SQuid Consult



  • Hi Gurus
    Let me explain my scenario (Network Diagram)
    Router (ISP)  <===>  Firewall PFsense <===> My Lan Segment
    In the PFsense I installed the the squid (Version 2.7.9 pkg v.4.3.4).
    The problem that I am finding is that This Proxy (Squid) only block web that use ports 80 (Like www.youtube.com) but not ports 443 (like www.facebook.com).
    The problem to filter all port 443 I am solved by apply a rule Like this:
    ![](http://Filter 443 by IP's)

    Well, let me know if exit an alternative to filter in base to group.
    For example Group 1 (permit traffic 80 and 443 to the following pages - Like banks, facebook, emails, www.youtube, etc the rest are blocks)
    Group 2 (permit traffic 80 and 443 to the pages of banks)
    Group 3 (some policy That I would considered)
    Also I would create some different another different

    Profile of user 1 ( User VIPs, acccess to all pages)
    Profile of user 2 (User which belong to Group 1)
    Profile of user 3 (User which belong to Group 2)
    ….............
    Profile of user n (User which belong to Group n)

    My version of firewall is:

    ![](http://Firewall Version)
    Also, exit any type the report where I can review (an extrat this data) and elaborate a Report to inform the top of Traffic that the user consume.

    I appreciate your comment /suggestion



  • Squid's Transparent mode just slurps up all traffic on port 80.  If you want to filter HTTPS traffic, you can't use Squid in transparent mode.  You must manually reconfigure all your web clients to point to Squid.



  • Hi KOM
    In this moment I don´t  using the transparent mode,
    In the "access control" option I write the following line: to filter

    www.elcomercio.com
    www.youtube.com
    .*
    .

    So my idea is to filter some type traffic that belong to the port 80 (TCP), and filter some URL that belong to 443 (TCP), also the idea every end of week I obtain a report of consume of all traffic



  • OK, from what I understand, Squid handling HTTPS traffic will only see the IP address and not the actual requested domain.  Other people's solution for blocking Facebook on HTTPS is getting their CIDR block, create an URL table alias and then using firewall rules to block access to the alias:

    https://forum.pfsense.org/index.php?topic=69860.0

    Check out the reply by Phil Davis.

    I think I may have read that Squid3 can handle HTTPS traffic, but it involves installing a certificate and essentially acting as the man in the middle, which might alert the web browser of an attack.  I haven't played with Squid3 so I can't say for sure.


Log in to reply