Squid"Custom Options,Transparent proxying&"Allow users on interface" Not working

  • Hi

    I recently needed to block certain users from accessing everything except certain sites, but everyone else on my network must have unrestricted access.

    So i created some custom options,

    acl localnet src ;
    acl NoNet src;
    acl goodsites dstdomain cybertek.co.za worldchat.co.za;
    http_access allow NoNet goodsites ;
    http_access deny NoNet;
    http_access allow localnet;

    And since pfsense inserts these at the bottom, i needed to disable the Allow users on interface, so that it doesnt override my options. But when i disable that, transparentproxying just stops.
    What i ended up doing in the end was selecting the allow all users checkbox, and then just edited the file manually and restarted squid, and everything is working now, But when i reboot, id need to do this again, wich would rather suck.

    So can anyone direct me to how to get transparent proxying working, without the allow all, or how to change where the custom options are inserted, or something, because im at a loss.


  • Your setup is similar to what we use, and I'm able to accomplish what I need through the GUI.  Try putting a period in the blacklist box and list your allowed IPs where you usually would.  Also fill the white list with cybertek.co.za etc.

    The other option is to edit the squid.inc file, as this is what gets read on boot and rewrites the squid.conf  You should be able to decipher it, as it has a squid.conf section inside of squid.inc  It's been discussed before, so a search should help you out.

  • As a last resort, uninstall squid, reboot, then reinstall squid to restore any changes you've made to the .conf or .inc.  Then, use Excel or OO.Calc to create a single column list of the IPs you want to be unrestricted.  Copy/paste to GUI "Unrestricted IPs"/save.  All done.

  • This interesting. I'm looking for a similar solution whereby specific whitelisted URL's can run at full throttle for specific IP's on the lan while others run through the traffic shaper que or some other means of throttling their bandwidth.

    In this world of increasing 'cloud computing' I'm finding a need to have limited and unlimited bandwidth within the web traffic space. Especially where teenage employees are concerned!

    Unfortunately, I'm on a Wrap board now and I think I understand that I should not install Squid on an embedded platform.


  • There has been a very large bounty for a powerful traffic shaper.  See the below post for LOTS of details.  I haven't read the whole thing, but would expect it that it could throttle by destination, therefore doing what you need.  You can have access to the 'beta' version now if you make a 3 digit contribution to the devs $xxx (please do, pfsense is great).

    It has been discussed how to write custom redirect rules for transparent squid so that some traffic will go through squid and some will not, just search this packages forum.


Log in to reply