Webproxy per Interface or Host

[moe]

Hi,
i currently try to establish another layer of security by webproxy filtering.
But on my opnsense installation i have diverend usecases which sites are allowed or not.

Especually my Linux-Servers should get access to *.debian.org, the windows-server should get access to *.microsoft.com

But i didn't found any way to make rules per host or subnet or interface.

Can anybody give me a short advices how to realize that use-case?

I don't want to have an outbound "any" connection from my servers... they should only receiver their repos. And as Benefit a could enable the caching functionality.

thanks for your help!

[moe]

Try to make a custom.conf in the pre-auth folder, but it seems that the wildcard didn't work.

If i use .debian.org i only can access www.debian.org and not more. Whats wrong there?

Also i can't get the UT1 Rules up and Running, looks really buggy (update script).

Code: [Select]

#acls
acl repository dstdomain debian.org

## debian server ##
acl debian src 172.31.152.1


http_access allow debian repository
http_access deny debian all
Thanks for help