SquidGuard Web Access Control and Filtering

The SquidGuard package enables very powerful URL content filtering and access control. It can use blacklists or custom lists of web sites, and can selectively allow or deny access to those sites.

To use SquidGuard:

  • Install and configure Squid as described in the previous section
  • Install the SquidGuard package
  • Navigate to Services > Proxy Filter to configure SquidGuard.

General Settings

  • Navigate to Services > SquidGuard Proxy Filter, General Settings tab
  • Check Enable to enable SquidGuard
  • Click Save
  • Check boxes to optionally enable other desired features, such as block event logging and GUI event logging

Note: After saving the settings on any tab in SquidGuard, always return to the General Settings tab and click the

Apply button. Until that action has been taken, the new SquidGuard settings will not be used.

Blacklists

Blacklists are predefined lists of sites in specific categories, such as Social sites, Adult sites, Music sites, and Sports sites. To use blacklists, check Blacklist and fill in a Blacklist URL.

Before the blacklist may be used, it must be downloaded and unpacked. To do this, after saving the settings on this tab, visit the Blacklist tab and click  Download.

Warning: If only blacklists are used, SquidGuard may fail. Define at least one Target Category

Target Categories

Target Categories are custom lists of sites or other expressions that define a group of items that can be used to allow or deny access. They are maintained on the Target Categories tab.

When adding a new Target Category, a few options are required:

Name The Name for the category, as it will appear for selection on ACLs. The name must have between 2 and 15 alphanumeric characters, and the first character must be a letter.

Domain List This is the list of domain names to block, such as www.facebook.com, google.com, microsoft.com, etc. Multiple domains may be entered, separated by a space.

Redirect mode This option controls what happens when a user is blocked by a site in this list. The default of none will not redirect the user. The most common setting is int error page.

Redirect If the user is redirected using int error page, enter the error message that will be presented to the user here. If an external redirect type is used, enter the full URL to the desired target site, including the proper protocol such as http:// or https://.

Access Lists (ACLs)

There are two types of ACL entries in SquidGuard:

  1. Common ACL, which is the default ACL applied to all users
  2. Group ACL entries which are applied to specific IP addresses, groups of IP addresses, or Networks.

First, visit the Common ACL tab. Choose the default actions for all available categories from blacklists or those defined locally. To do this, click Target Rules List , and pick the desired actions from the drop-down at the end of the row for each category. The Default Access [all] choice controls what happens when no match has been found in any of the available categories.

After saving the settings, change to the Group ACL tab to create an entry for a specific user or group of users. Using a Group ACL, an exception to the Common ACL rules may be crafted, either to block access to a site others can reach, or to allow access to a site that others are blocked from viewing.

To create a Group ACL:

  • Change to the Group ACL tab
  • Click  Add to start a new entry and configure it as follows:

Name The name of the ACL

Client (source) Enter the user’s IP address, subnet, etc. Multiple values can be entered, separated by spaces.

Target Rules List Defines the list of actions for this specific set of users

  • Click SaveReturn to the General Settings tab
  • Click Apply
© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.