EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: davvidde on Saturday 19 June 2010, 12:46:51 am



Title: EFW2.4 HTTP proxy configuration
Post by: davvidde on Saturday 19 June 2010, 12:46:51 am
Hello everyone,

I'd like to receive your opinion on http proxy configuration + content filtering to achieve the following goal with EFW2.4:

I have three Active directory groups which need tree different levels of contente filtering:
1) Administrators: no filtering
2) Proxy users standard: some filters (blacklist based filters + whitelist)
3) Proxy user restricted: more filters than standard (black based filters)
4) Everyone (all other users not included in one of above groups and without authentication needed), only the sites: www.repubblica.it, www.istruzione.it (whitelist based filter)
With EFW 2.2 I have only one content profile setting but I can easily achieve the goal merging "Proxy users standard" with "Proxy users restricted"

Now I cannot achieve neither the above situation because EFW2.4 asks always login credentials and seem that only the first ACL (with the first content profile) is in place and I don't see any configuration form that let me specify domains without authentication (in EFW 2.2 there is a specific field for this).

Anyone can help me?


Thanks everyone.

Prof. Davide Cottignoli.
http://itgmorigia.dnsalias.org


Title: Re: EFW2.4 HTTP proxy configuration
Post by: hickmanr on Thursday 08 July 2010, 06:36:16 am
I do something similar to what you are looking for the school district where I work.  For example, students have more restrictive access than teachers.

There are a few prerequisites you are going to have, but I won’t go into detail since you didn’t ask for help on these items:

Note: This assumes all your workstations are domain members in which users must login to.

1 - In Active Directory (AD) you’ll want to create user groups and join the desired users to those groups. In your endian firewall you can then configure filtering based on those groups. For the sake of discussion here I will call those groups (counting by 10’s in case you need more levels later):
•   Filter-Level0   {No filtering}
•   Filter-Level10   {Standard filtering}
•   Filter-Level20   {Restrictive filtering}
•   Filter-Level30   {White list filtering only}

2 - Your EFW has HTTP proxy configured for “Not transparent”

3 - Your authentication method is set to “Windows Active Directory (NTLM)” and you have successfully joined it to your domain.  DO NOT USE LDAP, it will as it will cause your users to continuously login while browsing the Internet.

Once you’ve fulfilled the prerequisites begin on the “Proxy” page / “HTTP” menu item / “Contentfilter” tab.

Create a new profile called “Filter-Level0” (or a name respective of your AD groups discussed earlier) and customize your filters. The name does not have to match your AD group name, it is simply for your reference.

Continue creating additional profiles for each of your groups with their customized filter settings then apply.

Now configure your access policies by clicking the “Access Policy” tab.

Create a new access policy by clicking the “Add Access Policy.
1 - Change the “Authentication” drop down menu to “group based” and select “Filter-Level0” from the “Allowed Groups” list.  Note: for “Filter-Level 30” leave authentication set to disabled.
2 - Change the “Access Policy” drop down menu to “Allow Access”
3 - Change the “Filter Profile” drop down menu to “Filter-Level0 (content ##)”
4 - Make sure the “Enable policy rule” check-box is checked.
5 - Set the position to the first position. As you add the other access policies put them in consecutively higher positions.
6 - update the policy
Repeat this process for each additional Filter-Level group.

Don't forget, your web browsers must have their proxy settings entered. If they are not there are a few ways you can take care of that, either through DNS, or group policies.

Hope this helps.




Title: Re: EFW2.4 HTTP proxy configuration
Post by: ideali on Saturday 10 July 2010, 08:11:49 pm
Hello,
I have configured with endian 2.4 intergate in the AD.
everything works well enough, but it is essential to configure the proxy manually.
authentication does not work if imposed in a transparent proxy on LAN (Green Network)
There is? there 'so to speak?
thanks


Title: Re: EFW2.4 HTTP proxy configuration
Post by: ideali on Saturday 17 July 2010, 09:37:10 pm
hello
Dansguardian does not block the categories selected in the gui
content filtering does not appear in the updated version 2.4
Is there a procedure to update the blacklists dansguardian?
thanks

The category blocked ara  , ads. Stop

Thanks