Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
pfsense Squidguard Group ACL equivalent in opnsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: pfsense Squidguard Group ACL equivalent in opnsense (Read 9862 times)
jp26198926
Newbie
Posts: 3
Karma: 0
pfsense Squidguard Group ACL equivalent in opnsense
«
on:
March 13, 2018, 07:55:34 am »
Hi Sir,
I still bit confused of the web proxy, in remote list i downloaded already the shallalist.
may i know what is the opnsense setup equivalent to pfsense squidguard group acl?
i am just trying to filter some intranet group in web using shalla's categories.
Thanks,
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: pfsense Squidguard Group ACL equivalent in opnsense
«
Reply #1 on:
March 14, 2018, 06:28:03 pm »
You can try the web-proxy-useracl plugin and see if it works for your use case.
Cheers,
Franco
Logged
pclemot
Newbie
Posts: 1
Karma: 0
Re: pfsense Squidguard Group ACL equivalent in opnsense
«
Reply #2 on:
April 05, 2018, 05:25:50 pm »
Hi Franco,
Like jp26198926, I'd like to setup ACLs to subnet-defined groups and attribute them target categories based on domains, URLs or regex,
as pfSense does. I tried the web-proxy-useracl plugin, but it's only based on users or groups, and forces the use of authentication.
Would it be feasible to add such a feature to OPNsense?
Thanks,
Pascal
Logged
Fabricio
Newbie
Posts: 14
Karma: 2
Re: pfsense Squidguard Group ACL equivalent in opnsense
«
Reply #3 on:
April 21, 2018, 02:48:56 am »
Hello Gentlemen,
I´ve been thinking about it... I am also working and looking on something like this.
I was wondering if the "web-proxy-useracl" plugin could be modified in order to match the Blacklists File/name.
Check pictures attached, please.
It would go like this:
1- You create groups on Active Directory (AD).
2- You capture the AD groups on OPNSense (Menu System-->Access-->Users/groups)
3- You download your preferred Blacklist file and give it a "Name"
4- From the "Proxy Menu --> Administration --> Forward Proxy --> Authentication Settings" you choose AD Authentication.
5- From the "Proxy Menu --> Groups and Users " where is "Name", you should input the "AD group" you want to match the Blacklist. Where is "DOMAINS" you should add the Blacklist Name you previously configured on step 3.
That way, you will have, not only the same squidguard ACL-GROUPS functionalities, but something Absolutelly better, since on squidguard you have to deal with ldap-search lines that are pretty confusing and here it would be all "Web/Icons/Objects based"
Additionally, (just a suggestion) it would be great to add an extra field to the "Authentication menu" with a "CUSTOM AUTHENTICATION" so we can add whatever authentication we want like the Winbind SSO/Kerberos/WMI, etc.
Since we would be working with "existing variables", how hard would it be to make such changes?
There is one thing I don't know: Since opnsense doesn't use squidguard, I am wondering the compatible commands on it, like we have on squidguard (ldapsearch) to match "groups and users" to Blacklists.
(What product opnsense is using to replace squidguard by the way?)
I am not good with php/mvc , so I can help with Money/UAT/Test support.
Gentlemen, OPNsense is already an absolutelly wonderful product, but that would raise it to a new level, since you only see features like this on "expensive & commercial" products like BlueCoat/Cisco/Fortinet etc.
Please let me know if someone would be interested. I am on the boat. :-)
Fabricio.
Logged
allexBR
Newbie
Posts: 2
Karma: 0
Re: pfsense Squidguard Group ACL equivalent in opnsense
«
Reply #4 on:
July 16, 2021, 08:18:30 pm »
Quote from: franco on March 14, 2018, 06:28:03 pm
You can try the web-proxy-useracl plugin and see if it works for your use case.
Cheers,
Franco
Hi Franco,
I'm using web-proxy-useracl plugin and would like to know if anyone managed to solve the following problem...
In squid.conf, the ACL remote blacklists are evaluated before the "Auth plugins" include, which has the custom whitelists:
https://github.com/opnsense/plugins/issues/1111
Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
pfsense Squidguard Group ACL equivalent in opnsense