How can i make website or link skip squidguard



  • how can i Exclud a website or url from squidguard

    I worked under a certain manual
    And some sites were blocked

    And it is correctly

    But there is one site that I do want to access it
    How do I take it from the list of blocked
    But leaves the rest of the sites

    I tried to add a site to white list
    after i read here http://hubpages.com/hub/URL-Filtering-How-To-Configure-SquidGuard-in-pfSense
    Part of "Excluding URLs from the Blacklist"
    But I'm probably missing something

    how do i do that ?

    Additional

    There is a computer on the local network
    I do not want to pass through squidguard
    It's my sister's work computer
    It has a vpn
    And it stopped working
    She gets a message
    The connection is not secure and maybe someone listening

    ![home.plex - Proxy filter SquidGuard Target categories Edit - 2015-03-16_18.33.18.png](/public/imported_attachments/1/home.plex - Proxy filter SquidGuard Target categories Edit - 2015-03-16_18.33.18.png)
    ![home.plex - Proxy filter SquidGuard Target categories Edit - 2015-03-16_18.33.18.png_thumb](/public/imported_attachments/1/home.plex - Proxy filter SquidGuard Target categories Edit - 2015-03-16_18.33.18.png_thumb)
    ![home.plex - Proxy filter SquidGuard Common Access Control List (ACL) - 2015-03-16_18.33.43.png](/public/imported_attachments/1/home.plex - Proxy filter SquidGuard Common Access Control List (ACL) - 2015-03-16_18.33.43.png)
    ![home.plex - Proxy filter SquidGuard Common Access Control List (ACL) - 2015-03-16_18.33.43.png_thumb](/public/imported_attachments/1/home.plex - Proxy filter SquidGuard Common Access Control List (ACL) - 2015-03-16_18.33.43.png_thumb)



  • I prefer to use the Group ACL to manage exceptions.  Create a new Group ACL.  Add your IP address (or whomever's) to it and set its access restrictions to whatever you want, or none at all.  The Group ACL will override the Common ACL.

    Anyone using your proxy in transparent mode for HTTPS will get browser warnings.  The only way to avoid that is to install a pfSense certificate in your browser's certificate store (which is a pain) or use Squid in standard mode (not transparent) & WPAD to enable auto-discovery of your Squid proxy.  WPAD is the better method.



  • Settings I did before
    Started to work
    Without me touching anything
    Probably forgot to click Save or Apply button

    I prefer to use the Group ACL to manage exceptions.

    What are the differences between them ?

    Anyone using your proxy in transparent mode for HTTPS will get browser warnings.  The only way to avoid that is to install a pfSense certificate in your browser's certificate store (which is a pain) or use Squid in standard mode (not transparent) & WPAD to enable auto-discovery of your Squid proxy.  WPAD is the better method.

    You have already tried to help me https://forum.pfsense.org/index.php?topic=89539.0
    But without success
    I do not know why
    But only my sister's computer have problems

    she has a home computer with windows xp – The problem appears randomly
    And work laptop with windows 7 -- also The problem appears randomly - and vpn Is blocked
    i Excluded her work computer with common acl rule and it work all problem are gone
    I can do it Also with home computer
    But I want to know why this is happening

    Do squidguard Influences On the certificates ?
    Before I installed squidguard I only had squid in transparent mode And everything worked without any problems
    And it is only in two of these computers



  • What are the differences between them ?

    Flexibility.  With whitelists and blacklists, it's all or nothing.  ACLs allow you to customize access.

    But only my sister's computer have problems

    Are her systems up to date for patches and browser versions?  Windows XP???  I do not recommend running Squid in transparent mode.  Use standard mode with WPAD to direct your clients to the proxy.  Then you can filter HTTPS without worrying about installing certificates.



  • I do not recommend running Squid in transparent mode.

    What happens in squid in transparent mode
    that Does not happen in non transparent mode ?
    What are the differences

    I have three sites
    I created for them aliases (adobe,ubuntu update,and one more) And are listed here

    Bypass proxy for these source IPs
    Bypass proxy for these destination IPs
    

    They did not work until I did it
    This is why I marked transparent mode (So that I can list them empty rows)

    Use standard mode with WPAD to direct your clients to the proxy

    English This is not my native language
    I want to know if I understood correctly What I read

    What this actually means
    Instead of listing on each computer details of squid
    I create this file Put it in pfsense
    And computers identify squid alone without any settings ?

    Are her systems up to date for patches and browser versions?

    the computer with xp Was missing six updates Beyond that is up to date
    the laptop with win7 is up to date
    She uses both with chrome



  • What happens in squid in transparent mode

    In transparent mode, your browser will show an error because the site that it is indirectly connecting to doesn't match the certificate.

    What this actually means
    Instead of listing on each computer details of squid
    I create this file Put it in pfsense
    And computers identify squid alone without any settings ?

    Yes.  However, the web sever hosting the wpad.dat file has to be HTTP, not HTTPS.  You can use the pfSense web server if you have it set to use WebGUI via HTTP.  Otherwise, you will have to have another web server to host the file that is HTTP.


Log in to reply