are needed to do their job. Everything else must be blocked. I.e personal email, facebook, youtube, porn, etc etc. Which is why I want it all blocked by default for those certain workstations. Does that make sense? I hope this screenshot clears up some confusion.
-
okay.
I think there is a mistake in the "Expressions" block.
Expressions are - that's the way I understand it - if an URL contains a word of this. For example if the expression is:.porn.
This means every URL with the word "porn" in front, at the end or somewhere in the middle is blocked:
www.XYZporn.com
www.pornXYZ.com
www.ABCpornXYZ.comYou have to put your IPs and URLs in the block "Domain list".
The text above explains it. Just enter there:google.com 12.23.34.45 12.12.34.34 34.34.34.34 example.com amazon.comPS: If you are using IPs, you must be sure, that you didn't check the box "Do not allow IP addresses in URLs".
It is better to use domain names in the "domain list" so the IP behind this domain can change and you do not need to change this from time to time in SquidGuard. If it is not possible to use domain names, then remember the checkbox with "Do not allow IP addresses in URLs"To your question if this make sense:
Yes it does. I am doing this the same way. -
Sorry for the delayed reply.. haven't been into work for a few days, have been terribly sick with mono.
Anyway, I tried your suggestion of instead of having expressions, having all the domains I want to whitelist instead. Now instead of them all getting blocked on all workstations, it isn't blocking anything at all!
Should I post screen shots again? I really don't understand what I'm missing at this point.
-
Sure, you can post again all tabs of SquidGuard.
But you want to realize the same as I am doing and I posted all necessary options in my screenshots. Perhaps you are missing one little checkbox ;-)
Further, after changing anything in SquidGuard, are you applying "Save" and after this "Apply" on the first tab of SquidGuard ? This is neccessary for a working proxy filter!
-
Okay. Here are the updated screenshots. I hope you can help.
Filter is working perfectly on limited workstations but it isn't allowing all access to admin workstations.
-
Another
