How can i make website or link skip squidguard

firefox · Mar 16, 2015, 4:54 PM

how can i Exclud a website or url from squidguard

I worked under a certain manual
And some sites were blocked

And it is correctly

But there is one site that I do want to access it
How do I take it from the list of blocked
But leaves the rest of the sites

I tried to add a site to white list
after i read here http://hubpages.com/hub/URL-Filtering-How-To-Configure-SquidGuard-in-pfSense
Part of "Excluding URLs from the Blacklist"
But I'm probably missing something

how do i do that ?

Additional

There is a computer on the local network
I do not want to pass through squidguard
It's my sister's work computer
It has a vpn
And it stopped working
She gets a message
The connection is not secure and maybe someone listening

![home.plex - Proxy filter SquidGuard Target categories Edit - 2015-03-16_18.33.18.png](/public/imported_attachments/1/home.plex - Proxy filter SquidGuard Target categories Edit - 2015-03-16_18.33.18.png)
![home.plex - Proxy filter SquidGuard Target categories Edit - 2015-03-16_18.33.18.png_thumb](/public/imported_attachments/1/home.plex - Proxy filter SquidGuard Target categories Edit - 2015-03-16_18.33.18.png_thumb)
![home.plex - Proxy filter SquidGuard Common Access Control List (ACL) - 2015-03-16_18.33.43.png](/public/imported_attachments/1/home.plex - Proxy filter SquidGuard Common Access Control List (ACL) - 2015-03-16_18.33.43.png)
![home.plex - Proxy filter SquidGuard Common Access Control List (ACL) - 2015-03-16_18.33.43.png_thumb](/public/imported_attachments/1/home.plex - Proxy filter SquidGuard Common Access Control List (ACL) - 2015-03-16_18.33.43.png_thumb)

KOM · Mar 18, 2015, 2:56 AM

I prefer to use the Group ACL to manage exceptions. Create a new Group ACL. Add your IP address (or whomever's) to it and set its access restrictions to whatever you want, or none at all. The Group ACL will override the Common ACL.

Anyone using your proxy in transparent mode for HTTPS will get browser warnings. The only way to avoid that is to install a pfSense certificate in your browser's certificate store (which is a pain) or use Squid in standard mode (not transparent) & WPAD to enable auto-discovery of your Squid proxy. WPAD is the better method.

firefox · Mar 18, 2015, 5:01 AM

Settings I did before
Started to work
Without me touching anything
Probably forgot to click Save or Apply button

I prefer to use the Group ACL to manage exceptions.

What are the differences between them ?

Anyone using your proxy in transparent mode for HTTPS will get browser warnings. The only way to avoid that is to install a pfSense certificate in your browser's certificate store (which is a pain) or use Squid in standard mode (not transparent) & WPAD to enable auto-discovery of your Squid proxy. WPAD is the better method.

You have already tried to help me https://forum.pfsense.org/index.php?topic=89539.0
But without success
I do not know why
But only my sister's computer have problems

she has a home computer with windows xp – The problem appears randomly
And work laptop with windows 7 -- also The problem appears randomly - and vpn Is blocked
i Excluded her work computer with common acl rule and it work all problem are gone
I can do it Also with home computer
But I want to know why this is happening

Do squidguard Influences On the certificates ?
Before I installed squidguard I only had squid in transparent mode And everything worked without any problems
And it is only in two of these computers

KOM · Mar 19, 2015, 4:04 PM

What are the differences between them ?

Flexibility. With whitelists and blacklists, it's all or nothing. ACLs allow you to customize access.

But only my sister's computer have problems

Are her systems up to date for patches and browser versions? Windows XP??? I do not recommend running Squid in transparent mode. Use standard mode with WPAD to direct your clients to the proxy. Then you can filter HTTPS without worrying about installing certificates.

firefox · Mar 20, 2015, 6:19 AM

I do not recommend running Squid in transparent mode.

What happens in squid in transparent mode
that Does not happen in non transparent mode ?
What are the differences

I have three sites
I created for them aliases (adobe,ubuntu update,and one more) And are listed here

Bypass proxy for these source IPs
Bypass proxy for these destination IPs

They did not work until I did it
This is why I marked transparent mode (So that I can list them empty rows)

Use standard mode with WPAD to direct your clients to the proxy

English This is not my native language
I want to know if I understood correctly What I read

What this actually means
Instead of listing on each computer details of squid
I create this file Put it in pfsense
And computers identify squid alone without any settings ?

Are her systems up to date for patches and browser versions?

the computer with xp Was missing six updates Beyond that is up to date
the laptop with win7 is up to date
She uses both with chrome

KOM · Mar 20, 2015, 8:29 PM

What happens in squid in transparent mode

In transparent mode, your browser will show an error because the site that it is indirectly connecting to doesn't match the certificate.

What this actually means
Instead of listing on each computer details of squid
I create this file Put it in pfsense
And computers identify squid alone without any settings ?

Yes. However, the web sever hosting the wpad.dat file has to be HTTP, not HTTPS. You can use the pfSense web server if you have it set to use WebGUI via HTTP. Otherwise, you will have to have another web server to host the file that is HTTP.