Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid & Squidguard

    pfSense Packages
    3
    3
    2194
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krkec last edited by

      Hi

      I want to prevent users of my network to go to specific web sites. I instaled Squid & Squidguard and configured them to block for example www.iskon.hr but it want block. 
      In squidgard  log i see this: 09.06.2012 07:26:54 10.10.6.1/- http://www.iskon.hr/extension/ez_iskon/design/iskon4/images/btn/odgovori.png Request(default/zabrana/-) - GET REDIRECT

      This is my proxy filter configuration:

      ============================================================

      SquidGuard configuration file

      This file generated automaticly with SquidGuard configurator

      (C)2006 Serg Dvoriancev

      email: dv_serg@mail.ru

      ============================================================

      logdir /var/squidGuard/log
      dbhome /var/db/squidGuard

      dest zabrana {
      domainlist zabrana/domains
      expressionlist zabrana/expressions
      redirect www.bug.hr&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
      log block.log
      }

      rew safesearch {
      s@(google../search?.q=.)@&safe=active@i
      s@(google..
      /images.q=.)@&safe=active@i
      s@(google../groups.q=.)@&safe=active@i
      s@(google..
      /news.q=.)@&safe=active@i
      s@(yandex../yandsearch?.text=.)@&fyandex=1@i
      s@(search.yahoo..
      /search.p=.)@&vm=r&v=1@i
      s@(search.live../.q=.)@&adlt=strict@i
      s@(search.msn..
      /.q=.)@&adlt=strict@i
      s@(.bing..*/.q=.)@&adlt=strict@i
      log block.log
      }

      acl  {

      default  {
      pass !in-addr !zabrana all
      redirect www.inp.hr
      rewrite safesearch
      log block.log
      }
      }

      this is my proxy server config

      Do not edit manually !

      http_port 10.10.10.10:3128
      http_port 127.0.0.1:3128 transparent
      icp_port 0

      pid_filename /var/run/squid.pid
      cache_effective_user proxy
      cache_effective_group proxy
      error_directory /usr/local/etc/squid/errors/English
      icon_directory /usr/local/etc/squid/icons
      visible_hostname localhost
      cache_mgr admin@localhost
      access_log /var/squid/logs/access.log
      cache_log /var/squid/logs/cache.log
      cache_store_log none
      logfile_rotate 0
      shutdown_lifetime 3 seconds
      uri_whitespace strip

      cache_mem 8 MB
      maximum_object_size_in_memory 32 KB
      memory_replacement_policy heap GDSF
      cache_replacement_policy heap LFUDA
      cache_dir ufs /var/squid/cache 100 16 256
      minimum_object_size 0 KB
      maximum_object_size 10 KB
      offline_mode off

      No redirector configured

      Setup some default acls

      acl all src 0.0.0.0/0.0.0.0
      acl localhost src 127.0.0.1/255.255.255.255
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
      acl sslports port 443 563 
      acl manager proto cache_object
      acl purge method PURGE
      acl connect method CONNECT
      acl dynamic urlpath_regex cgi-bin ?
      cache deny dynamic
      http_access allow manager localhost

      http_access deny manager
      http_access allow purge localhost
      http_access deny purge
      http_access deny !safeports
      http_access deny CONNECT !sslports

      Always allow localhost connections

      http_access allow localhost

      request_body_max_size 0 KB
      reply_body_max_size 0 deny all
      delay_pools 1
      delay_class 1 2
      delay_parameters 1 -1/-1 -1/-1
      delay_initial_bucket_level 100
      delay_access 1 allow all

      Custom options

      redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
      redirector_bypass on
      redirect_children 3

      Setup allowed acls

      Default block all to be sure

      http_access deny all

      Please help!!!!!

      1 Reply Last reply Reply Quote 0
      • P
        pierref last edited by

        Hello krkec

        Did you solve your problem?

        Pierre

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke last edited by

          Could you post screenshots of your
          Common ACL (targets open)
          Group ACL (targets open)
          The target you created

          squid can only block http websites when in transparent mode.
          for https you need squid in non-transparent mode.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post