Setup Squid Guard (Proxy Server) on Pfsense

Setup Squid Guard (Proxy Server) on Pfsense

In order to setup Squid Guard you should have two packages installed on your Pfsense for it to work properly.

First package should be Squid 3 (In case you’re publishing Exchange web services with it) or Squid if not.

Second Package would be Squid Guard-Squid3 for Squid 3 or in case you don’t have Squid 3 you can use the normal “Stable” Squid-Guard version for Squid. 

Squid Package

In my case I am using Squid 3 because I use its reverse proxy to publish Exchange web services so I will install SquidGaurd-Squid 3 to configure its proxy server.

I already downloaded and installed it but If you didn’t do so then you will have to navigate to >System > Packages >Available Packages and there you can find it and install it.

From the Services Menu drop down you will find those 3 below (Proxy Filter, Proxy Server and Reverse Proxy) 

First I will go to Proxy Server tick which Interfaces I want to enable the proxy on (LAN, DMZ) and Enable “Transparent Http Proxy” and “Allow users on interface” in the General tab page

If you scroll down you will find “Logging Settings” and other options that you don’t need to enable. Logging is required mostly for troubleshooting times.

Next I will go to “Local Cache” tab and change the Squid Hard Disk cache Settings in order to take more than 100 mb. I will make it 5000mb which is 5 GB to make internet browser faster for users who visit the same websites often.

After that you don’t need to do anything except saving changes in the end of the page below

Go to “ACLs” page and enable the Local networks that I have, I will write them in the “Allowed subnets” section and save the page. 

I am finished with the Proxy Server settings, I will go to Proxy Filter and I will scroll down to the end of the page to Enable Blacklist option and paste the link below then click Save to save the changes

Go to Blacklist tab to download the black list from there then I will copy the link below and press on Download

When I finish downloading I will go to “Common ACL” tab page and configure the Rules there which we have downloaded. As you can see below I have everything already configured but in order for you to configure it you will have to press on the > Green Start button first of all

After you press on the Green button It will show you the rules that you want to configure. I have already configured (Alcohol, Deny, Gambling, Hacking, Social net)…

Then next I will configure the Redirect mode and type my own customized message that will appear to the clients behind Pfsense and use safeSearch.

When done I will save this page and go to the General tab page and will click on Apply all changes and save the page.


you should see that SafeGuard service state “Started” in order for it to work. If for any reason the service is not started try to navigate to >Status > System logs  and check your logs here if there’s anything related to SafeGaurd or Squid.

Now I will go to the Client and check if my client with “Pfsense as their default gateway” will respond to the Safe Guard rules or not.

I tried opening Facebook or Twitter but both are not working and they gave me the same message which I have customized in Pfsense.  

Over all this had been easy setup and everything works perfectly

Hope this would be useful to you all.

Leave a Reply

Your email address will not be published. Required fields are marked *