Netgate SG-1000 microFirewall

Author Topic: Squid UI proposal: Add input for blacklisting URLs in addition to domains  (Read 209 times)

0 Members and 1 Guest are viewing this topic.

Offline PakoUser

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
I have a pfSense firewall proxying HTTP and HTTPS with Squid.  Non-transparent, bumping SSL with a CA cert on client machines.

I wanted to block an entire domain, but allow certain exceptions (eg: "reddit.com/r/pfsense" allowed, rest of "reddit.com" blocked).
Blocking whole domains is easy with Squid in pfSense, but the UI doesn't allow whitelisting or blacklisting URLs like this.  I realized Squid supported it, though, without the overhead of having to run SquidGuard too.  (Obviously, to be able to see the URL at all, this will only work with HTTP or bumping SSL).

I put together a change that accomplishes this.  Before I jump through the hoops of licensing agreements and a pull-request, I wanted to see if you all like the concept.  I'm happy to post the diff if you want it.

Attached are the new UI elements and the resulting config file.  It's been tested to work in my environment, at least.

Has this already been shown to be a dead end, or should I proceed?