Squidguard not blocking websites, I must have configured it incorrectly



  • Hello all,

    please forgive any ignorance on this topic, I'm still new to pfsense / squidguard.

    At customer request I enabled squidguard on their pfsense appliance.
    I followed the doc on pfsense.org as a guide and enabled the blacklist feed and categories as suggested, I even added a specific set of URL's in Target Categories as a test for denying traffic (Faceboo, Shuttefly, yahoo mail specifically.)

    I enabled squidguard and decided to test, but I can still access these sites!

    Is there a way I can share my config so someone can tell me what I did wrong? I double checked with the doc on pfsense.org and everything seems correct.

    Thanks for any replies!

    About my firewall:

    PFsense 2.1.5
    Squidguard3
    OpenVPN

    Squidguard has shallas list as a blacklist source.
    It is enabled and I have done the save/apply method as recommended in the guide.

    Edit:

    Seems the LDAP connection was the culprit. Disabled that and it started blocking. Still need to block facebook though.



  • There is still some instability with the squid/squidGuard package sunder 2.2.2 from what I have read.  You may not be doing anything wrong.  It doesn't seem to work for a lot of people.



  • If that is the case what are my alternatives for filtering?



  • I think the LDAP connection was my culprit. I inherited this so I have no idea why it would be needed. Looks like it's easy to set back up anyway.



  • squid -k parse



  • You cant block https unless you use WPAD (works but may or may not block on android phones) or explicit proxy which means installing CERTS on each computer/devices. For an easy way to block facebook,whatsapp,twitter use pfblockerNG block by IP.

    click on the site for IP of facebook from the Hurricane Electric lists

    http://bgp.he.net/search?search[search]=facebook&commit=Search
    
    

    The only thing that cannot be blocked though IP is youtube unless you use domain override but it will be blocked for everyone.



  • @killmasta93:

    You cant block https unless you use WPAD (works but may or may not block on android phones) or explicit proxy which means installing CERTS on each computer/devices. For an easy way to block facebook,whatsapp,twitter use pfblockerNG block by IP.

    click on the site for IP of facebook from the Hurricane Electric lists

    http://bgp.he.net/search?search[search]=facebook&commit=Search
    
    

    Nice trick - I have now done this for facebook and managed to block it by using pfBlockerNG and its IPv4 list that has setup a floating rule. I want to allow a certain user to access facebook however. Is there a better way of doing this than setting up a pass rule in floating rules that allows his source IP all access to everything, and putting that rule just above the block rule?



  • @killmasta93:

    You cant block https unless you use WPAD (works but may or may not block on android phones) or explicit proxy which means installing CERTS on each computer/devices.

    I'm not 100% in line with this view:
    WPAD is used to avoid manual proxy configuration on each and every device (Web Proxy Auto Discovery). Nothing more nor less than this.
    On the other hand, your point about certificates to be installed on each device is rather linked (perhaps) to some willingness to implement MITM at proxy level in order be able to scan HTTPS flow content.
    Aside the fact that this is weird  :P this is different from access control, fully achievable without MITM.

    Regarding MITM, I'm also surprised it's a matter of certificate installation. I would rather say that you have to trust, on each and every device, CA having signed certificate used by Squid. Either manually or deploying CA public key on each and every device  ;)

    Or I misunderstand your point  :-[