Help me please, I’m nowhere in the settings can not find both for the computer 192.168.0.50 to block access to the site site.com (this is an example). Content filter is already enabled for 192.168.0.50, but you must block access to one more site. How to do it? Where to write down the address of the site?
Does this help; http://docs.nethserver.org/en/v7/content_filter.html#filters ?
…unfortunately I don’t use NS for gateway or filtering duties so I haven’t a page available to show you and don’t remember from the last time I tested it with AD.
2 Likes
Go to web content filter and add it to global blacklist by choosing “add blocked domain”.
To safe the settings press on the small button at the right site of the window.
Yes, but the site will be added to the global list, which means it will be closed to all computers, and I need to close access for only one. It would be great if each profile had its own list of allowed and forbidden sites, but I did not find where it was.
Ok, I missunderstood. The files with domains and urls are at
/var/squidGuard/blacklists
You can create a new folder with a name like MyOwnBlacklist and a file domain and/or url in it.
The file and the folder have to be owned by squid
chown -R squid:squid MyOwnBlacklist
Now you have to create the database
4.4.4 Converting a URL Database
ufdbConvertDB converts a whole URL database without the need to call ufdbGenTable for each
URL category. ufdbConvertDB requires one parameter which is the top level directory name where the
URL database resides.
Example:
ufdbConvertDB /var/squidGuard/blacklists
It’s a part of reference manual
last you have to create a custom template to add your own category to ufdbGuard.conf
I think that’s the way.
1 Like
It turns out that I should do this for every computer I want to block access to an arbitrary site? Enter through the console in the file addresses of the sites, and then to see what was written there, again through the console to watch? Is there no way to do this via the web interface? It’s just disgusting! Thanks for the help, but no! Perhaps, at the first opportunity, I’ll return to the ClearOS! As a gateway NethServer is very raw!
Create a custom category filling the domain list and assign the category to the host ip.
Here’s a more detailed answer:
Create a DHCP -> IP reservation for the host, and/or make use of Firewall objects (which are more flexible).
To prevent unwanted (un)blocks make sure IP assignments are under control.
###Create a Custom category
- Go to web content filter -> Custom categories
- Create a new custom category, giving it a name and writing the sites to block in the Domains list (no regular expressions allowed):
Example:
example.com
.xxx
www.example.net
###Create a Filter
- Go to web content filter -> Filters
- Create a new filter, giving it a name and unchecking unwanted options
- Mark Allow all, block selected content
- Check (at least) the custom category created on the previous step
###Create a Profile
- Go to web content filter -> Profiles
- Create a new profile; give it a name
- Who: select the desired target
- What: select the filter previously created
###NOTES
- make sure to clear browser’s cache of the affected devices.
3 Likes
It turns out that for one computer there will be two profiles, and which one will be processed first? The one in which you can go to the site.com or the one in which access is already closed? In the evening I’ll try, but IMHO, it’s some kind of crutches.
I think, blocking with firewall objects/rules are the best way to do this!
I´m curious, what site is it? Maybe you can block using DPI, btw, DPI is love, DPI is life! 
Thanks, it works. But how it is implemented, in my opinion, is terrible.