Web filter to block all but three domains?



  • I know squid can be used as a web filter, but are there any other packages I can use to whitelist only three domains and blacklist the rest.  It's a cashier's machine and they only need to access facebook, craigslist, and ebay.  Thanks.



  • With squidguard you can block all pages and just set these three pages you want to allow on a whitelist.

    That's pretty easy:
    Create a "Target Category" and add the three domains you like to allow
    On "Common ACL" set the default ACL to "Deny" and all others if there are some and only the "Target Category" ACL to "Whitelist".



  • can you run squid and squidguard on nanobsd? the forums seem like there are mixed reviews.



  • @newbieuser1234:

    can you run squid and squidguard on nanobsd? the forums seem like there are mixed reviews.

    Didn't use nanobsd but as far as I know it possible. Just disable HDD caching for squid - the rest should work.


  • Rebel Alliance Developer Netgate

    @newbieuser1234:

    can you run squid and squidguard on nanobsd? the forums seem like there are mixed reviews.

    Yes, with the following caveats:

    • You can't cache with squid - use a "null" disk cache type
    • You can't use blacklists with squidGuard, only custom target categories listing sites you type in
    • You can't do any user logging/reporting, as there isn't really enough space in the RAM disk to keep enough logs for it to be useful.

    I've used squid+squidGuard to do site control on ALIX units at remote sites for a couple years now and rarely have problems.



  • Hello,
    is it possible to use squidGuard with squid in transparent mode?
    I want to whitelist about 20 domains (some SSL) on an public wlan access point.
    I do not plan to log anything and the users should not have to enter normal proxy in their device.
    Thanks



  • @blueice_haller:

    Hello,
    is it possible to use squidGuard with squid in transparent mode?
    I want to whitelist about 20 domains (some SSL) on an public wlan access point.
    I do not plan to log anything and the users should not have to enter normal proxy in their device.
    Thanks

    Yes and No.
    SquidGuard can only block/allow what squid can filter. As you wrote you do not want to enter a proxy on the clients so this means you have to run squid in transparent mode. Transparent mode in general only works on http and so it will not work on SSL (https) with squid2.

    There is a new package - squid3-dev which is still in developement and this package allows you to run squid3 in transparent mode for http and https sites. But this will still bring up certificate warning on the clients browser. So it would work but could make the users nervous.

    So if I understand you correct you just want to allow around 20 webpages. This can be done with firewall rules and aliases.
    You have to go to FIREWALL –> Alias and then create a "Host" alias. enter all domains you want to allow (e.g.: google.com). Make sure you also enter the subdomains (e.g.: maps.google.com) if you want to allow them.

    Then go to your firewall rules and put this alias as "destination IP" and as destination ports use 80 and 443. If this is the only rule for web traffic then your users can only visit these sites and you do not need to use squid and squidguard.



  • While using squid3-dev for ssl filtering, you must install pfsense ca certificate for all client browsers to avoid ssl error messages.


Log in to reply