Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Website blacklist
« previous
next »
Print
Pages: [
1
]
Author
Topic: Website blacklist (Read 9551 times)
fox983
Newbie
Posts: 47
Karma: 1
Website blacklist
«
on:
September 28, 2015, 06:11:46 pm »
Hello, in regard of proxy (transparent mode), it should block navigation if I set in blacklist a specific website. In fact it blocks only HTTP, not HTTPS. How can I set it right?
PS: Is it possible without proxy?
Thank you
Logged
Supermule
Full Member
Posts: 235
Karma: 15
Re: Website blacklist
«
Reply #1 on:
September 28, 2015, 06:27:46 pm »
You cant block HTTPS since its a secure connection.
Logged
fox983
Newbie
Posts: 47
Karma: 1
Re: Website blacklist
«
Reply #2 on:
September 29, 2015, 09:30:45 am »
Reply by myself, Domain Overrides trought DNS Forworder could be the solution. It can be useful to someone.....?
Logged
franco
Administrator
Hero Member
Posts: 17672
Karma: 1612
Re: Website blacklist
«
Reply #3 on:
September 30, 2015, 08:18:40 am »
MITM support for the proxy isn't built in, although squid is a capable. You can configure it manually. I have no ETA on when this will be available in the GUI.
Logged
juha
Newbie
Posts: 1
Karma: 0
Re: Website blacklist
«
Reply #4 on:
September 30, 2015, 11:51:38 am »
Quote from: fox983 on September 28, 2015, 06:11:46 pm
PS: Is it possible without proxy?
This seems to work ...
Firewall -> Aliases -> Add new alias
Name: facebook
Description: facebook
Type: Host(s)
Host(s):
www.facebook.com
-> Save
Firewall -> Rules -> LAN -> add new rule
Action: Reject
Protocol: TCP
Destination: facebook
Description: Block facebook
-> Save
Logged
fox983
Newbie
Posts: 47
Karma: 1
Re: Website blacklist
«
Reply #5 on:
October 01, 2015, 12:46:20 pm »
Thank you all, which one is better to set, mine (Domanin Overrides) or juha's (Firewall Alias)?
Logged
Zeitkind
Full Member
Posts: 180
Karma: 27
Re: Website blacklist
«
Reply #6 on:
October 02, 2015, 01:18:32 am »
I normally prefer using squid. Something like:
acl donotsurfatwork dstdomain .facebook.com (and .ebay.com .twitter.com etc. pp.)
http_access deny CONNECT donotsurfatwork
http_reply_access deny donotsurfatwork
But I have no idea if this works on OPNsense right now..
Still hoping to see support for compressed acl-lists ^^
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Website blacklist