Netgate SG-1000 microFirewall

Author Topic: Guide to filtering web content (http and https) with pfsense 2.3  (Read 91880 times)

0 Members and 2 Guests are viewing this topic.

Offline nib01

  • Newbie
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #150 on: March 24, 2018, 06:07:29 pm »
I got confused when you say add (blue). Did you mean add (blue) below yellow within the same wpad.da file? or..

"Part 3
Now we are going to set up a wpad read more here about wpad https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid
ssh in to pfsense
8
cd /
create the wpad.da file
vi /usr/local/www/wpad.da
wq

Create two new symbolic link files
Code: [Select]
ln -s /usr/local/www/wpad.da /usr/local/www/wpad.dat
ln -s /usr/local/www/wpad.da /usr/local/www/proxy.pac


Then go Diagnostics /Edit File
click browse
user
local
www
click wpad.da
add

Code: [Select]
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";
 
    return "PROXY 192.168.1.1:3128";
}


save"

Offline aGeekHere

  • Sr. Member
  • ****
  • Posts: 535
  • Karma: +46/-1
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #151 on: March 26, 2018, 07:31:59 pm »
You have to create 3 files in /usr/local/www/
wpad.da
wpad.dat
proxy.pac

Each having this code
Code: [Select]
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0"))
        return "DIRECT";
 
    return "PROXY 192.168.1.1:3128";
}

Instead of maintaining changes for all 3 files you can create a main file e.g. wpad.da and create a symbolic link for the other 2 files, that way all changes from wpad.da are copied over to the other files.

So now you only need to make changes to wpad.da.
Never Fear, A Geek is Here!

Offline kpoman

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #152 on: April 05, 2018, 06:41:08 pm »
Is there any way to force safesearch (google youtube etc...) if your DNS is on a Windows Server AD but your gateway pfSense is intercepting all http on a squid instance ?

Offline aGeekHere

  • Sr. Member
  • ****
  • Posts: 535
  • Karma: +46/-1
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #153 on: April 06, 2018, 01:38:45 am »
Is there any way to force safesearch (google youtube etc...) if your DNS is on a Windows Server AD but your gateway pfSense is intercepting all http on a squid instance ?

Read the DNS resolver part in the guide and see if you can use that method.
Never Fear, A Geek is Here!

Offline jopeme

  • Full Member
  • ***
  • Posts: 136
  • Karma: +1/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #154 on: April 06, 2018, 06:10:19 am »
I see a problem with this option and it is that many of my clients have problems to watch YouTube videos, when they search from Google, since it shows that they are restricted videos and that you have to register.

Click add under Host overrides
Host = www
Domain = youtube.com
IP =  216.239.38.120
Description = youtube
Save
NOTE: Safe search for youtube is not as advanced as google safe search, which results in a lot of safe content be filtered out.

Offline vielfede

  • Jr. Member
  • **
  • Posts: 94
  • Karma: +2/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #155 on: April 12, 2018, 05:53:32 am »
Hello,
Maybe I missed something, I read the entire topic, but I did not find any post about access url on different port then standard 80/443....
For example if you try to access the following site:

http://fatturazione.comieco.org:82/anagrafica.php

The proxy respond with an error message.
Loooking to the squid log I noticed that when I tried to connect to http://fatturazione.comieco.org:*82*/ squid tried to connect still to port 80...
To get it work, I inserted an exception  on wpad configuration, something like
Code: [Select]
        if (shExpMatch(url, "http://fatturazione.comieco.org:82/*"))
        { return "DIRECT"; }
That allows the client to go out straight through the FW on port 82.... and hence now it works...

Indeed I'd like a solution to allow "different ports" work without WPAD exceptions. Otherwise you have to insert an exception for every site not using std port.
I did not notice anyone pointing out this kind of issue... Can I be the only one with this kind of issue?
Thanks in advance.

Offline aGeekHere

  • Sr. Member
  • ****
  • Posts: 535
  • Karma: +46/-1
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #156 on: April 12, 2018, 07:55:20 pm »
I am not sure on this, if you use the transparent proxy then that only listens on port 80 and 443 for MITM.
Never Fear, A Geek is Here!

Offline vielfede

  • Jr. Member
  • **
  • Posts: 94
  • Karma: +2/-0
    • View Profile
Re: Guide to filtering web content (http and https) with pfsense 2.3
« Reply #157 on: April 13, 2018, 05:11:20 am »
Finally I found out the solution... (http and https)
https://forum.pfsense.org/index.php?topic=96782.0
« Last Edit: April 18, 2018, 02:36:12 am by vielfede »