Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard unexpected results, some target catagories URLs not blocked

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mgchristensen
      last edited by

      Using Squid in transparent proxy mode and SquidGuard, I am trying to block certain URLs by placing them in the URL List on the Target catagories tab.  I am only trying to block http traffic right now as I do not yet have the knowledge or experience with pfSense to configure either MITM with a self-signed certificate on each host, or WPAD.

      Some of the entries block as expected, and go to the "int error page" and some do not.  Further, there is a note, unclear to me, at the "Redirect mode" section that reads as follows:

      Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible.
      Options:ext url err page , ext url redirect , ext url as 'move' , ext url as 'found'.

      My URL List, for testing purposes, consists of four entries:

      www.bing.com/ www.a-0009.a-msedge.net/ www.a.ads1.msn.com/ www.obviouszxfake.net/

      Each URL is separated by a space, and ends in a "/" (and must, or the page complains e.g)

      The following input errors were detected:

      DEST 'MS_Telemetry_1': Item 'www.bing.com' is not a url.

      The first two entries redirect to the error page as expected.

      Request denied by pfSense proxy: 403 Forbidden
      Reason: Client address: 192.168.1.237
      Client group: default
      Target group: MS_Telemetry_1
      URL: http://www.bing.com/192.168.1.237/–GET

      Entries 3 and 4 get handled by the browser:

      Server not found

      Firefox can't find the server at www.obviouszxfake.net.

      As it happens, nslookup provides some interesting results:

      $ nslookup www.a-0009.a-msedge.net
      Server:        192.168.1.1
      Address:        192.168.1.1#53

      Non-authoritative answer:
      www.a-0009.a-msedge.net canonical name = a-0009.a-msedge.net.
      Name:  a-0009.a-msedge.net
      Address: 204.79.197.211

      $ nslookup www.obviouszxfake.net
      Server:        192.168.1.1
      Address:        192.168.1.1#53

      ** server can't find www.obviouszxfake.net: NXDOMAIN

      but see also this:

      $ nslookup www.a.ads1.msn.com
      Server:        192.168.1.1
      Address:        192.168.1.1#53

      ** server can't find www.a.ads1.msn.com: NXDOMAIN

      nslookup a.ads1.msn.com
      Server:        192.168.1.1
      Address:        192.168.1.1#53

      Non-authoritative answer:
      a.ads1.msn.com  canonical name = ads1.msn.com.
      ads1.msn.com    canonical name = global.msads.net.c.footprint.net.
      Name:  global.msads.net.c.footprint.net
      Address: 8.27.248.125
      Name:  global.msads.net.c.footprint.net
      Address: 8.254.239.254
      Name:  global.msads.net.c.footprint.net
      Address: 8.27.158.254

      Is it the correct conclusion that pfSense is contacting the DNS first before looking at the Target catagories?

      Thanks in advance to any that comment.

      pfSense 2.2.6
      Squid3 0.4.7
      SquidGuard 1.9.18
      SuperMicro A1SAi-2750F

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.