Proxy Server Configuration

Started by sfn, October 26, 2015, 04:58:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 26, 2015, 04:58:17 PM Last Edit: October 26, 2015, 05:06:42 PM by sfn
Hello,

I just installed new version of OPNsense 15.7.11-amd64 -OpenSSL 1.0.2d 9 Jul 2015 and i am using multiwan (load balancing) very well but i couldn't success for blocking url categories,regular expressions and file extensions (exe,mp3,mp4)etc ...

I wrote Blacklist box \.zip$ this one for example and for  Block specific MIME type reply video/flv i wrote like that but its not blocking



Maybe i have some mistakes for configuration can anyone help me this subject  ?

Thank you,
October 30, 2015, 04:40:45 PM #1
Hi,

I can't see the screenshots.. but I think the issue could be that you try it with https sites?
I have tried it with \.jpg$ and requested a http page with .jpg content, it was blocked just as expected..

In other words you can limit access to a domain even if its https, but an ssl request is send trough an encrypted tunnel so you can't block access unless you decrypt the traffic first (man in the middle).

While the latter is possible with squid, its not configurable in the GUI at the moment, the option is called ssl_bump.

Let me know if this makes sense in your case or not.

Best regards,

Jos
November 19, 2015, 07:00:22 AM #2 Last Edit: November 19, 2015, 07:09:50 AM by sfn
Hello,

Actually i did not try with SSL webpages. I tried with http web pages ?

Note : i am using dual wan maybe not supported at the sametime squid
November 19, 2015, 07:51:10 AM #3
Can you make a simple setup with blocking .jpg for instance with \.jpg$ and then test again?
And if that does not work then point me to the webpage you use for testing, otherwise I have nothing to go on.

I don't think multi-wan has anything to do with this as your request goes to the proxy first, unless you use transparant mode and not all requests go to the proxy.
Print
Go Up Pages1
User actions