OPNsense Forum
English Forums => General Discussion => Topic started by: sfn on October 26, 2015, 04:58:17 pm
-
Hello,
I just installed new version of OPNsense 15.7.11-amd64 -OpenSSL 1.0.2d 9 Jul 2015 and i am using multiwan (load balancing) very well but i couldn't success for blocking url categories,regular expressions and file extensions (exe,mp3,mp4)etc ...
I wrote Blacklist box \.zip$ this one for example and for Block specific MIME type reply video/flv i wrote like that but its not blocking
(http://u16i.imgup.net/ScreenShotcb01.png)
(https://openmerchantaccount.com/img/Screen Shot 2015-10-26 at 18.56.55.png)
Maybe i have some mistakes for configuration can anyone help me this subject ?
Thank you,
-
Hi,
I can't see the screenshots.. but I think the issue could be that you try it with https sites?
I have tried it with \.jpg$ and requested a http page with .jpg content, it was blocked just as expected..
In other words you can limit access to a domain even if its https, but an ssl request is send trough an encrypted tunnel so you can't block access unless you decrypt the traffic first (man in the middle).
While the latter is possible with squid, its not configurable in the GUI at the moment, the option is called ssl_bump.
Let me know if this makes sense in your case or not.
Best regards,
Jos
-
Hello,
Actually i did not try with SSL webpages. I tried with http web pages ?
Note : i am using dual wan maybe not supported at the sametime squid
-
Can you make a simple setup with blocking .jpg for instance with \.jpg$ and then test again?
And if that does not work then point me to the webpage you use for testing, otherwise I have nothing to go on.
I don't think multi-wan has anything to do with this as your request goes to the proxy first, unless you use transparant mode and not all requests go to the proxy.