Squid 3 for https blocking?



  • Hi,
    So I have been trying to block https facebook and had no luck :(.
    First i installed squid then squid guard then i realize it does not block https
    then i installed squid 3 which it says it blocks https but im lost in configuring it.

    This is my setup in proxy server interface: LAN
    proxy port 3128
    allow user on interface is checked
    transparent http proxy checked

    proxy filter squidguard is checked
    and black list is checked with the shallalist
    on the tab common acl the target rule deny is social network
    do not allow ip addresses in url is checked
    then i created in target categories a new name called test
    then i added domain name
    facebook.com es-la.facebook.com static.ak.fbcdn.net login.facebook.com www.login.facebook.com fbcdn.net fbcdn.com static.ak.connect.facebook.com

    but now im confused on the part of reverse proxy

    here are some snap shots

    Thank you


























  • @killmasta93:

    This is my setup in proxy server interface: LAN
    proxy port 3128
    allow user on interface is checked
    transparent http proxy checked

    Do not waste time (except for reading some documentation  ;D):

    • transparent proxy will not handle HTTPS (except if you implement nasty "man in the middle" stuff but who would like to do this ???)

    If you want to filter HTTPS, which does make sense BTW, then switch to explicit proxy, and implement WPAD in case you don't want to configure proxy on each and every device.





  • Hi,

    Thank you for your response. I will give it a try and let you know how it goes. Another question so squidguard is pointless or keep it just for the heck of it? and I have to keep squid

    Thank you



  • Squid and Squidguard are two different beasts.

    Squid acts as HTTP proxy and provides access control based on various rule types. It can't really filter URL and content but can delegate this task to external service like Squidguard.
    If you want to implement content filtering, blacklist and stuff like this, you do need both Squid and Squidguard.



  • I think i might just roll back to pfsense 2.1 i have been reading alot, and most people in general having problems with 2.2.2. Im even having trouble with port forwarding…i will keep you posted to see if 2.1 seems more stable

    Thank you



  • I got tired of all the funniness with Squid and decided to roll my own.  Squid3, squidGuard, Lightsquid and Sarg on a Ubuntu box.  Works like a charm.



  • KOM but you said WPAD? How does squidGuard work without Squid?



  • KOM but you said WPAD? How does squidGuard work without Squid?

    I don't understand your question.  WPAD is a generic technology allows a client to find the Squid proxy automatically.  Squid relies on squidGuard to do URL filtering.



  • ohhh never mind i got it sorry for the ignorance  :-[


Log in to reply