Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 09 November 2024, 12:31:20 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14250 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Block Unmatched URLīs with non transparent proxy
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Block Unmatched URLīs with non transparent proxy  (Read 23489 times)
ogramajo
Jr. Member
*
Offline Offline

Posts: 2


« on: Monday 18 January 2016, 02:31:38 pm »

Hi Everyone, Iīm new in this forum, and first would like to thanks in advanced for all your help,

I donīt know hot to make Endian 3.05 beta1, with non transparent proxy and NTLM authentication, block unrated sites,

for example I would like to block the following sites wich have no category in c-icap:

hola.com
ktm.com
etc....

Again Thanks for your help.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Tuesday 19 January 2016, 03:12:09 am »

There are two ways.
1) Create a rule on HTTP proxy at first (Proxy->HTTP->Access Policy):
Position: First
Source: ANY
  Destination Type: Domain
   Domains (one per line): .hola.com , .ktm.com , 
Please note that you must add a dot at start of the domain. Also it's very important that you don't mix domains and subdomains. If you use .hola.com don't put either hola.com or vpn.hola.com or anything like that. It will break Squid and won't start (even if the GUI say so).
Access Policy: deny

2) Add a custom blacklist on Webfilter Profiles:
On Proxy->HTTP->Web Filter, Edit the web profile and search "Custom black- and whitelists" section. Add hola.com and ktm.com on the right side (Block the following sites). Here you don't need to add the dot at start.
Logged
ogramajo
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Tuesday 19 January 2016, 10:40:42 am »

There are two ways.
1) Create a rule on HTTP proxy at first (Proxy->HTTP->Access Policy):
Position: First
Source: ANY
  Destination Type: Domain
   Domains (one per line): .hola.com , .ktm.com , 
Please note that you must add a dot at start of the domain. Also it's very important that you don't mix domains and subdomains. If you use .hola.com don't put either hola.com or vpn.hola.com or anything like that. It will break Squid and won't start (even if the GUI say so).
Access Policy: deny

2) Add a custom blacklist on Webfilter Profiles:
On Proxy->HTTP->Web Filter, Edit the web profile and search "Custom black- and whitelists" section. Add hola.com and ktm.com on the right side (Block the following sites). Here you don't need to add the dot at start.


Thankīs for your help mrkroket,

the thing is that I donīt know all the domains i want to block,

what i want to do is to only allow domains that are within the allowed categories in the webfilter section, whatīs not working for me, is that the domains i mentioned before are not listed in any category on the webfilter and their are still allowed,

Sorry If  iīm not being clear enough, Again thanks for your help.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #3 on: Tuesday 19 January 2016, 01:28:25 pm »

What you need should work this way:
1-Create your webfilter profile. Only allow what you need, and block the rest.
2-Create a rule, Source: ALL, Dest: ALL, Access Policy: Allow, Filter: The one you created. Authentication: User/Group, depends on your NTLM settings
3-This is not necessary, but just in case. Create a second rule to deny ALL, on 2nd position.
4-Apply changes.

I must warn you that standard urlfilters on Endian Firewall are very basic, it doesn't catch a lot.
 If you need updated urlfilters you should check  for better filters and replace the ones in /var/signatures/urlfilter/blacklists.
What I did some time ago was to add many different urlfilters to endian.
For example, download new url filters from http://www.urlblacklist.com/  (only once for free!!), http://www.shallalist.de/ or others, and replace the files on blacklist. Don't delete, just replace or add new ones.

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com