Blocking web sites by url

webfilter
v7
webproxy
firewall

(Don Robertson) #1

NethServer Version: 7

Hi,
I need to block access to the internet for some clients, but allow chromebooks to log on and allow access to some web sites. I am looking at the firewall rules, and at adding hosts to host groups and making rules like that.

However, Google says that to allow chromebooks to log on, I need to white list a whole bunch of sites, this will be a pain. Also, as far as I can see, I can only add hosts by IP address, and this will pretty quickly get unmanageable.

Is there a way to whitelist sites and domains by domain name?

I have had a look at using the web filtering application. Unfortunately, for secure sites (and there really shouldn’t be any other kind), the user gets a ssl certificate error - the proxy uses a certificate issued to ‘blocked.nethserver.org’ and gives an invalid common name error.

Really don’t want to start telling people ignore security certificate errors.

SO - where to from here. Can I use whitelists without content filtering and having the proxy decrypt secure traffic? Do I need to make a list of IP addresses and just use the fire wall? Or is there another solution?

Cheers

DOn


(Michael Träumner) #2

Hi,
this error only occurs if the site is redirected, because it’s forbidden. If the users wants to open sites which are allowed, it’s no problem. So they haven’t to ignore the ssl certificate error, they have to leave the site.

Sorry that I can’t give you another solution, but there isn’t one except the solution with IP-Adresses.

PS: I’ve had the same question a time ago, for reading the reason for that behaviour please have a look at:


(Filippo Carletti) #3

If I understood correctly you need bypass fy domains:

http://docs.nethserver.org/en/v7/web_proxy.html#bypass-by-domains