SquidGuard package

From PFSenseDocs

This article is part of the HOWTO series.

Contents 1 What is a squidGuard 2 Installation 3 Configure the SquidGuard Package 3.1 Blacklist 3.2 Basic configuration 4 HowTo 4.1 Exclude domain/URL from blacklist

What is a squidGuard

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free. SquidGuard is published under GNU Public License.

SquidGuard can be used to

• limit the web access for some users to a list of accepted/well known web servers and/or URLs only.
• block access to some listed or blacklisted web servers and/or URLs for some users.
• block access to URLs matching a list of regular expressions or words for some users.
• enforce the use of domainnames/prohibit the use of IP address in URLs.
• redirect blocked URLs to an info page.
• redirect banners to an empty GIF.
• have different access rules based on time of day, day of the week, date etc.

Installation

1. Open Packages list: click System > Packages
2. Install the Squid package, if it is not installed.
3. Configure Squid package.
4. Install SquidGuard package.

Configure the SquidGuard Package

Blacklist

SquidGuard comes with a small blacklist basically for testing purposes. In production you don't want to use them. A better way is to start with one of the blacklist collections listed (alphabetically) below.

• MESD blacklists - They are freely available.
• Shalla's Blacklists - Free for non commercial/privat use. (Recommended)
• more..

Downloading blacklist:

1. Open General page in SquidGuard package GUI.
2. Enter blacklist url in the field Blacklist URL.
3. Press Upload URL button.
4. Wait, while blacklist will downloaded and prepared to use(10-35 min). Process will showed on top of the General page (renew for control).

Basic configuration

Here describes how to enable and configure SquidGuard, and common users access.

1. Open General settings page.
   1. Set Enable field for activate package.
   2. Set Blacklist field for use blacklist categories.
   3. Click Save button.
2. Open Default page.
   1. Click Destination ruleset string for showing blacklist categories
      1. Define default user access: select Default access [all] as allow or deny.
      2. Define other blacklist categories:
         1. Select '---', if you not use category.
         2. Select allow, if you allow this category for you clients.
         3. Select deny, if you deny this category for you clients.
         4. Select white, if you want to allow this category without any restrictions. This option is used for exceptions to the prohibited category.
      3. If you want to prohibit their customers to use the IP address in the URL, you must set Not to allow IP addresses in URL field.
      4. Select Redirect mode:
         1. Internal error page - for use the built-generator, the error page.
         2. Internal blank page
         3. ... here will be more ...
      5. Spec: Use safe search engine - set this option, if you need protect customers from unwanted search results. Now it is supported by Google, Yandex, Yahoo, MSN, Live Search. Make sure that these search engines are available. All other search engines, we recommend that you disable.

-= HERE UNDER CONSTRUCTION =-

HowTo

Exclude domain/URL from blacklist

squidGuard GUI:

1. Open Destinations page
2. Append new item - 'myWhitelist' for example.
3. Add you domains/URL's to form
4. Save
5. Open Default or ACL page (where you want to make an excluding).
6. Set Destinstion > Ruleset > MyWhiteList as white
7. Save, Apply.

-= to be continued =-