Web Filtering with SquidGuard: Part Two

web filtering

The General settings tab in SquidGuard in pfSense 2.1.3.

In the previous article, we discussed how to install SquidGuard and began to look at configuration options, focusing on blacklists and access control lists. In this article, we continue our look at SquidGuard configuration.

Filtering Sites By Domain Name, URL, or Regular Expression

We will begin by considering sites that you need to allow your users to access. To prevent these sites from being blocked, you could create a new target category and add a list of domains or URLs that should not be blocked. To do this, click on the “Target categories” tab. From here, click on the plus symbol to add a new category. Each category must be assigned a name (no spaces allowed). The new target category can filter by domain name, URL, or by an expression. Filtering by domain will grant access to the main site and any sub pages on it. Entering a URL will allow access to that exact web page and nothing more. Expressions allow the administrator to grant access based on certain keywords. When you have created all the categories you want to create, press the “Save” button. Then go back to either the “Common ACL” or “Group ACL” tab (wherever you created the rule) and select the option of “Whitelist” for your new category. [You can just as easily select the “Deny” option and blacklist all sites in the category.]

In addition to domain and URL filtering, administrators can create filters using regular expressions in SquidGuard. These types of filters are useful if you want to search for certain strings of text in a URL to decide what rule to apply. We won’t go through all the rules of regular expressions, but I should mention that regular expressions typically consist of a series of characters and metacharacters. The metacharacters have a special meaning unless preceeded by an escape sequence (usually a backslash). Here are some of the more important metacharacters:

  • . : Matches any single character – for example, a.c matches aac, abc, etc. Putting brackets around it causes the dot to be interpreted as a literal dot – [a.c] matches a, ., or c
  • [ ] : A bracket expression; matches a single character or a range contained within the brackets. [abc] matches a, b, or c; [a-z] matches any lowercase letter. – is interpreted literally if it’s the first or last character.
  • [^ ] : Matches any single character that is not contained within the brackets. [^abc] matches any character other than a, b, or c.
  • ^ ; Matches the starting position of any line.
  • * : Mathches the preceding element zero or more times. ab*c matches “ac”, “abc”, “abbbc”, etc.

To create a filter that uses an expression click on the target categories tab and either create a new category or edit an existing one. Enter the expression you want to filter on the expression box, and then press the “Save” button. Then go back to the common or group ACL tab and select Deny, Allow, or Whitelist for your target category.

Here are a few examples of filters in action:

#block some video sites

#block all .gov sites

#block all .gov and .mil sites

Squidguard also allows the admin to apply URL filtering based on schdules, which are useful for applying rules at different times during the day, or only on certain days of the week. One way this could be used is for applying strict URL filtering rules during business hours and automatically disable the rules after 5 PM.

To create a time-based rule, click on the “Times” tab. Then click the “plus” sign to create a new schedule. Schedules can be applied using the “Groups” ACL tab. You can create a new group ACL tab (or edit an existing one) and in the “time” dropdown box select the schedule you created. You need to press the “Apply” button on the general tab for the settings to take effect.

External Links:

The official SquidGuard site

URL Filtering – How To Configure SquidGuard in pfSense on hubpages.com

Web Filtering with SquidGuard: Part One

web filtering

The General settings tab for SquidGuard under pfSense 2.1.3.

Now that we’ve covered both Squid and LightSquid, I thought it might be useful to cover some other Squid plugins. In this article, we will cover how to implement web filtering with SquidGuard.

SquidGuard is a URL redirector software, which can be used for web filtering of sites users can access. It uses blacklists to define sites for which access is redirected. Here, we are concerned mainly with SquidGuard installation under pfSense, but it can also be installed under Unix or GNU/Linux. The software’s filtering extends to all computers in an organization, including Windows, Macintosh, UNIX and Linux computers. It was originally developed by Pål Baltzersen and Lars Erik Håland, and was implemented and extended by Lars Erik Håland in the 1990s. The current version is 1.4, released in 2009.

As with other packages, installation of SquidGuard is easy. Just navigate to System -> Packages, scroll down to SquidGuard on the package list, click on the plus button on the right side of the listing, and on the next screen, click the “Confirm” button to confirm installation. The installation will take a few minutes. Once installation is complete, you will have a new menu item under Services called Proxy Filter, with which web filtering can be implemented.

The basic configuration of SquidGuard can be gleaned from the documentation on the official SquidGuard site. The simplest web filtering configuration has a single list of blocked sites and the URL of the page to show when the user tries to access a blocked site. The administrator, though, may choose to define more than one list, each representing a category to block. Finally, sometimes there is a demand to allow specific URLs and domains although they are part of the blacklists for a good reason. In this case, you want to whitelist these domains and URLs. This is generally accomplish in SquidGuard by editing the squidGuard.conf file, but if SquidGuard is installed under pfSense, the basic configuration can be done from the pfSense web GUI.

Web Filtering with SquidGuard: Configuration

You can configure SquidGuard in pfSense by navigating to Services -> Proxy Filter and clicking on the General settings tab. There is a check box at the top; check this box to enable the blacklist. Also on the General settings tab (towards the bottom of the page), you can specify the URL of the blacklist. You can use one of your own blacklists, or you can use one of the publicly available lists on the web. The official SquidGuard site has one at http://www.squidguard.org/blacklists.html. Enter the URL of the blacklist you want to use for web filtering in the appropriate edit box. Once you have done this, press the “Save” button at the bottom of the page.

web filtering

The Blacklist tab in SquidGuard; here you can download blacklists.

Next, click on the blacklist tab and press the “Download” button. Once the download is finished, the status box will display “Blacklist update complete” (it may take several minutes to download).

Once you have uploaded your blacklist, you will need to configure which categories of sites on the blacklist should be either allowed, blocked, or whitelisted. The simplest way to configure it is with the common ACL tab. The common access list settings will apply to all users of the proxy. The next tab is the “Groups ACL” tab, and if you want to apply different rules to ther source networks you should use this tab. This way, you wan have different policies for different networks. When you modify a target rule, you need to click on “Apply” in the General settings tab in order for the changes made to take effect.

In the dropdown box next to each of the target rules, you can select one of the following three web filtering actions:

  • Allow: Grant access to the target category unless blocked by another rule or exception
  • Deny: Block access to sites in the target category
  • Whitelist: Always allow access to the target category (even if blocked by another rule or exception.

At the bottom of the page, there is a check box to block IP addresses in the URL. This will prevent users from bypassing the filter by using the IP of the web site instead of the URL. They can still use the IP addresses of whitelisted sites in the URL, though.

By default, when a user attempts to visit a blocked page, they will see an internal error page indicating that the page was blocked and under which target category it falls. However, you can change the redirect page to a blank page, or any other internal or external URL.

In the next article, we will continue our look at SquidGuard configuration.

External Links:

The official SquidGuard site

URL Filtering – How To Configure SquidGuard in pfSense on hubpages.com

SquidGuard on Wikipedia

© 2013 David Zientara. All rights reserved. Privacy Policy