the proble is that the default profile always overrides any other profile
for example when you try to block YouTube for a group of users
once you set another profile for one group of users and then enable the content filtering , the default profile override the custom profile and all users and all groups ae affected by this blocking , which is contrary to what is in the nethserver documents
As @Nas suggested, you should go inside the filter tab and check following option “Allow all, block selected content”. Leave all other options unchecked.
Sorry but the profile default is needed (for now).
Also the pull request doesn’t resolve the problem, since if you delete the record, it will be created as soon as the intialize-default-database actions is called by an event.
actually i don’t like the fact that you don’t have control over all ssl websites , when i set profile to Transparent with SSL , it still block all the ssl websites not filtering them according to the blacklist
i got ssl certificate from rapidssl , i thought this may help in the ssl content filtering
all the ssl websites are blocked not filtered and i think there’s no way to filter the ssl websites , it all or non job which makes the web filtering non beneficial
because when you block http://youtube , the user can still access it through https protocol
and when you enable Transparent with SSL all the ssl websites are blocked including the good ones
i though if i have a custom ssl certificate for the domain hosted by the server this will enable the server to intervene ssl connections and filter them , but i was very wrong
this is a major issue not only related to nethserver , it is there with zentyal , clearOS , and other server
it is inability to filter out https protocol
you can check
if u choosed transparent with ssl then that all block all the https protocol website like the online banking and shopping and every single website that uses the encrypted protocol https
this is a huge issue related to https web content filter and IMHO will never be fixed
As I promised, I wrote this “How-to”, as better I knew.
If anybody want or consider that this “How-to” is good for NethServer Wiki ( howto_s [NethServer Wiki] ), is free to annotate, prepare and publish it there (is not necessary to mention me as co-author).
I’m not lazy but first I must to learn how to prepare a doc to be published on NethServer Wiki.
How to configure “Web proxy” in “Transparent with SSL” mode.
This “How-to” will present how to set “Web proxy” in “Transparent with SSL” mode for green zones and trusted networks and how to install the server certificate (CA) for transparent SSL mode which must be installed on each client to allow HTTPS traffic.
In this mode, all HTTP and HTTPS traffic will be redirect through the proxy.
All that is described in this guide was tested on NetServer 6.7 (final) updated.
Prerequisites:
Installed packages: “Web proxy” module from:
NethServer GUI → “Administration → Software center → Available → Firewall”.
Enable “Transparent with SSL”:
NethServer GUI → Gateway → Web proxy → Proxy tab → Enable proxy → Mode for green zones and trusted networks → select “Transparent with SSL”.
Download certificate for “Transparent with SSL” proxy mode:
NethServer GUI → Gateway → Web proxy → Proxy tab → right click on “http://your_ip/proxy.crt” → select “Open Link in New Tab” → save the certificate.
Import the certificate as “Trusted Authorities” on used browser(s).
Done.
HINT:
the certificate can be saved on USB to be installed later on each client.
any other known method for deploying the certificate to the clients can be used.
Known issues by me:
if you have installed any AV software that can scan SSL, disable this option (sure with Bitdefender but is possible and with other AV software).
( Facebook blocking - #29 by GG_jr )
when “Transparent with SSL” proxy mode is used in combination with “Web content filter”, it’s possible to have the following situation as described here: Facebook blocking - #28 by GG_jr
when “Transparent with SSL” proxy mode is used in combination with “Web content filter” to block social media sites, it’s possible to have the following situation as described here (normal situation from my point of view): Facebook blocking - #30 by GG_jr
I would like to add that I didn’t have to do any of this for nethserver 7.4. People should try to just enable Transparent with SSL and Block HTTP and HTTPS ports. It works as expected, great job by the way.
Tell me how to switch between profiles (filters)? for example, profile1 is allowed all except yotube.com. Profile2 is forbidden all except gmail.com
Based on global black and white lists.
It’s possible with custom categories. Create custom categories “gmail” and “youtube” and enter the domains. Then you can select the custom categories to allow/block in a filter. Now you can switch by changing the filter in a profile.