Web Filtering with SquidGuard: Part Two

web filtering

The General settings tab in SquidGuard in pfSense 2.1.3.

In the previous article, we discussed how to install SquidGuard and began to look at configuration options, focusing on blacklists and access control lists. In this article, we continue our look at SquidGuard configuration.

Filtering Sites By Domain Name, URL, or Regular Expression

We will begin by considering sites that you need to allow your users to access. To prevent these sites from being blocked, you could create a new target category and add a list of domains or URLs that should not be blocked. To do this, click on the “Target categories” tab. From here, click on the plus symbol to add a new category. Each category must be assigned a name (no spaces allowed). The new target category can filter by domain name, URL, or by an expression. Filtering by domain will grant access to the main site and any sub pages on it. Entering a URL will allow access to that exact web page and nothing more. Expressions allow the administrator to grant access based on certain keywords. When you have created all the categories you want to create, press the “Save” button. Then go back to either the “Common ACL” or “Group ACL” tab (wherever you created the rule) and select the option of “Whitelist” for your new category. [You can just as easily select the “Deny” option and blacklist all sites in the category.]

In addition to domain and URL filtering, administrators can create filters using regular expressions in SquidGuard. These types of filters are useful if you want to search for certain strings of text in a URL to decide what rule to apply. We won’t go through all the rules of regular expressions, but I should mention that regular expressions typically consist of a series of characters and metacharacters. The metacharacters have a special meaning unless preceeded by an escape sequence (usually a backslash). Here are some of the more important metacharacters:

  • . : Matches any single character – for example, a.c matches aac, abc, etc. Putting brackets around it causes the dot to be interpreted as a literal dot – [a.c] matches a, ., or c
  • [ ] : A bracket expression; matches a single character or a range contained within the brackets. [abc] matches a, b, or c; [a-z] matches any lowercase letter. – is interpreted literally if it’s the first or last character.
  • [^ ] : Matches any single character that is not contained within the brackets. [^abc] matches any character other than a, b, or c.
  • ^ ; Matches the starting position of any line.
  • * : Mathches the preceding element zero or more times. ab*c matches “ac”, “abc”, “abbbc”, etc.

To create a filter that uses an expression click on the target categories tab and either create a new category or edit an existing one. Enter the expression you want to filter on the expression box, and then press the “Save” button. Then go back to the common or group ACL tab and select Deny, Allow, or Whitelist for your target category.

Here are a few examples of filters in action:

#block some video sites

#block all .gov sites

#block all .gov and .mil sites

Squidguard also allows the admin to apply URL filtering based on schdules, which are useful for applying rules at different times during the day, or only on certain days of the week. One way this could be used is for applying strict URL filtering rules during business hours and automatically disable the rules after 5 PM.

To create a time-based rule, click on the “Times” tab. Then click the “plus” sign to create a new schedule. Schedules can be applied using the “Groups” ACL tab. You can create a new group ACL tab (or edit an existing one) and in the “time” dropdown box select the schedule you created. You need to press the “Apply” button on the general tab for the settings to take effect.

External Links:

The official SquidGuard site

URL Filtering – How To Configure SquidGuard in pfSense on hubpages.com

© 2013 David Zientara. All rights reserved. Privacy Policy