Issue with Proxy & WebFilter 1.10.1 on Nethserver 7.7.1908

Hello Everyone,

I just downloaded the latest version (7.7.1908) for testing but having some issues with web-filter (1.10.1). Can anyone help me please?
Below is my configuration:


I have selected Green Zone as Transparent SSL because I don’t want to configure proxy settings on hosts manually.
I haven’t created any proxy rules at this point.
I have downloaded Shalla (free for non-commercial use) and all categories are available.
I have strictly prohibited movies, social-net, porn in default profile as well as added youtube and facebook in global black list but still I am able to browse everything.

Update: OK I have just figured one thing. This issue occurs only when there are more users in the network.
Less the users, better the working.

Is there any kind of users limit I should be aware of?

Hi,

welcome to Nethserver Community.

I couldn’t find a user limit for squid or ufdbguard.

Some troubleshooting hints:

http://docs.nethserver.org/en/v7/content_filter.html#troubleshooting

Dear @mrmarkuz many thanks for your reply, I have tried troubleshooting hints provided in official documentation but no luck.

I have verified the followings:

the client is surfing using the proxy
NO, clients is not using manually configured proxy, because I have set the proxy mode to SSL Transparent, and as per the documentations I think no client end configuration is required.

the client doesn’t have a configured bypass inside Hosts without proxy section
Yes, I haven’t created any bypass rule for hosts without proxy.

the client is not browsing a site with a configured bypass inside Sites without proxy section
Yes, I haven’t created any bypass rule for sites without proxy.

the client is really associated with a profile not allowed to visit the page
I haven’t created any custom profile, all clients are using default profile in which some categories are blocked.

the client is surfing within a time frame when the filter is permissive
No specific time frame is defined, Its default 24/7.

Please help.

On the default profile, Block access to web sites using ip address is enabled?

Hey dnutan yes it is enable. As shown in attached image.

Something in the logs when client access to sites are not blocked correctly?

On the server you can test if filtering is working:

echo "https://www.facebook.com 10.10.0.1/ - - GET" | /usr/sbin/ufdbgclient -d

replacing 10.10.0.1 with the IP of the green interface.

I’ve tried with the same settings (or close to them) and worked even when using port 8080. But just in case, you could try with default port instead.

2 Likes

Hey @dnutan here are the echo results of ufdbgclient and its confusing

[root@prahqb ~]# echo “https://www.faceook.com 192.168.10.1/ - - GET” | /usr/sbin/ufdbgclient -d
OK
[root@prahqb ~]# echo “https://www.youtube.com 192.168.10.1/ - - GET” | /usr/sbin/ufdbgclient -d
OK status=302 url="blocked.nethserver.org:443"
[root@prahqb ~]#

I mean how could it be different with youtube?

Edit: I am using transparent ssl mode, Is it matter if I change proxy port from 8080 to default?

faceook (with missing b) was accessible (that doesn’t mean the redirection, if any, was permitted.)
for youtube it shows the url was blocked.

I’d say no (I’ve tried with defaults and with 8080 with same results), but 8080 is frequently used as httpd-alternative or by other applications.

1 Like

Many thanks for your support @dnutan.
I have moved from transparent ssl mode to manual as well as blocked http & https ports.
Although I will have to manually configure clients to use proxy but now the web-filter is working as it supposed to be.
I guess issue was with ssl transparent mode.