Website blacklist

fox983 · September 28, 2015, 06:11:46 PM

Hello, in regard of proxy (transparent mode), it should block navigation if I set in blacklist a specific website. In fact it blocks only HTTP, not HTTPS. How can I set it right?
PS: Is it possible without proxy?
Thank you

Supermule · September 28, 2015, 06:27:46 PM

You cant block HTTPS since its a secure connection.

fox983 · September 29, 2015, 09:30:45 AM

Reply by myself, Domain Overrides trought DNS Forworder could be the solution. It can be useful to someone.....?

franco · September 30, 2015, 08:18:40 AM

MITM support for the proxy isn't built in, although squid is a capable. You can configure it manually. I have no ETA on when this will be available in the GUI.

juha · September 30, 2015, 11:51:38 AM

Quote from: fox983 on September 28, 2015, 06:11:46 PM
PS: Is it possible without proxy?

This seems to work ...

Firewall -> Aliases -> Add new alias

Name: facebook
Description: facebook
Type: Host(s)
Host(s): www.facebook.com

-> Save

Firewall -> Rules -> LAN -> add new rule

Action: Reject
Protocol: TCP
Destination: facebook
Description: Block facebook

-> Save

fox983 · October 01, 2015, 12:46:20 PM

Thank you all, which one is better to set, mine (Domanin Overrides) or juha's (Firewall Alias)?

Zeitkind · October 02, 2015, 01:18:32 AM

I normally prefer using squid. Something like:

acl donotsurfatwork dstdomain .facebook.com (and .ebay.com .twitter.com etc. pp.)
http_access deny CONNECT donotsurfatwork
http_reply_access deny donotsurfatwork

But I have no idea if this works on OPNsense right now..
Still hoping to see support for compressed acl-lists ^^

Website blacklist

fox983

September 28, 2015, 06:11:46 PM

Supermule

September 28, 2015, 06:27:46 PM #1

fox983

September 29, 2015, 09:30:45 AM #2

franco

September 30, 2015, 08:18:40 AM #3

juha

September 30, 2015, 11:51:38 AM #4

fox983

October 01, 2015, 12:46:20 PM #5

Zeitkind

October 02, 2015, 01:18:32 AM #6