English Forums > Web Proxy Filtering and Caching
ACL > Whitelist not not considered when using Remote ACL
t.mayer:
I have configured the OPNsense-Webproxy with shallalist as Remote ACL.
For some exceptions i always used the Whitelist under Access Control List > Whitelist.
When i try to open a domain blocked by shallalist-category but with a corresponding entry in the whitelist, the domain still will be blocked.
Version of OPNSense: 19.7.8
Forward-Proxy-Config:
- Interface: LAN
- Port: 3128 / SSL: 3129
- Transparent http-Proxy
- SSL inspection
- SNI only
Thanks for your help!
Greeds
Tom
t.mayer:
May I ask again if there is anybody with an idea?
Amr:
Weird works for me, try adding a wild card for the domain aka add a "." before domain name ex: .whatsapp.net and stopping and restarting the service.
Check the certificate of the domain for aliases and try adding them, check logs to see if the website is trying to reach another domain for grabbing code or something.
Since you are using sni logging only it shouldn't be a problem but try adding the domain in the no bump sites list.
t.mayer:
@Amr: Thanks for your answer.
The problem to me still exists.
I found out that it has to do something with the ssl/sni-only-settings.
Here is what i have tested:
* Remote-ACL: Shallalist with only one aktive category: socialnet
* URL for testing: instagram.comCase 1: No Entry in ACL-Whitelist
Setting Browser to use Proxy-Port 3128
> instagram.com can't be reached
> functioning as expected
Setting Browser to not use Proxy (Proxy now transparent via SSL/SNI only)
> instagram.com can't be reached
> functioning as expected
Case 2: Entry in ACL-Whitelist: instagram.com
Setting Browser to use Proxy-Port 3128
> instagram.com can be reached
> functioning as expected
Setting Browser to not use Proxy (Proxy now transparent via SSL/SNI only)
> instagram.com can't be reached
> BUG?
> instagram.com as entry in SSL no bump sites has also no effect on this
Hopefully my description is understandable.
Greeds
Tom
Amr:
From your description
--- Quote ---Setting Browser to not use Proxy (Proxy now transparent via SSL/SNI only)
> instagram.com can't be reached
--- End quote ---
I assume there's a problem with NAT port forwarding so did you set it up properly? (attach a pic of your rules)
If NAT is not the problem can you access other websites? (after setting 'no proxy' in browser)
If you can access other websites what kind of error does the proxy return?
Navigation
[0] Message Index
[#] Next page
Go to full version