Additional Tasks

Setup Automatic Updates

By default periodic package that runs automatic updates of definition files of Web Safety is not installed on pfSense. We will use cron functionality to run the scripts manually. Open pfSense UI / System / Packages and install the cron package.

../../_images/cron.png

After cron installation is complete, open Services / Cron and add the following entry:

../../_images/cron1.png
  • Run the command to update definition files the 59th minute of every hour as root user - /bin/sh /usr/local/etc/periodic/daily/511.websafety_update
../../_images/cron2.png ../../_images/cron4.png

Enable Transparent Proxy

Squid also supports filtering HTTP and HTTPS transparently. In this case you do not need to set the browsers to explicitly point to Squid running at port 3128 on your pfSense. To enable this mode, goto pfSense UI / Services / Squid Proxy Server, scroll to Transparent Proxy Settings, set the Enable Transparent Proxy checkbox and click Save.

../../_images/intercept.png

Now even if your browsers are not set to use the proxy, access to questionable sites will be blocked by Web Safety.

Important

Block the QUIC protocol on your firewall, otherwise Chrome will be able to bypass the transparently redirected proxy when going to QUIC enabled sites, like google.com, youtube.com, etc. To block the QUIC protocol, add REJECT rules for UDP protocol on outgoing port 80 and port 443 as shown on the following screenshot.

../../_images/quic.png