How to configure proxy with different filters and profiles


#1

Hi,

I want to configure the proxy to allow or block different web sites compared to several types of users.
For exemple, johnDoe can consult only sports sites and JaneDoe can only consult press sites.
I created 2 filters. 1st, name: allowsports (mode: Block all, allow selected content where press checked) and 2nd, allowpress (mode: Block all, allow…where sports checked). Default filter’s mode block all and none checked.

Regardless of the proxy mode (Nethserver) I feel that the Default’s filter is used because when I change the mode (block or allow…selected content), it has an effect in Firefox. The 2 filters I added are ignored.

What must I change in FF and Nethserver?

My client (win7) joined the domaine perfectly.


#2

Hum…I continue my tests…
In Web content filter|profiles|“who” if I remplace the user by the host or zone (green), the surf is blocking by categories.
It’s ok according the host or the zone but not the user or group of users. :frowning:


(Charlie Lehardy) #3

First, create a new filter, such as allowsports. I think you have done that. Next, create a firewall object for the host computer that you want to use that filter. Perhaps Joe is at 192.168.1.50. Create a “joe” firewall object with 192.168.1.50 as the address. Now create a filter profile, allowsports for joe, and choose “joe” from the hosts listed in Who.

Now, joe’s traffic will be sent through your allowports filter, and everyone else will go through the default filter.

If you have several users, you can either create objects for each one of them, or perhaps create a host group for everyone who will be sent through the allowports filter.

Hope this helps.


(Alessio Fattorini) #4

Can you elaborate it a bit? It might be a helpful FAQ! What do you think?


#5

Hi,
Sorry but that’s not the issu if JohnDoe and JaneDoe use the same host (192.168.1.50) or I don’t understand all you preconise me… ;(

Can you try to create 2 groups. 1st, group “students” (with student1, student2, student…) 2nd, group "teachers (teacher1, teacher2, teacher…). Both groups must be able to use the same host, 192.168.1.50 (wich is part of hosts group “room1”).
Of course, students and teachers can’t consult same web sites. :wink:

My logs:
STUDENT1 log on client1
/var/log/secure
May 1 23:47:23 srvlag smbd[17355]:pam_unix(samba:session): session opened for user student1 by (uid=0)

/var/log/httpd/access_log
192.168.1.1 - - [01/May/2015:23:48:04+0200] “GET/cgi-bin/nethserver-block.cgi?clientaddr=192.168.1.25&clientname=client1.lagrange&clientident=&srcclass=src_profilstudent&targetgroup=none&url=http://www.google.com/HTTP/1.1” 403 1571 “-” “Mozilla/5.0 (compatible;MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)”

TEACHER1 log on the same host (client1)
/var/log/secure
May 1 23:42:30 srvlag smbd[16339]:pam_unix(samba:session): session opened for user teacher1 by (uid=0)

/var/log/httpd/access_log
192.168.1.1 - - [01/May/2015:23:43:27+0200] “GET/cgi-bin/nethserver-block.cgi?clientaddr=192.168.1.25&clientname=client1.lagrange&clientident=&srcclass=src_profilstudent&targetgroup=none&url=http://www.google.com/HTTP/1.1” 403 1571 “-” “Mozilla/5.0 (compatible;MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)”

If it’s not possible, I’ll filtre by hosts et not by users…:frowning:


(Charlie Lehardy) #6

Thanks for the clarification. You’re right, what I described assumes a different host for every student and every teacher. I am not sure how you would use a single host for everybody, unless you had a login system with individual usernames and passwords.


(Filippo Carletti) #7

The web proxy offers the authenticated option which requires users to enter their name and password to browse the web.