Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Extending the whitelisting in proxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Extending the whitelisting in proxy (Read 7444 times)
hedberg
Newbie
Posts: 17
Karma: 3
Extending the whitelisting in proxy
«
on:
August 07, 2016, 07:50:30 pm »
Have you considered making the proxy's blacklist function more flexible, so one could "turn it on it's head" and forbid everything except categories that was checked/allowed - a whitelist.
EDIT: A shame that the whitetrash project (
http://whitetrash.sourceforge.net
) is abandoned. Looks interesting.
«
Last Edit: August 07, 2016, 09:02:46 pm by hedberg
»
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Extending the whitelisting in proxy
«
Reply #1 on:
August 08, 2016, 08:04:13 am »
Hi hedberg,
Certainly something that could be done, but I have no ETA for the time being. We're collecting ideas for the 17.1 roadmap at the moment and will take a bit of time to decide on a viable bundle.
One caveat: I remember that whitelisting is tricky to get right with e.g. ad sites being required to load other web pages at all. It may take more administrative effort than simple category on/off to get it just right.
Cheers,
Franco
Logged
hedberg
Newbie
Posts: 17
Karma: 3
Re: Extending the whitelisting in proxy
«
Reply #2 on:
August 09, 2016, 10:40:32 pm »
I used it a lot before changing to OPNsense. As a minimum I always used it for all my isolated zones where eg. a server only had reason to talt a a limited amount of domains for e.g. updates and no other reason to initiate traffic to the internet.
I always try to lock things down as much as possible and prefer whitelists to blacklists. Thanks for not dismissing it - I am crossing my fingers
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Extending the whitelisting in proxy
«
Reply #3 on:
August 10, 2016, 11:18:59 am »
In this case you can use an host alias and firewall rules instead of the proxy.
Logged
hedberg
Newbie
Posts: 17
Karma: 3
Re: Extending the whitelisting in proxy
«
Reply #4 on:
August 10, 2016, 10:50:42 pm »
It is a good suggestion, but to my undestanding it wont work.
I often find that I need to specify wildcards to the domain name and this function need to know the fully qualified domain name.
One example is windows updates. Ín order to get either that or WSUS to work you need to provide access to something like *.update.microsoft.com plus a couple of other domains because the host name is changed constantly.
«
Last Edit: August 10, 2016, 10:55:51 pm by hedberg
»
Logged
Feldunost
Newbie
Posts: 11
Karma: 1
Re: Extending the whitelisting in proxy
«
Reply #5 on:
December 02, 2016, 05:28:45 pm »
I am actually looking for this solution as well since i want:
- To block everything for some computers and only allows updates links in whitelist.
- To block everything and only allows a bigger whitelisted links added manually.
- Allows everything for specific IPs.
Which means having several whitelists and being able to block everything for specific computers / servers.
Dunno if it's actually possible ... ?
Edit:
I tried to add "*.*" and "*" on the blacklist whitout effect.
I wish to block everything and only accept whitelisted domains or links.
«
Last Edit: December 08, 2016, 05:37:13 pm by Feldunost
»
Logged
Feldunost
Newbie
Posts: 11
Karma: 1
Re: Extending the whitelisting in proxy
«
Reply #6 on:
December 20, 2016, 10:52:56 am »
Hello,
Found out, it seems working with the following value:
^.
This should block every addresses and domains unless you allowed specifically the domain or ip access in "unrestricted ip addresses" or in "whitelist".
Thanks.
«
Last Edit: January 03, 2017, 11:24:17 am by Feldunost
»
Logged
Feldunost
Newbie
Posts: 11
Karma: 1
Re: Extending the whitelisting in proxy
«
Reply #7 on:
January 03, 2017, 11:26:07 am »
Updated previous post with possible solution, could be marked as solved i think.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Extending the whitelisting in proxy