Squid Guard to Block websites for some users



  • Hello all , I want to block websites based on blacklist for some users lets say Normal users and managers  i want to block websites like youtube, catagory like social networking  to normal users but Managers should be able to access those sites

    there r many LInks to configure squid guard but i find very less info to give Unrestrected access for some IP(not blocking IPs)

    current setup is like

    ISP–--Mediaconverter----PFSENSE Router (Router-Firewall-Squid Proxy Non Transparent with wpad auto configuration - )  --------Switch ----windows server with  IIS (wpad) , also DHCP ,DNS

    currently squid is working perfectly i would like to block sites using squidguard for normal users only  ( Normal users ,Managers,Mobile device have seperate IP range but same subnet (
    like  Users 192.168.1.10-192.168.1.100/24
    Managers 192.168.1.120-192.168.1.150/24
    Mobiles    192.168.1.160-192.168.1.180/24
    Stataic devices above x.x.x.200 /24

    Total of 100 users



  • From my standpoint, the way you express your need doesn't make sense (please do not take my comment the wrong way  :-[)

    On one hand, you express need for access control rules based on users (normal user, manager etc…) while, on the other hand, you describe it as based on IP addresses.

    These are 2 different dimensions with most likely no relationship except if you apply some specific set-up and administration overhead.

    Implementing rules "per user" can be done very easily: you just need to enable proxy authentication then define access control rules per user or, better, per group. No need for any "per IP" rule.
    If you need to build rules based on IP (why not), then just do it but do not expect this to be linked to any user  ;)



  • I have a similar situation and this is how I have configured my pfsense box

    pfsense 2.2.3 with ipguard, squid3 and squidguard.

    My scenario
    normalusers 192.168.1.128-192.168.1.254
    managers 192.168.1.10-192.168.1.127
    static devices 192.168.1.0-192.168.1.9

    In firewall alias create two groups ( I have only two kind of users normal and manager)
    normalusers 192.168.1.128/25
    managers 192.168.1.0/25

    DHCP range 192.168.1.128-192.168.1.254  ( So the normalusers will get ip with dhcp)
    create a static entry for each of managers device in the range 192.168.1.10-192.168.10.127

    I have installed ipguard so that normalusers don't change their ip in the range 192.168.10-192.168.10.127

    In squid create two groups normalusers and managers

    normalusers source ip 192.168.1.128/25 select the category to blocked
    managers source ip 192.168.1.0/25 select the catelgory to be blocked.

    Its important to install ipguard as the users can change their ip and get unrestricted access.



  • I created user in PFsense > proxy server > Users > also from authentication tab selected Local authentication applied and restarted as shown in PIC 2  now users are prompted for username and password but it keep asking in loop  (Chck PIC 1 ) its showing user Agent and manager by TCP_Denied








  • are you sure your password is correct?
    HTTP 407 means that proxy authentication is still required.



  • yes it was a test account 123.com and 1234.com agent and manager



  • i find after disabled Snort on lan interface two of the Users / 5 users created in Squid can access , no authentication loop



  • @Abhishek:

    i find after disabled Snort on lan interface…

    I'll be very glad if you could explain purpose of Snort listening on internal interface. There is something I don't understand here  ???


Log in to reply