Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SQuid Consult

    Scheduled Pinned Locked Moved
    pfSense Packages
    2
    4
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peruvichito2014
      last edited by

      Hi Gurus
      Let me explain my scenario (Network Diagram)
      Router (ISP)  <===>  Firewall PFsense <===> My Lan Segment
      In the PFsense I installed the the squid (Version 2.7.9 pkg v.4.3.4).
      The problem that I am finding is that This Proxy (Squid) only block web that use ports 80 (Like www.youtube.com) but not ports 443 (like www.facebook.com).
      The problem to filter all port 443 I am solved by apply a rule Like this:
      ![](http://Filter 443 by IP's)

      Well, let me know if exit an alternative to filter in base to group.
      For example Group 1 (permit traffic 80 and 443 to the following pages - Like banks, facebook, emails, www.youtube, etc the rest are blocks)
      Group 2 (permit traffic 80 and 443 to the pages of banks)
      Group 3 (some policy That I would considered)
      Also I would create some different another different

      Profile of user 1 ( User VIPs, acccess to all pages)
      Profile of user 2 (User which belong to Group 1)
      Profile of user 3 (User which belong to Group 2)
      ….............
      Profile of user n (User which belong to Group n)

      My version of firewall is:

      ![](http://Firewall Version)
      Also, exit any type the report where I can review (an extrat this data) and elaborate a Report to inform the top of Traffic that the user consume.

      I appreciate your comment /suggestion

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Squid's Transparent mode just slurps up all traffic on port 80.  If you want to filter HTTPS traffic, you can't use Squid in transparent mode.  You must manually reconfigure all your web clients to point to Squid.

        1 Reply Last reply Reply Quote 0
        • P
          peruvichito2014
          last edited by

          Hi KOM
          In this moment I don´t  using the transparent mode,
          In the "access control" option I write the following line: to filter

          www.elcomercio.com
          www.youtube.com
          .*
          .

          So my idea is to filter some type traffic that belong to the port 80 (TCP), and filter some URL that belong to 443 (TCP), also the idea every end of week I obtain a report of consume of all traffic

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            OK, from what I understand, Squid handling HTTPS traffic will only see the IP address and not the actual requested domain.  Other people's solution for blocking Facebook on HTTPS is getting their CIDR block, create an URL table alias and then using firewall rules to block access to the alias:

            https://forum.pfsense.org/index.php?topic=69860.0

            Check out the reply by Phil Davis.

            I think I may have read that Squid3 can handle HTTPS traffic, but it involves installing a certificate and essentially acting as the man in the middle, which might alert the web browser of an attack.  I haven't played with Squid3 so I can't say for sure.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post