Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Web filter to block all but three domains?

    Scheduled Pinned Locked Moved pfSense Packages
    8 Posts 5 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newbieuser1234
      last edited by

      I know squid can be used as a web filter, but are there any other packages I can use to whitelist only three domains and blacklist the rest.  It's a cashier's machine and they only need to access facebook, craigslist, and ebay.  Thanks.

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        With squidguard you can block all pages and just set these three pages you want to allow on a whitelist.

        That's pretty easy:
        Create a "Target Category" and add the three domains you like to allow
        On "Common ACL" set the default ACL to "Deny" and all others if there are some and only the "Target Category" ACL to "Whitelist".

        1 Reply Last reply Reply Quote 0
        • N
          newbieuser1234
          last edited by

          can you run squid and squidguard on nanobsd? the forums seem like there are mixed reviews.

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            @newbieuser1234:

            can you run squid and squidguard on nanobsd? the forums seem like there are mixed reviews.

            Didn't use nanobsd but as far as I know it possible. Just disable HDD caching for squid - the rest should work.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              @newbieuser1234:

              can you run squid and squidguard on nanobsd? the forums seem like there are mixed reviews.

              Yes, with the following caveats:

              • You can't cache with squid - use a "null" disk cache type
              • You can't use blacklists with squidGuard, only custom target categories listing sites you type in
              • You can't do any user logging/reporting, as there isn't really enough space in the RAM disk to keep enough logs for it to be useful.

              I've used squid+squidGuard to do site control on ALIX units at remote sites for a couple years now and rarely have problems.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • B
                blueice_haller
                last edited by

                Hello,
                is it possible to use squidGuard with squid in transparent mode?
                I want to whitelist about 20 domains (some SSL) on an public wlan access point.
                I do not plan to log anything and the users should not have to enter normal proxy in their device.
                Thanks

                1 Reply Last reply Reply Quote 0
                • N
                  Nachtfalke
                  last edited by

                  @blueice_haller:

                  Hello,
                  is it possible to use squidGuard with squid in transparent mode?
                  I want to whitelist about 20 domains (some SSL) on an public wlan access point.
                  I do not plan to log anything and the users should not have to enter normal proxy in their device.
                  Thanks

                  Yes and No.
                  SquidGuard can only block/allow what squid can filter. As you wrote you do not want to enter a proxy on the clients so this means you have to run squid in transparent mode. Transparent mode in general only works on http and so it will not work on SSL (https) with squid2.

                  There is a new package - squid3-dev which is still in developement and this package allows you to run squid3 in transparent mode for http and https sites. But this will still bring up certificate warning on the clients browser. So it would work but could make the users nervous.

                  So if I understand you correct you just want to allow around 20 webpages. This can be done with firewall rules and aliases.
                  You have to go to FIREWALL –> Alias and then create a "Host" alias. enter all domains you want to allow (e.g.: google.com). Make sure you also enter the subdomains (e.g.: maps.google.com) if you want to allow them.

                  Then go to your firewall rules and put this alias as "destination IP" and as destination ports use 80 and 443. If this is the only rule for web traffic then your users can only visit these sites and you do not need to use squid and squidguard.

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    While using squid3-dev for ssl filtering, you must install pfsense ca certificate for all client browsers to avoid ssl error messages.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.