PfSense 1.2.3. Update web proxy, squidGuard and LightSquid

  • 12 Oct 2012
  • pfSense, Squid

1. Go to "Installed packages" under System -> Packages

2. Remove SquidGuard and Squid by clicking on the X icon at the right from the table

3. Login to pfSense from console and enter option 8 (Shell)

Search for squid configuration and cached files doing:

find / -name "squid*"

Remove them all

rm -fR /var/db/squidGuard
rm -fR /tmp/squidguard_*
rm -fR /var/log/squid*
rm -fR /usr/local/etc/squid*
rm -fR /tmp/squidGuard*
rm -fR /var/squidGuard
rm -fR /var/squid

(can take a long time)

You can check the progress opening another shell and doing:

du -sh /var/squid

4. Go to "1.2.3-RELEASE packages" under System -> Packages and install "squid". Be patient...

5. Go to Services -> Proxy server, configure basic items, and save. Now, your squid should be running... Check from Status -> Services

6. Now, install SquidGuard from "1.2.3-RELEASE packages".. in the same way that installed squid.

7. After this message:

Installation completed.   Please check to make sure that the package is configured from the respective menu then start the package.

Go to status -> services and check if squidGuard is running

8. Go to services -> Proxy filter

9. Goto Blacklist and click on Download

You'll see this log:

Begin blacklist update
Start download.
Download archive http://www.shallalist.de/Downloads/shallalist.tar.gz
Download complete
Unpack archive
Scan blacklist categories.
Found 74 items.
Start rebuild DB.
Copy DB to workdir.
Reconfigure Squid proxy.
Blacklist update complete.

10. After that, copy the file /usr/local/www/sgerror.php to an external web server width php support. Test if you can open this page in a browser: http://your_server/sgerror.php?url=403%20Error&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

11. Now, is time to configure the redirection... Goto common ACL and select ext url redirect (enter URL) on field redirect mode.

On redirect info, paste your link.

Denied access to some site categories, like anonvpn, hacking, remotecontrol, spyware, tracker, warez... And allow the default access.

At target categories You can create your own site category. These categories will be displayed at common acl and groups acl

For each category You can set whitelist, deny or allow. If you want to allow a particular domain or url from a denied category, You have to create a new target category including these destinations and set this to whitelist. For example, if you have set blk_BL_movies to deny but you wish to allow youtube.com, you've to create a target category containing youtube.com (as doamin) and then set it to whitelist.

Now, you can create all the groups acl as you want. Settings on common acl will be applied after the groups acl rules. Remember: the category set as whitelist can't be denied later.

12. Install LightSquid. Goto Status -> Proxy report and click on "Refresh all"

The sgerror.php file