Website blacklist

[fox983]

Hello, in regard of proxy (transparent mode), it should block navigation if I set in blacklist a specific website. In fact it blocks only HTTP, not HTTPS. How can I set it right?
PS: Is it possible without proxy?
Thank you

[Supermule]

You cant block HTTPS since its a secure connection.

[fox983]

Reply by myself, Domain Overrides trought DNS Forworder could be the solution. It can be useful to someone.....?

[franco]

MITM support for the proxy isn't built in, although squid is a capable. You can configure it manually. I have no ETA on when this will be available in the GUI.

[juha]

PS: Is it possible without proxy?

This seems to work ...

Firewall -> Aliases -> Add new alias

Name: facebook
Description: facebook
Type: Host(s)
Host(s): www.facebook.com

-> Save

Firewall -> Rules -> LAN -> add new rule

Action: Reject
Protocol: TCP
Destination: facebook
Description: Block facebook

-> Save

[fox983]

Thank you all, which one is better to set, mine (Domanin Overrides) or juha's (Firewall Alias)?

[Zeitkind]

I normally prefer using squid. Something like:

acl donotsurfatwork dstdomain .facebook.com (and .ebay.com .twitter.com etc. pp.)
http_access deny CONNECT donotsurfatwork
http_reply_access deny donotsurfatwork

But I have no idea if this works on OPNsense right now..
Still hoping to see support for compressed acl-lists ^^