Proxy Filtering Project

Setup

Make sure your pfsense is NOT using the default password.

Follow the tutorial outlined here to configure pfsense as a squid proxy.

Tasks

Remember to make sure that you are TASTEFUL. We need not experiment with any questionable sites to test our rules.

• Configure at least 2 clients to use the proxy. (You will have to import the exported CA to these clients). I used kali for one machine and just found the appropriate setting in firefox to import the new CA)
• Use Squid to do the following
  • Restrict access to internetbadguys.com.
  • Prove that when you visit an https enabled site, that your CA is showing.
• Install squidguard : You can kind of follow the tutorial here however I couldn’t find any valid links to blacklists.
• Use squidguard to do the following:
  • create your own target categories list (put 4-5 different items in it)
  • under common Acl, deny access to those items from your target category list, allow all other
  • make sure squid/squidguard are blocking those sites.
• Explore 2 other options available to you in squid or squidguard. Document this.

To pass off

In a single pdf:

• proof that 2 clients are using the proxy
• proof that internetbadguys is blocked
• screenshot of cert when https site is visited
• screenshot of squidguard category list and proof that at least one item is blocked
• What you did for your other 2 options