OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: hbroich on May 15, 2018, 02:26:18 pm
-
Hi, i will use the Plugin os-web-proxy-useracl for using ACL in Web-Proxy for different groups, but i allways get the following error when i will create a group
>> no authentication method selected << But where must i select the authentication method? Is there any howto for this plugin?
Or simple: What can i do to give an IP-Range in the Web-proxy a Blacklist and another IP-Range not
Kind Regards
Hartmut
-
Hi Hartmut,
The message is a bit shy on where to set this. You need to select an authentication method in the web proxy (Services: Web Proxy: Forward Proxy: Authentication Settings).
Cheers,
Franco
-
I think he just wants to set different blacklist-categories for different ip-ranges/networks without any authentication..
This is a feature which i am missing too.
I have many setups where different networks need different blacklist categories.
In pfsense it is really simple with the groups-acl in squidguard.
Is it also possible with the built-in squid-blacklist-feature?
Thanks!
-
Hello Guys,
I believe HBROICH is trying to set different blacklists (or filters) for different groups of users (Which is possible using squidguard on that other firewall). This is something I am chasing as well.
Squidguard has an "LDAP search" option which check if the user is part (or not) of a certain usergroup.
Based on that, it applies the blacklist (or not), blocking the URL.
Question for Franco:
Do you intend to add some Content-Filter (like E2guardian/Squidguard,...) to OPNSENSE? I know OPNSense is using pure Squid with ACL, but you know it's missing some cool features because of that.
I am working to add E2Guardian to my OPNSENSE build. I will miss the PHP GUI at last.
Regards
Fabricio.
-
I am working to add E2Guardian to my OPNSENSE build. I will miss the PHP GUI at last.
You could also patch your squid configuration. ACLs in squid are powerful and it is only the GUI which does not support everything. If you want to add a GUI, you can also extend the features of the web interface for squid.
-
Hi Fabian,
Sure. I am aware Squid has some great capabilities for ACL, but my only concern would be the size of the Blacklist loaded to memory. E2guardian and squidguard, for example, use a small database to enumerate the blacklist, making it reusable for different ACLs. Squid would have to load the blacklist file (sometimes several times) in memory to handle different ACLs. That may be a serious problem. (performance and memory usage)
Any thoughts?
Regards
Fabricio.
-
in time, I wrote something about the same subject some time ago:
here--> https://forum.opnsense.org/index.php?topic=7573.0
-
Hi,
is there any update on this? I plan to move from pfsense to opnsense because of many other improvements over pfsense.
What I'd like to do is to have different content filter configurations based on device/IP. Everyone should have a malware filter, my kids should have additional filters etc.
Is it possible to configure something like this?
Thanks in advance!
-
Hi,
Maybe this will fit your needs:
https://wiki.cloudfence.com.br/english/untitled
Cheers!