Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Web Proxy SSL Bump External Dynamic Lists URL Categories
« previous
next »
Print
Pages: [
1
]
Author
Topic: Web Proxy SSL Bump External Dynamic Lists URL Categories (Read 2067 times)
wired2network
Newbie
Posts: 9
Karma: 1
Web Proxy SSL Bump External Dynamic Lists URL Categories
«
on:
September 10, 2023, 06:33:49 pm »
I want to set up the HTTPS transparent inspection for my TLS traffic, but I want to be able to have a bump list (URL Category based) to bypass specific categories for all users' traffic being inspected. Based on the OPNsense documentation, using something like the UT1 category for blacklisting, I am trying to figure out if there is a way to use a system like this to be able to bypass specific categories such as financial URLs and not to have it used as a blacklist? If this is not possible within the Web Proxy, can an ALIAS URL list be created and used to divert traffic from the Block HTTPS Bypass rule using the UT1 Categories list?
Logged
isqnd
Newbie
Posts: 1
Karma: 0
Re: Web Proxy SSL Bump External Dynamic Lists URL Categories
«
Reply #1 on:
September 28, 2023, 07:52:10 am »
Did you find a solution to this??
We are looking at using OpnSense as well, but I can't find a manageable way to bypass SSL inspection for groups of sites. On Sophos and Fortigate firewalls we simply bypass SSL inspection for banking, financial, and government categories as a minimum for 2 main reason.
1. SSL inspection on these sites really is invading privacy I feel.
2. SSL inspection often breaks these types of sites as they usually try and detect man in the middle attacks.
Logged
wired2network
Newbie
Posts: 9
Karma: 1
Re: Web Proxy SSL Bump External Dynamic Lists URL Categories
«
Reply #2 on:
October 18, 2023, 02:48:43 am »
isqnd
I did not find a solution. I believe at this point is to script it yourself and offer it up to the OPNsense team for implementation, however their will still be an issue of having a repository of categorized URLs to apply to this, which I haven't found a less costly method as of yet. I know Zenarmor has some of this capability built into their plugin but having spoken with some of their team, they only have it available for their business version.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Web Proxy SSL Bump External Dynamic Lists URL Categories