The pfSense Store

Author Topic: Guide to filtering web content (http and https) with pfsense 2.3  (Read 71788 times)

0 Members and 5 Guests are viewing this topic.

Offline AR15USR

  • Full Member
  • ***
  • Posts: 266
  • Karma: +10/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #15 on: June 20, 2016, 07:49:39 am »
Can't get HTTPS scanning to work. See https sites passing through squid but clamd won't scan the files. Works fine on HTTP and it catches the virus files. Using proxy setting in browser since wpad isn't giving the results I am expecting.

Same issue here now.

I enabled the 80-443 block rule, unchecked the 'Transparent" option in Squid and I can only get access if I manually enter the wpad.dat location into my local computer(s) settings. Auto discovery does not work. I'm on all Apple computers/devices here btw. Same issue with ClamAV, it scans http but not https as poster above.
« Last Edit: June 20, 2016, 12:16:27 pm by AR15USR »
_________________________

Release: pfSense 2.3.4

Offline Asterix

  • Hero Member
  • *****
  • Posts: 888
  • Karma: +32/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #16 on: June 20, 2016, 09:40:56 am »
Auto config works for me. What I meant in the original post was that the WPAD direction info I was writing was not proper hence was using straight proxy settings for the time being. Will be experimenting with the WPAD file at a later time.

I seriously doubt HTTPS scanning (not filtering) with clamd is working. I have followed the configuration directions to the T and yet the only thing which does not work is https clamd scans for viruses. I believe its a Squid issue.

Offline aGeekHere

  • Sr. Member
  • ****
  • Posts: 523
  • Karma: +41/-1
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #17 on: June 20, 2016, 06:13:12 pm »
Post a link to the https fake virus test file that you are testing and I will see if it works for me.
Never Fear, A Geek is Here!

Offline AR15USR

  • Full Member
  • ***
  • Posts: 266
  • Karma: +10/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #18 on: June 20, 2016, 07:53:52 pm »
http://www.eicar.org/85-0-Download.html


There is one group for http, and one group for https.
_________________________

Release: pfSense 2.3.4


Offline Asterix

  • Hero Member
  • *****
  • Posts: 888
  • Karma: +32/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #20 on: June 20, 2016, 10:34:58 pm »
Would you know how to get the below google safesearch info in pfSense BIND DNS?


server: include: /var/unbound/forecegoogle.conf

Offline aGeekHere

  • Sr. Member
  • ****
  • Posts: 523
  • Karma: +41/-1
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #21 on: June 20, 2016, 11:42:18 pm »
Ok done some research squidclamav only supports http not https because it is encrypted.

Quote
would you know how to get the below google safesearch info in pfSense BIND DNS?

Not sure you will need to ask that in the proxy forum.
Never Fear, A Geek is Here!

Offline AR15USR

  • Full Member
  • ***
  • Posts: 266
  • Karma: +10/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #22 on: June 21, 2016, 07:39:48 am »
Ok done some research squidclamav only supports http not https because it is encrypted.


I just did a test. Squidclamav will scan https traffic when using Squids MITM option..
« Last Edit: June 21, 2016, 08:03:55 am by AR15USR »
_________________________

Release: pfSense 2.3.4

Offline Asterix

  • Hero Member
  • *****
  • Posts: 888
  • Karma: +32/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #23 on: June 21, 2016, 08:38:49 am »
Ok done some research squidclamav only supports http not https because it is encrypted.


I just did a test. Squidclamav will scan https traffic when using Squids MITM option..

And that would need certificates have to be installed on the clients..

Offline AR15USR

  • Full Member
  • ***
  • Posts: 266
  • Karma: +10/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #24 on: June 21, 2016, 08:40:08 am »
Ok done some research squidclamav only supports http not https because it is encrypted.


I just did a test. Squidclamav will scan https traffic when using Squids MITM option..

And that would need certificates have to be installed on the clients..

Correct.
_________________________

Release: pfSense 2.3.4

Offline aGeekHere

  • Sr. Member
  • ****
  • Posts: 523
  • Karma: +41/-1
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #25 on: June 21, 2016, 06:17:24 pm »
To help stop virus or spywhere we can enable squidguard block list blk_BL_spyware,
Never Fear, A Geek is Here!

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14481
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #26 on: June 30, 2016, 09:39:28 am »
What is the point of all the safesearch nonsense and redirecting users to only use your dns..  You do understand when a proxy is being used, the proxy does the query not the client..

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline phunni

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #27 on: June 30, 2016, 10:15:37 am »
While setting up wpad we'r supposed ot enter the following into /usr/local/www/wpad.da:

Quote
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";
 
    return "PROXY 192.168.1.1:3128";
}

I've actually changed my pfsense server ip to 192.168.0.1 - do I need to edit both ip addresses listed above?

Offline AR15USR

  • Full Member
  • ***
  • Posts: 266
  • Karma: +10/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #28 on: June 30, 2016, 10:18:14 am »
What is the point of all the safesearch nonsense and redirecting users to only use your dns..  You do understand when a proxy is being used, the proxy does the query not the client..

I think the point of the safe search is to stop, say your young kids, from Googling porn images. I'm not sure about the dns redirecting.
_________________________

Release: pfSense 2.3.4

Offline aGeekHere

  • Sr. Member
  • ****
  • Posts: 523
  • Karma: +41/-1
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #29 on: June 30, 2016, 09:56:59 pm »
What is the point of all the safesearch nonsense and redirecting users to only use your dns..  You do understand when a proxy is being used, the proxy does the query not the client..

I think the point of the safe search is to stop, say your young kids, from Googling porn images. I'm not sure about the dns redirecting.

1. What is the point of forcing search engines from using safe search?
Answer: To aid in the filtering of adult content, this is most importantly for google images as squidguard does not block them, if you do not want to filter web content then this guide is not designed for you.

2. What is the point of redirecting users to use THEIR pfsense router as the DNS server.
Answer: There are many advantages not all relating to web filtering however tries and stops the user from bypassing the dns redirect rule.

While setting up wpad we'r supposed ot enter the following into /usr/local/www/wpad.da:

Quote
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";
 
    return "PROXY 192.168.1.1:3128";
}

I've actually changed my pfsense server ip to 192.168.0.1 - do I need to edit both ip addresses listed above?
Yes, set it to 192.168.0.0
Never Fear, A Geek is Here!