Professional Documents
Culture Documents
Common access
HowTo begin.
HowTo use simple URL filter.
HowTo configure common access to sites.
‘General settings’ page:
Enable squidGuard.
Download blacklist and wait some time for rebuild blacklist db (~10-30 min). Blacklist URL can be http or ftp or local pfSense path to
blacklist archive (example: ‘http://www.shallalist.de/Downloads/shallalist.tar.gz’ or ‘/tmp/blacklist.tar.gz’).
1. Enable squidGuard
‘Default’ page:
Select ‘deny’ or ‘allow’ for enabling/disabling access to you sites. If leaving ‘---‘, then access to this (and other all) sites will be by ‘Default
access’ rule settings.
Select ‘deny’ or ‘allow’ in ‘Default access’ rule.
Define redirection options.
1. Select ‘deny’ for block sites, or ‘allow’ for allow sites, or leave ‘---‘.
2. Select default rule for all other sites, what not processed with rules before.
http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 2 of 7
Goto ‘General settings’ page and press ‘Apply’ button for restart squidGuard with new options.
This action must be done every time you want to apply configuration changes.
6. Save settings.
Custom Destinations
HowTo use custom destinations.
Destinations lets you create custom lists of URL and domains to control access.
Goto ‘Destinations’ page:
Add new item.
Enter unique name.
Enter domain (example: ‘example.com news.example.com’).
Enter expressions.
http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 3 of 7
3. Enter domain.
4. Enter expression.
Enter URL’s (example: ‘examle.com/main.php newwws.net/list’).
Select edirect mode and enter redirect option.
Save.
5. Enter URLs.
7. Save
Then you can use custom destination items in destination rules (looking ‘HowTo configure common access to sites’).
Whitelist
HowTo exclude sites from blacklist
HowTo use whitelist
If you need exclude some sites from blacklist or provide access to the site at any time, you can use ‘white list’ mechanism.
Create destination item with special sites(domains) list (see ‘HowTo use custom destinations’).
In destination rules from Default or ACL select ‘white’ for you destination item.
You destination item will allowed before any other rule items.
ACL
http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 4 of 7
Enter unique name.
Enter source (ip’s, domain’s, username’s).
Set Destination rules (left column, right column now not used).
Set redirect mode and options.
Save.
http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 5 of 7
7. Save.
Times
HowTo use times with my ACL.
HowTo use different filter rules at different times of day.
With use times you can define different filter rules for specified times (used with ACL only).
Add new time item.
Enter unique name.
Enter time ranges within which will act ‘Destination rules’.
Save.
3. Save
Goto ACL items page.
Select you time item. Destination rules (left column) will used with you time-item settings.
http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 6 of 7
For define destination rules in overtime, you must set ‘Destination rules in overtime’ (right column).
Transparent proxy
HowTo squid transparent mode
In transparent mode squid has some features in the work. All requests received by proxy come from local ip addresses, and the squid can
not determine the user through ip address. Accordingly squidGuard receive for processing requests only from local addresses pfSense.
Therefore with transparent proxy squidGuard can use only Common access (‘Default’ page). It also can try to use the ACL by name users
with respective authorization proxy settings. But this regime has not yet been tested.
Default page
This page contains Default(common) ACL(access list) - Destinations ruleset for all users (clients), who not have other defined ACL’s
(access list).
Each rule item (exclude last) can be set as:
‘---‘ – rule item not used for this ACL,
‘allow’ – access allowed, exclude filtered by ‘deny’ rules,
‘white’ – whitelist, access have hi priority (before the ‘deny’ rules too); used if need unlock access to url, blocked in ‘deny’ rules.
‘deny’ – access blocked for this item.
Last (default) rule can be only ‘allow’ or ‘deny’, and define behavior for all requests, what not processed by rules before him.
Access Control List (ACL)
For extended possibilities you can manage selected clients via ACL rules
Notes:
ACL must have unique name.
You can disable and enable this rule with Disable option
ACL based on first-Order position. If source IP you clients found first ACL in list – his will processed with rule.
Error example:
0-order A_rule for Source 10.0.0.0/24
1-order B_rile for Source 10.0.0.15. In this situation
In this situation B_rule never applying for 10.0.0.15 source, becose A_rule already worked
Right example:
0-order B_rule for Source 10.0.0.15
1-order A_rile for Source 10.0.0.0/24
Destinations
Destinations contains entries, where you clients must or don’t must ‘going’.
Notes:
Destination page entry contains unique name, domains list, urls list, expressions and Redirect.
Domains and URLs contains ip or names, what will managed this entry (will be ‘pass’ or ‘deny’).
Expressions option contains masks with regular expressions. This powerful option need learning ‘Regular expression formats’ (Find
manual’s in Internet)
Simplest use:
‘Ads|porns|baners’ – will use for ‘porn.com’, ‘va.com/ads’, ‘example.com/baners’, but not for ‘example.com/banners’, ‘example.com/baner’.
For last situation can use ‘Ads|porns|ban{1,2}ers{0,1}’ mask. ({1,2} mean what symbol’s ‘n’ must be 1 or 2)
Redirect options used only for this entry. Redirect used if entry will deny in ACL. If this field empty, then will used Redirect option from ACL.
Howto:
http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 7 of 7
http://diskatel.narod.ru/sgquick.htm 20/10/2010