EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: ogramajo on Monday 18 January 2016, 02:31:38 pm



Title: Block Unmatched URL´s with non transparent proxy
Post by: ogramajo on Monday 18 January 2016, 02:31:38 pm
Hi Everyone, I´m new in this forum, and first would like to thanks in advanced for all your help,

I don´t know hot to make Endian 3.05 beta1, with non transparent proxy and NTLM authentication, block unrated sites,

for example I would like to block the following sites wich have no category in c-icap:

hola.com
ktm.com
etc....

Again Thanks for your help.


Title: Re: Block Unmatched URL´s with non transparent proxy
Post by: mrkroket on Tuesday 19 January 2016, 03:12:09 am
There are two ways.
1) Create a rule on HTTP proxy at first (Proxy->HTTP->Access Policy):
Position: First
Source: ANY
  Destination Type: Domain
   Domains (one per line): .hola.com , .ktm.com , 
Please note that you must add a dot at start of the domain. Also it's very important that you don't mix domains and subdomains. If you use .hola.com don't put either hola.com or vpn.hola.com or anything like that. It will break Squid and won't start (even if the GUI say so).
Access Policy: deny

2) Add a custom blacklist on Webfilter Profiles:
On Proxy->HTTP->Web Filter, Edit the web profile and search "Custom black- and whitelists" section. Add hola.com and ktm.com on the right side (Block the following sites). Here you don't need to add the dot at start.


Title: Re: Block Unmatched URL´s with non transparent proxy
Post by: ogramajo on Tuesday 19 January 2016, 10:40:42 am
There are two ways.
1) Create a rule on HTTP proxy at first (Proxy->HTTP->Access Policy):
Position: First
Source: ANY
  Destination Type: Domain
   Domains (one per line): .hola.com , .ktm.com , 
Please note that you must add a dot at start of the domain. Also it's very important that you don't mix domains and subdomains. If you use .hola.com don't put either hola.com or vpn.hola.com or anything like that. It will break Squid and won't start (even if the GUI say so).
Access Policy: deny

2) Add a custom blacklist on Webfilter Profiles:
On Proxy->HTTP->Web Filter, Edit the web profile and search "Custom black- and whitelists" section. Add hola.com and ktm.com on the right side (Block the following sites). Here you don't need to add the dot at start.


Thank´s for your help mrkroket,

the thing is that I don´t know all the domains i want to block,

what i want to do is to only allow domains that are within the allowed categories in the webfilter section, what´s not working for me, is that the domains i mentioned before are not listed in any category on the webfilter and their are still allowed,

Sorry If  i´m not being clear enough, Again thanks for your help.


Title: Re: Block Unmatched URL´s with non transparent proxy
Post by: mrkroket on Tuesday 19 January 2016, 01:28:25 pm
What you need should work this way:
1-Create your webfilter profile. Only allow what you need, and block the rest.
2-Create a rule, Source: ALL, Dest: ALL, Access Policy: Allow, Filter: The one you created. Authentication: User/Group, depends on your NTLM settings
3-This is not necessary, but just in case. Create a second rule to deny ALL, on 2nd position.
4-Apply changes.

I must warn you that standard urlfilters on Endian Firewall are very basic, it doesn't catch a lot.
 If you need updated urlfilters you should check  for better filters and replace the ones in /var/signatures/urlfilter/blacklists.
What I did some time ago was to add many different urlfilters to endian.
For example, download new url filters from http://www.urlblacklist.com/  (only once for free!!), http://www.shallalist.de/ or others, and replace the files on blacklist. Don't delete, just replace or add new ones.