Quick start squidGuard package Page 1 of 7

Quick start squidGuard package

Common access
HowTo begin.
HowTo use simple URL filter.
HowTo configure common access to sites.
 
‘General settings’ page:
Enable squidGuard.
Download blacklist and wait some time for rebuild blacklist db (~10-30 min). Blacklist URL can be  http or ftp or local pfSense path to
blacklist archive (example: ‘http://www.shallalist.de/Downloads/shallalist.tar.gz’ or  ‘/tmp/blacklist.tar.gz’).
 

1. Enable squidGuard

2. Enable Blacklist 3. If you use external proxy, enter here

proxy_ip:port login:pass

4. Enter Blacklist URL or local (pfSense) path

5. Save options 6. After Save press ‘Upload URL’

 
‘Default’ page:
Select ‘deny’ or ‘allow’ for enabling/disabling access to you sites. If leaving ‘---‘, then access to this (and other all) sites will be by ‘Default
access’ rule settings.
Select ‘deny’ or ‘allow’ in ‘Default access’ rule.
Define redirection options.
 

1. Select ‘deny’ for block sites, or ‘allow’ for allow sites, or leave ‘---‘.

2. Select default rule for all other sites, what not processed with rules before.

3. You can block IP addresses in URL string.

4. Select Redirect mode.

5. Enter redirection URL or error message.

http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 2 of 7

 
Goto ‘General settings’ page and press ‘Apply’ button for restart squidGuard with new options.
This action must be done every time you want to apply configuration changes.
 
 

6. Save settings.

1. Press ‘Apply’ for restart squidGuard with new options.

 
 
 

Custom Destinations
HowTo use custom destinations.
 
Destinations lets you create custom lists of URL and domains to control access.
 
Goto ‘Destinations’ page:
Add new item.
 

1.  Add new destination item.

 
Enter unique name.
Enter domain (example: ‘example.com news.example.com’).
Enter expressions.
 

http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 3 of 7

2. Enter unique name.

3.  Enter domain.

4.  Enter expression.

 
Enter URL’s (example: ‘examle.com/main.php newwws.net/list’).
Select edirect mode and enter redirect option.
Save.
 

5.  Enter URLs.

6.  Select redirect mode and enter redirect option.

7. Save

 
Then you can use custom destination items in destination rules (looking ‘HowTo configure common access to sites’).
 

Whitelist
HowTo exclude sites from blacklist
HowTo use whitelist
 
If you need exclude some sites from blacklist or provide access to the site at any time, you can use ‘white list’ mechanism.
Create destination item with special sites(domains) list (see ‘HowTo use custom destinations’).
In destination rules from Default or ACL select ‘white’ for you destination item.
 

 
You destination item will allowed before any other rule items.
 

ACL

http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 4 of 7

HowTo configure ACL

 
ACL lets you set filter rules to the selected clients.
Add new ACL item.
 

1.  Add new ACL item.

 
Enter unique name.
Enter source (ip’s, domain’s, username’s).
Set Destination rules (left column, right column now not used).
Set redirect mode and options.
Save.
 

2.  Enter unique name.

3.  Enter source IP, domains or users.

4.  Set destination rules.

http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 5 of 7

5. Define this field too with you needs.

6. Set redirect mode and options.

7. Save.

 
 

Times
HowTo use times with my ACL.
HowTo use different filter rules at different times of day.
 
With use times you can define different filter rules for specified times (used with ACL only).
 
Add new time item.
 

1. Add new time item.

 
Enter unique name.
Enter time ranges within which will act ‘Destination rules’.
Save.
 

1. Add new time item.

2. Enter time ranges.

3. Save

 
Goto ACL items page.
Select you time item. Destination rules (left column) will used with you time-item settings.
 

http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 6 of 7

4. Select time in you ACL item.

 
For define destination rules in overtime, you must set ‘Destination rules in overtime’ (right column).
 

5. Set destination rules in overtime.

Transparent proxy
HowTo squid transparent mode
 
In transparent mode squid has some features in the work. All requests received by proxy come from local ip addresses, and the squid can
not determine the user through ip address. Accordingly squidGuard receive for processing requests only from local addresses pfSense.
Therefore with transparent proxy squidGuard can use only Common access (‘Default’ page). It also can try to use the ACL by name users
with respective authorization proxy settings. But this regime has not yet been tested.
 

Options and comments

General settings page
 
This page contains general settings and Blacklist options.
Enable checkbox – on/off squidGuard package.
Apply button – “main” button for restart package with new settings.
Blacklist checkbox – on/off blacklist (preloaded db URL’s for blocking).
Blacklist proxy – if need external proxy for uploading blacklist archive, set this option as ipaddress:port login:pass
Blacklist URL – URL (http or ftp) or local pfSense path to blacklist archive (example: ‘http://www.shallalist.de/Downloads/shallalist.tar.gz’
or  ‘/tmp/blacklist.tar.gz’).
Upload URL button – start uploading blacklist archive and rebuilding DB, can take some time (10-25 min).
Restore last button – restore last uploaded and rebuilded blacklist DB. Usable for reinstalled squidGuard (very quick procedure).
 
Notes:
Apply button need click whenever you want to apply the modifications made;
Blacklist can be downloaded from internal archive ‘/tmp/sg_blacklists.tar’, where stored last downloaded blacklist file.
 

Default page
 
This page contains Default(common) ACL(access list) - Destinations ruleset for all users (clients), who not have other defined ACL’s
(access list).
 
Each rule item (exclude last) can be set as:
‘---‘ – rule item not used for this ACL,  
‘allow’ – access allowed, exclude filtered by ‘deny’ rules,
‘white’ – whitelist, access have hi priority (before the ‘deny’ rules too); used if need unlock access to url, blocked in ‘deny’ rules.
‘deny’ – access blocked for this item.
 
Last (default) rule can be only ‘allow’ or ‘deny’, and define behavior for all requests, what not processed by rules before him.
 
Access Control List (ACL)
 
For extended possibilities you can manage selected clients via ACL rules
  
Notes:
ACL must have unique name.
You can disable and enable this rule with Disable option
ACL based on first-Order position. If source IP you clients found first ACL in list – his will processed with rule.
Error example:
  0-order A_rule for Source 10.0.0.0/24
  1-order B_rile for Source 10.0.0.15. In this situation
In this situation B_rule never applying for 10.0.0.15 source, becose A_rule already worked
Right example:
0-order B_rule for Source 10.0.0.15
1-order A_rile for Source 10.0.0.0/24
 
Destinations
 
Destinations contains entries, where you clients must or don’t must ‘going’.
 
Notes:
Destination page entry contains unique name, domains list, urls list, expressions and Redirect.
Domains and URLs contains ip or names, what will managed this entry (will be ‘pass’ or ‘deny’).
Expressions option contains masks with regular expressions. This powerful option need learning ‘Regular expression formats’ (Find
manual’s in Internet)
Simplest use:
‘Ads|porns|baners’ – will use for ‘porn.com’, ‘va.com/ads’, ‘example.com/baners’, but not for ‘example.com/banners’, ‘example.com/baner’.
For last situation can use ‘Ads|porns|ban{1,2}ers{0,1}’ mask. ({1,2} mean what symbol’s ‘n’ must be 1 or 2)
 
Redirect options  used only for this entry. Redirect used if entry will deny in ACL. If this field empty, then will used Redirect option from ACL.
 
Howto:

http://diskatel.narod.ru/sgquick.htm 20/10/2010
Quick start squidGuard package Page 7 of 7

Enter unique name;

Enter that or  domains, expressions, urls (one of or all together), one from this fields must contain data;
Define ‘Redirect’ option if you need this;
 
Expressions 
 
HowTo filter extensions with expressions
 
You must enter in ‘Expressions’ template as
(token1|token2|token3|…).*\.(ext1|ext2|ext3|…)
Example1:
(download|downloads|file|files|image|picture|flash).*\.(exe|dll|wav|gif|zip|tar)
Example2:
(.*\.(zip|rar|cab|mp3|avi|mpg|swf|exe|mpeg|mp.|mpv|mp3))|(\/download.|\/mp3.*)
But you can’t enter com, gov or any other root domains – another this blocked any http://www.*.com …
 
HowTo filter spylogs with expressions
 
Example:
counting|counter|spylog|spylogs
Note:
Tokens ‘spylog’ and ‘spylogs’ can be replaced with one string ‘spylogs{0,1}’. The {0, 1} mean what lst ‘s’ symbol must present 0 or 1 times.
 
 
Times page
 
Time type can be as date or weekly. In first situation ‘Days’ field disabled and ‘Date or Range’ field enabled. And in second  variant all will
on the contrary.
Date can be defined as single date or date range. Format yyyy.mm.dd or yyyy.mm.dd-yyyy.mm.dd, also possible use template as * ( *.12.* -
mean 12 month, any year, any date)
Time must be defined only as range hh:mm-hh:mm (08:00-18:00)
 
HowTo define time with dinner time:
 
Example with weekly for 08:00-18:00 worktime and 12:00-13:00 dinner:
weekly mon –date disabled— 08:00-12:00
weekly mon –date disabled— 13:00-18:00
weekly tue   –date disabled— 08:00-12:00
weekly tue   –date disabled— 13:00-18:00
 
Rewrites
 
Page contains entries for specific replacement destination urls. For example this can be used for file-extensions
 
 
After all configurations you must press Apply button an main page, for generate config and restarting
squidGuard.
 

http://diskatel.narod.ru/sgquick.htm 20/10/2010