Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Blocking entire TLDs (.xxx and .sex) with pfSense+Squid+SquidGuard

General pfSense Questions

2 Posts 2 Posters 2.1k Views

Log in to reply

N Offline

NetVicious
last edited by
Hi!

I'm trying to block that two entire TLDs within SquidGuard but I cannot put .xxx or xxx on the Target Categories / Domain List of a Denied target. It returns one error saying .xxx it's not a domain.

I can use regex of course, I tried:
- http://..xxx/. - nothing
- ..xxx/. - nothing
I set .xxx/ only but it blocks sites like http://www.yoursite.com/item.php?something**.xxx/**

Any tip ?
..//\/ e t . \/ i c i o u s ..
1 Reply Last reply
Reply Quote 0

heper

would stopping them to resolve work?

you could use dns resolver wildcards to make entire TLD's resolve to localhost …
advanced section in "services-->resolver'


server:
local-zone: "xxx" redirect
local-data: "xxx 3600 IN A 127.0.0.1"

result on client pc:


heper@i7 ~ $ nslookup  hornytube.xxx     <---BEFORE
Server:         10.0.0.1
Address:        10.0.0.1#53

Non-authoritative answer:
Name:   hornytube.xxx
Address: 87.250.153.105


heper@i7 ~ $ nslookup  hornytube.xxx     <---- AFTER
Server:         10.0.0.1
Address:        10.0.0.1#53

Name:   hornytube.xxx
Address: 127.0.0.1


heper@i7 ~ $ nslookup  pfsenseresolver.xxx
Server:         10.0.0.1
Address:        10.0.0.1#53
Name:   pfsenseresolver.xxx
Address: 127.0.0.1

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1