Group-ACL in Webproxy with Plugin

Started by hbroich, May 15, 2018, 02:26:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 15, 2018, 02:26:18 PM Last Edit: May 15, 2018, 02:50:48 PM by hbroich
Hi, i will use the Plugin os-web-proxy-useracl for using ACL in Web-Proxy for different groups, but i allways get the following error when i will create a group
>> no authentication method selected <<  But where must i select the authentication method? Is there any howto for this plugin?

Or simple: What can i do to give an IP-Range in the Web-proxy a Blacklist and another IP-Range not
Kind Regards
Hartmut
May 15, 2018, 03:02:22 PM #1
Hi Hartmut,

The message is a bit shy on where to set this. You need to select an authentication method in the web proxy (Services: Web Proxy: Forward Proxy: Authentication Settings).


Cheers,
Franco
May 29, 2018, 07:38:50 AM #2
I think he just wants to set different blacklist-categories for different ip-ranges/networks without any authentication..
This is a feature which i am missing too.
I have many setups where different networks need different blacklist categories.
In pfsense it is really simple with the groups-acl in squidguard.
Is it also possible with the built-in squid-blacklist-feature?

Thanks!
June 11, 2018, 07:07:37 PM #3
Hello Guys,
I believe HBROICH is trying to set different blacklists (or filters) for different groups of users (Which is possible using squidguard on that other firewall). This is something I am chasing as well.
Squidguard has an "LDAP search" option which check if the user is part (or not) of a certain usergroup.
Based on that, it applies the blacklist (or not), blocking the URL.

Question for Franco:
Do you intend to add some Content-Filter (like E2guardian/Squidguard,...) to OPNSENSE? I know OPNSense is using pure Squid with ACL, but you know it's missing some cool features because of that.

I am working to add E2Guardian to my OPNSENSE build. I will miss the PHP GUI at last.

Regards
Fabricio.
June 11, 2018, 08:18:44 PM #4
Quote from: Fabricio on June 11, 2018, 07:07:37 PM
I am working to add E2Guardian to my OPNSENSE build. I will miss the PHP GUI at last.
You could also patch your squid configuration. ACLs in squid are powerful and it is only the GUI which does not support everything. If you want to add a GUI, you can also extend the features of the web interface for squid.
June 11, 2018, 09:12:25 PM #5
Hi Fabian,
Sure. I am aware Squid has some great capabilities for ACL, but my only concern would be the size of the Blacklist loaded to memory. E2guardian and squidguard, for example, use a small database to enumerate the blacklist, making it reusable for different ACLs. Squid would have to load the blacklist file (sometimes several times) in memory to handle different ACLs. That may be a serious problem. (performance and memory usage)
Any thoughts?

Regards
Fabricio.
June 11, 2018, 09:15:14 PM #6
in time, I wrote something about the same subject some time ago:

here--> https://forum.opnsense.org/index.php?topic=7573.0
November 29, 2019, 06:49:11 PM #7
Hi,

is there any update on this? I plan to move from pfsense to opnsense because of many other improvements over pfsense.

What I'd like to do is to have different content filter configurations based on device/IP. Everyone should have a malware filter, my kids should have additional filters etc.

Is it possible to configure something like this?

Thanks in advance!
December 24, 2019, 12:24:35 AM #8 Last Edit: January 07, 2020, 03:55:34 PM by juliocbc
Hi,

Maybe this will fit your needs:

https://wiki.cloudfence.com.br/english/untitled

Cheers!
Cloudfence Open Source Team
Print
Go Up Pages1
User actions