pfSense Gold Subscription

Author Topic: How to Block HTTPS web sites  (Read 4438 times)

0 Members and 1 Guest are viewing this topic.

Offline himanshu dua

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
How to Block HTTPS web sites
« on: June 09, 2016, 05:29:09 am »
Hello,

thanks in advance.

I have Configured Squid guard (transparent Proxy) after reading this forum"https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense


My aim is to block some web sites like Facebook, Torrent, Youtube and some downloading.  i Have configured Squid Guard  and i am able to  block some web sites but it could not stop downloading.
and when i configure SSL man in middle then its blocked all https websites by default even google for some user i really dont know why its happening.

Kindly tell and suggest me if am missing something while configuration....


Offline bobgoblin

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-2
    • View Profile
Re: How to Block HTTPS web sites
« Reply #1 on: June 19, 2016, 01:34:06 pm »
Are you doing this in a windows environment. Are you users connected to a Active directory system. if so just block the sites from your AD and it will push down as a group policy to your users.

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2889
  • Karma: +29/-1
    • View Profile
Re: How to Block HTTPS web sites
« Reply #2 on: June 19, 2016, 04:20:52 pm »
Hello,

thanks in advance.

I have Configured Squid guard (transparent Proxy) after reading this forum"https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense


My aim is to block some web sites like Facebook, Torrent, Youtube and some downloading.  i Have configured Squid Guard  and i am able to  block some web sites but it could not stop downloading.
and when i configure SSL man in middle then its blocked all https websites by default even google for some user i really dont know why its happening.

Kindly tell and suggest me if am missing something while configuration....


Post screenshot of squidguard with EXPANDED "TARGET CATEGORIES":
- COMMON ACL
- GROUP ACL


Please post a screenshot of squid "GENERAL"


Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: How to Block HTTPS web sites
« Reply #3 on: September 16, 2016, 07:38:17 pm »
Currently the e2guardian package is not available in the pfsense ports but you can install from the freebsd ports.

The SSL MITM support is off but they fixed the SSL Bump feature in the current version.  You can install it with a manual procedure that can be found in the e2guardian bounty thread near its final pages.
https://forum.pfsense.org/index.php?topic=87526.msg638124#msg638124

Keep reading the thread as there are some fixes to the procedure.

Also should see this on how to filter HTTPS without MITM:
https://github.com/e2guardian/e2guardian/issues/76
« Last Edit: September 16, 2016, 07:47:34 pm by jetberrocal »

Offline pfsensation

  • Full Member
  • ***
  • Posts: 213
  • Karma: +3/-0
    • View Profile
Re: How to Block HTTPS web sites
« Reply #4 on: February 22, 2017, 04:13:22 pm »
Currently the e2guardian package is not available in the pfsense ports but you can install from the freebsd ports.

The SSL MITM support is off but they fixed the SSL Bump feature in the current version.  You can install it with a manual procedure that can be found in the e2guardian bounty thread near its final pages.
https://forum.pfsense.org/index.php?topic=87526.msg638124#msg638124

Keep reading the thread as there are some fixes to the procedure.

Also should see this on how to filter HTTPS without MITM:
https://github.com/e2guardian/e2guardian/issues/76

Are you currently using E2 Guardian? What's your thoughts? Is it good enough to use for home or is it too buggy? It seems it's left kinda half baked, and it never really got finished. Which really is a shame, although I haven't tried it yet, from the description on its site...It seems like it would've been perfect for me (in a home environment).

Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: How to Block HTTPS web sites
« Reply #5 on: February 23, 2017, 01:41:06 pm »
The e2g in  the freebsd ports is not the last version but is good enough.  They fixed the https filtering in two ways.  You can filter using ssl bump or with mitm.
Personally I prefer mitm because is easier to use but ssl bump works nicely.


Offline jetberrocal

  • Full Member
  • ***
  • Posts: 258
  • Karma: +7/-0
    • View Profile
Re: How to Block HTTPS web sites
« Reply #6 on: February 23, 2017, 06:20:00 pm »
I have to tell you that for transparent proxy you have to set e2g with no mitm.  I dont remember if squidguard can do transparent with mitm, but you do not need mitm with squidguard because it only uses blacklist/whitelist mode it does not have to read the page content.

By the way transparent mode does not authenticate users so every user have to play on the same rules.  On e2guardian you can "authenticate" by IP so you can have the users to play with different rules by computer and using ssl dump can filter/block https pages the same as squidguard.
« Last Edit: February 23, 2017, 06:26:10 pm by jetberrocal »

Offline pfsensation

  • Full Member
  • ***
  • Posts: 213
  • Karma: +3/-0
    • View Profile
Re: How to Block HTTPS web sites
« Reply #7 on: February 24, 2017, 08:37:40 am »
The e2g in  the freebsd ports is not the last version but is good enough.  They fixed the https filtering in two ways.  You can filter using ssl bump or with mitm.
Personally I prefer mitm because is easier to use but ssl bump works nicely.

Thanks a lot for your reply. I'd also want to do MITM if possible, I do have a captive portal on my network and all users are told to install the CA certificate so most errors should be avoided. Since E2 Guardian is now getting a few updates looking at their website...I will give it a shot for sure.

« Last Edit: February 24, 2017, 08:42:46 am by pfsensation »