2011/3/23 Carlos Vicente <cjpvice...@gmail.com>: > Hi, > > have you considered to use squidguard with the URL Blocklist shallalist.de? > I have one deployment with squid (not in transparent mode, using port TCP > 3128), squidguard and HAVP and I can block about all social network traffic. > > Carlos > > On Tue, Mar 22, 2011 at 4:53 PM, Luke Jaeger <ad...@pvpa.org> wrote: >> >> Hello, >> >> I have squid configured as transparent proxy on my network. >> >> Students have figured out that if they use Firefox and set its internal >> network settings to "no proxy", they can get to banned sites such as >> facebook via https. >> >> Firefox is the only browser I know of that lets you override system proxy >> settings, which we keep locked down. >> >> Is there any way to fix this? >> >> thanks - >> >> >> Luke Jaeger | Technology Coordinator >> Pioneer Valley Performing Arts Charter Public School >> www.pvpa.org >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> > > > > -- > > ***** > http://www.sebastiaoguerra.com > http://www.atelierdamoto.com > http://www.blocoa3.com > ------------------------------------------------------------------------------ > Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e > destinados, > exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este > e-mail por > erro, por favor, contacte-nos. Obrigado. > This e-mail and any files transmitted with it are confidential and intended > solely for the use of > the individual or entity to whom they are addressed. If you have received > this e-mail in error > please notify us. > > > > Antes de imprimir este e-mail pense se necessita mesmo de o fazer >
Hi @list, afaik you can define acls in the squidconfig to block specific sites and ports (nearly anything that is ip/tcp) you can also create blocking lists that could be used with squid only. you can also setup special error pages and messages in the config iirc. a simple example can you find here. http://nixcraft.com/linux-software/544-how-block-sites-squid.html as others have already mentioned, redirect all access to the outside world port 80/443/8080...( not blocking, lead it to the squid) to port 80 of the pfsense box especially to port 3128 and choose the transparent proxy settings, i am sure there will be a howto/tutorial or something to find in the pfsense docs. for using squidguard, keep always in mind that each requests gets validated against a huge list of blacklisted servers. i had a customer that keeped over 26.000.000 blocked sites in his squidguard filter -> each request has to getting validated against 26.000.000 listentries ( not the page load, each part of a page) -> slows down the loading of the page and increases the load of the firewall itself another solution can be dante a socks proxy solution with content filter abilities. i am not sure if dante or another socks content filter is availeable in the packages for pfsense. hope it helps a bit regards m. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org