Neth Web Proxy & Filter

Hello Everyone,

I am new to NethServer and would appreciate your advice and assistance.

I have installed NethServer with the following applications: Antivirus, Firewall, Web Proxy & Filter, and Web Server.

The server is functioning as a router, and all traffic is passing through as expected. However, I am unable to manage or control the traffic effectively. For example, I cannot block specific websites or filter content as needed.

Could you please guide me on how to properly configure traffic management and content filtering?

Thank you in advance for your support!

It seems you are trying to use nethserver 7 which is out of date. For anything new you should start with ns8 (no router capabilities) and nethsec (prividing the networking stuff) if you like nethserver/nethesis brand.

Sure, I will, but for now I want to understand why I cannot manage the traffic?

Transparent proxy?
Are the clients connecting through the proxy?
Example of what you are trying to filter/block and if logs say something about it?

IIRC webproxy filter can block domains but it’s not set to analyze url requests…

There are protocols and other things that can be blocked through IPS module.

EDIT:

The proxy can be enabled only on green and blue zones. Supported modes are:

  • Manual: all clients must be configured manually
  • Authenticated users must enter a user name and password in order to navigate
  • Transparent: all clients are automatically forced to use the proxy for HTTP connections
  • Transparent SSL: all clients are automatically forced to use the proxy for HTTP and HTTPS connections

The proxy is always listening on port 3128. When using manual or authenticated modes, all clients must be explicitly configured to use the proxy.

clients can be

automatically configured using WPAD protocol. In this case it is useful to enable Block HTTP and HTTPS ports option to avoid proxy bypass.

If the proxy is installed in transparent mode, all web traffic coming from clients is diverted through the proxy. No configuration is required on individual clients.

In transparent SSL mode, the proxy implements the so-called “peek and splice” behavior: it establishes the SSL connection with remote sites and checks the validity of certificates without decrypting the traffic.

https://docs.nethserver.org/en/v7/web_proxy.html

2 Likes

Thank you for your response.

When I set the Mode Green Zone to “Transparent SSL,” I am able to see all the traffic in the access.log. However, I want to allow only domain computers to have internet access, so I have done the following:

  1. Joined the proxy server to the domain.
  2. Added all domain accounts as authenticated on the proxy server.
  3. Changed Mode Green Zone from “Transparent SSL” to “Authenticated.”
  4. Modified the krb5.conf settings to enable Kerberos authentication.

After performing these changes, when I trace a website, I can see that the traffic is passing through the proxy server. However, I am unable to see this traffic in the access.log, and I cannot manage any of this traffic.

Can you assist me in resolving this issue?

Sorry, don’t exactly know.
So no signs of being working nor clues neither on access.log, cache.log nor any blocking on ufdguard logs, or anything else on /var/log/messages?

Are Windows clients accessing the proxy server using the FQDN?

2 Likes

When switching to authenticated mode, nothing appears in the log files mentioned above. I believe there is a missing configuration. Is there any guide or instruction available for setting up this scenario?

Dear Gents, any suggestions available?