Setup Automatic Updates
By default periodic package that runs automatic updates of definition files of Web Safety is not installed on pfSense. We will use cron functionality to run the scripts manually. Open pfSense UI / System / Packages and install the cron package.
After cron installation is complete, open Services / Cron and add the following entry:
- Run the command to update definition files the 59th minute of every hour as root user - /bin/sh /usr/local/etc/periodic/daily/511.websafety_update
Enable Transparent Proxy
Squid also supports filtering HTTP and HTTPS transparently. In this case you do not need to set the browsers to explicitly point to Squid running at port 3128 on your pfSense. To enable this mode, goto pfSense UI / Services / Squid Proxy Server, scroll to Transparent Proxy Settings, set the Enable Transparent Proxy checkbox and click Save.
Now even if your browsers are not set to use the proxy, access to questionable sites will be blocked by Web Safety.
Block the QUIC protocol on your firewall, otherwise Chrome will be able to bypass the transparently redirected proxy when going to QUIC enabled sites, like google.com, youtube.com, etc. To block the QUIC protocol, add REJECT rules for UDP protocol on outgoing port 80 and port 443 as shown on the following screenshot.