Profile for web content filter

Hi Alessio,

As I promised, I wrote this “How-to”, as better I knew.

If anybody want or consider that this “How-to” is good for NethServer Wiki ( howto_s [NethServer Wiki] ), is free to annotate, prepare and publish it there (is not necessary to mention me as co-author).
I’m not lazy but first I must to learn how to prepare a doc to be published on NethServer Wiki.

How to configure “Web proxy” in “Transparent with SSL” mode.

Version: V1.0
Revision: R0
For: NethServer 6.7 (final)

Published: 2016-02-21
Review: 2016-02-21

Contact: Nethserver community forum

Description:

This “How-to” will present how to set “Web proxy” in “Transparent with SSL” mode for green zones and trusted networks and how to install the server certificate (CA) for transparent SSL mode which must be installed on each client to allow HTTPS traffic.
In this mode, all HTTP and HTTPS traffic will be redirect through the proxy.
All that is described in this guide was tested on NetServer 6.7 (final) updated.

Prerequisites:

Installed packages: “Web proxy” module from:
NethServer GUI → “Administration → Software center → Available → Firewall”.

Bibliography and useful docs:

• Web proxy — NethServer 7 Final
• “Help” button from “Gateway → Web proxy → Proxy”
• Facebook blocking - #26 by GG_jr
• https://www.websense.com/content/support/library/web/v75/wcg_deploy/WCG_Deploy.1.3.aspx
• Squid transparent proxy for https / ssl traffic – Technology Tab

How-to:

1. Enable “Proxy”:
   NethServer GUI → Gateway → Web proxy → Proxy tab → select “Enable proxy”.

2. Enable “Transparent with SSL”:
   NethServer GUI → Gateway → Web proxy → Proxy tab → Enable proxy → Mode for green zones and trusted networks → select “Transparent with SSL”.

3. Download certificate for “Transparent with SSL” proxy mode:
   NethServer GUI → Gateway → Web proxy → Proxy tab → right click on “http://your_ip/proxy.crt” → select “Open Link in New Tab” → save the certificate.

4. Import the certificate as “Trusted Authorities” on used browser(s).

5. Done.

HINT:

• the certificate can be saved on USB to be installed later on each client.
• any other known method for deploying the certificate to the clients can be used.

Known issues by me:

• if you have installed any AV software that can scan SSL, disable this option (sure with Bitdefender but is possible and with other AV software).
  ( Facebook blocking - #29 by GG_jr )

• when “Transparent with SSL” proxy mode is used in combination with “Web content filter”, it’s possible to have the following situation as described here:
  Facebook blocking - #28 by GG_jr

• when “Transparent with SSL” proxy mode is used in combination with “Web content filter” to block social media sites, it’s possible to have the following situation as described here (normal situation from my point of view):
  Facebook blocking - #30 by GG_jr