Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Create ACL like the classic way using opnsense gui
« previous
next »
Print
Pages: [
1
]
Author
Topic: Create ACL like the classic way using opnsense gui (Read 5255 times)
none
Jr. Member
Posts: 51
Karma: 2
Create ACL like the classic way using opnsense gui
«
on:
June 08, 2020, 03:38:16 am »
Hi all,
I am setting up a opnsense firewall with squid and LDAP(MS AD) auth. No need to be transparent.
I set a remote blacklist and now I want to use AD users and groups to tell who can and can't use that site. I can't find how on the webui, all I found was this thread:
Code:
[Select]
https://forum.opnsense.org/index.php?topic=16171.0
.
Is there any other way to solve this? Cause if not I will start editing my custom extra configs to send there. As I need to be user and group (from AD) aware, I assume it must be on post-auth dir.
Thanks,
none
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Create ACL like the classic way using opnsense gui
«
Reply #1 on:
June 08, 2020, 08:24:09 am »
I think there is a useracl plugin for that.
Logged
none
Jr. Member
Posts: 51
Karma: 2
Re: Create ACL like the classic way using opnsense gui
«
Reply #2 on:
June 09, 2020, 02:07:53 am »
Hi fabian, thanks for the reply. I think you mean:
Services: Web Proxy: Groups and Users
os-web-proxy-useracl (installed) 1.1_1 38.5KiB Group and user ACL for the web proxy
It doesn't remind me of the old acl lines as there were in the thread link I wrote. My main concerns are be able to write them and to maintain it between upgrades.
thanks,
none
Logged
samnet
Jr. Member
Posts: 61
Karma: 2
Re: Create ACL like the classic way using opnsense gui
«
Reply #3 on:
August 09, 2020, 04:41:42 pm »
dear all
this is very important feature, just wondering if this is actually supported or not
we have AD groups defined, can we apply ACL based on each group??
for example: secretaries group defined in AD cannot access Social Net webs
IT Dept group defined in AD can see all
Admins dept group defined in AD cannot see porns
Accounts dept group defined in AD cannot see games and porns
things of this nature I recall existed in pfsense so I think its doable in Opnsense.
Logged
----------------------------
Breeding Open Source
M0n0wall -> PfSense -> OpnSense -> Make lots of sense
samnet
Jr. Member
Posts: 61
Karma: 2
Re: Create ACL like the classic way using opnsense gui
«
Reply #4 on:
August 11, 2020, 09:12:16 pm »
any ideas pls?
Logged
----------------------------
Breeding Open Source
M0n0wall -> PfSense -> OpnSense -> Make lots of sense
Amr
Jr. Member
Posts: 78
Karma: 4
Re: Create ACL like the classic way using opnsense gui
«
Reply #5 on:
August 17, 2020, 02:17:09 pm »
To achieve what you guys want, you'd need to do the following:
1- add your AD\LDAP as authentication method in the firewall (that would be in system->Access->Servers).
2-set the authentication method in proxy setting (Administration->Forward Proxy->Authentication Settings)
3-Download the os-web-proxy-useracl plugin (you can access it in the proxy menu under logs)
4-You can create the group names (accounting,marketing,...etc) in the GUI then manually editing and the ACL as per my guide
https://forum.opnsense.org/index.php?topic=16171.0
Logged
Disclaimer: All advice presented is "AS IS", no warranties.
I'm not part of the opnsense team, just trying to help.
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Create ACL like the classic way using opnsense gui
