English Forums > Tutorials and FAQs

Setup Web Filtering

(1/1)

baqwas:
Hello,

I dutifully followed the steps on Setup Web Filtering with the notes from https://docs.opnsense.org/manual/how-tos/proxywebfilter.html. Except for two minor/inconsequential sentences (perhaps relating to version upgrade at my end), I was able to emulate all the steps as follows (apologies for the long cut and paste):

Disable Authentication
    • Navigate through Services → Web Proxy → Administration
    • Click Forward Proxy tab
N.B. No selection for Authentication Settings
    • Click Clear All
    • Click Apply
Configure Blacklist
    • Click Remote Access Control Lists tab
    • Click + button (on lower right of pane)
    • Enter following fields:
        ◦ Filename:
        ◦ URL:    ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
        ◦ Description:
    • Click Save changes button
Download Categories
    • Click Download ACLs
Setup Categories
    • Click pencil icon button
    • In Edit blacklist window, under categories (if available), click Clear All
    • On confirmation modal window to Deselect or remove all items, click Yes
    • In same field, click drop down list and multi-select:
        ◦ adult
        ◦ publicite (for advertisements)
    • Click Save
    • On Administration page, click Download ACLs (again)
Enable Proxy
    • On Administration page, click General Proxy Settings tab
    • Check Enable proxy
    • Click Apply button
    • Wait for play button on top right corner of page to turn green
Disable Proxy Bypass
    • Navigate through Firewall → Rules → LAN
    • Click + Add button on top right corner
    • Add the following set to the list:
        ◦ Action: Block
        ◦ Interface: LAN
        ◦ Protocol: TCP/UDP
        ◦ Source: LAN net
        ◦ Destination Port Range: HTTP
        ◦ Category: Block Proxy Bypass
        ◦ Description: Block HTTP bypass
    • Click Save button
    • Add similar rule for HTTPS:
        ◦ Action: Block
        ◦ Interface: LAN
        ◦ Protocol: TCP/UDP
        ◦ Source: LAN net
        ◦ Destination Port Range: HTTPS
        ◦ Category: Block Proxy Bypass
        ◦ Description: Block HTTPS bypass
    • Click Save button
    • Reorder the two rules to the top of the list, if necessary by:
        ◦ selecting the record to move and clicking the arrow button of the record above which the move is to occur
    • Click Apply changes button

The resulting summary is attached as an image of the page which corresponds very closely to the published example in the official documentation.

Unfortunately, the browser is no longer able to navigate to the Internet. I am not quite clear how the Web proxy automatically takes over the tasks since I did not understand the linkage between the Web Proxy enablement and the Category declarations in the Rules. Perhaps, I missed making the connection between the two and only the Rules are in play? Once again, I need some basic guidance please (disabling the two rules enables the browser access to the Internet so obviously my Web Proxy setting is not being used). Thanks again for your guidance.

Kind regards.

Versions
    OPNsense 20.1.8-amd64
        FreeBSD 11.2-RELEASE-p20-HBSD
        OpenSSL 1.1.1g 21 Apr 2020

nikkon:
hi,
just did the same setup as you.
have you also created the nat rules?
go to web proxy-> administration -> forward proxy
on Enable Transparent HTTP proxy & Enable SSL inspection click on add new rule link.

franciscopj1:
Hello, what's the settings for Transparent HTTP proxy & SSL inspection rule?

bqsilva:
Did you find any solution for this problem?

Navigation

[0] Message Index

Go to full version