Profile for web content filter

The default profile it’s mandatory, otherwise you can’t do configuration like “everyone can view anything except a set of users”

It’s not clear to me what you want to achieve, but you can leave the default profile as “all permitted”, thus it will no affect any user.

1 Like

the proble is that the default profile always overrides any other profile
for example when you try to block YouTube for a group of users
once you set another profile for one group of users and then enable the content filtering , the default profile override the custom profile and all users and all groups ae affected by this blocking , which is contrary to what is in the nethserver documents

thanks for the command NAS
i will try it

how can you edit the default profile to"all permitted" i can not see any edit buttons

Hi @hany ,

they have a way can view the log which computer connected with Computer name, IP address and MAC address?

As @Nas suggested, you should go inside the filter tab and check following option “Allow all, block selected content”. Leave all other options unchecked.

Sorry but the profile default is needed (for now).
Also the pull request doesn’t resolve the problem, since if you delete the record, it will be created as soon as the intialize-default-database actions is called by an event.

@haliparotin ,

You can see all statistics at Dashboard -> Applications -> Lightsquid

actually i don’t like the fact that you don’t have control over all ssl websites , when i set profile to Transparent with SSL , it still block all the ssl websites not filtering them according to the blacklist
i got ssl certificate from rapidssl , i thought this may help in the ssl content filtering
all the ssl websites are blocked not filtered and i think there’s no way to filter the ssl websites , it all or non job which makes the web filtering non beneficial
because when you block http://youtube , the user can still access it through https protocol
and when you enable Transparent with SSL all the ssl websites are blocked including the good ones
i though if i have a custom ssl certificate for the domain hosted by the server this will enable the server to intervene ssl connections and filter them , but i was very wrong

@hany

Plase describe all cases in detail + attach there LOG files.

We can create BUG or Enhancement.

this is a major issue not only related to nethserver , it is there with zentyal , clearOS , and other server
it is inability to filter out https protocol
you can check

https://www.clearos.com/clearfoundation/social/community/how-to-block-https-www-facebook-com

https://forum.zentyal.org/index.php?topic=10498.0

you can find tons of topics about this issue

lets say you want to block facebook
if you chooses transparent , then you will only block http://www.facebook.com
but at the same time you can easily open https://www,facebook.com

if u choosed transparent with ssl then that all block all the https protocol website like the online banking and shopping and every single website that uses the encrypted protocol https

this is a huge issue related to https web content filter and IMHO will never be fixed

Hi hany,

Please read this: Facebook blocking

I’m shure you will find some answers there, also about how to use Transparent with SSL ( Facebook blocking ).

@GG_jr can you create a new wiki doc about this? It would be extremely helpful for everyone especially for newcomers, please think about it :wink:

Ping @GG_jr :slight_smile: @jim will be happy to help you

I will try to write about this as soon as possible (most probably in weekend).

1 Like

Hi Alessio,

As I promised, I wrote this “How-to”, as better I knew.

If anybody want or consider that this “How-to” is good for NethServer Wiki ( http://wiki.nethserver.org/doku.php?id=howto_s ), is free to annotate, prepare and publish it there (is not necessary to mention me as co-author).
I’m not lazy but first I must to learn how to prepare a doc to be published on NethServer Wiki.

How to configure “Web proxy” in “Transparent with SSL” mode.

Version: V1.0
Revision: R0
For: NethServer 6.7 (final)

Published: 2016-02-21
Review: 2016-02-21

Contact: Nethserver community forum

Description:

This “How-to” will present how to set “Web proxy” in “Transparent with SSL” mode for green zones and trusted networks and how to install the server certificate (CA) for transparent SSL mode which must be installed on each client to allow HTTPS traffic.
In this mode, all HTTP and HTTPS traffic will be redirect through the proxy.
All that is described in this guide was tested on NetServer 6.7 (final) updated.

Prerequisites:

Installed packages: “Web proxy” module from:
NethServer GUI -> “Administration -> Software center -> Available -> Firewall”.

Bibliography and useful docs:

How-to:

  1. Enable “Proxy”:
    NethServer GUI -> Gateway -> Web proxy -> Proxy tab -> select “Enable proxy”.

  2. Enable “Transparent with SSL”:
    NethServer GUI -> Gateway -> Web proxy -> Proxy tab -> Enable proxy -> Mode for green zones and trusted networks -> select “Transparent with SSL”.

  3. Download certificate for “Transparent with SSL” proxy mode:
    NethServer GUI -> Gateway -> Web proxy -> Proxy tab -> right click on “http://your_ip/proxy.crt” -> select “Open Link in New Tab” -> save the certificate.

  4. Import the certificate as “Trusted Authorities” on used browser(s).

  5. Done.

HINT:

  • the certificate can be saved on USB to be installed later on each client.
  • any other known method for deploying the certificate to the clients can be used.

Known issues by me:

  • if you have installed any AV software that can scan SSL, disable this option (sure with Bitdefender but is possible and with other AV software).
    ( Facebook blocking )

  • when “Transparent with SSL” proxy mode is used in combination with “Web content filter”, it’s possible to have the following situation as described here:
    Facebook blocking

  • when “Transparent with SSL” proxy mode is used in combination with “Web content filter” to block social media sites, it’s possible to have the following situation as described here (normal situation from my point of view):
    Facebook blocking

2 Likes

Just added with a copy/paste :slight_smile: maybe a wiki expert can improve my formatting
http://wiki.nethserver.org/doku.php?id=howto:how_to_configure_web_proxy_in_transparent_with_ssl_mode

1 Like

I would like to add that I didn’t have to do any of this for nethserver 7.4. People should try to just enable
Transparent with SSL and Block HTTP and HTTPS ports. It works as expected, great job by the way.

Tell me how to switch between profiles (filters)? for example, profile1 is allowed all except yotube.com. Profile2 is forbidden all except gmail.com
Based on global black and white lists.

It’s possible with custom categories. Create custom categories “gmail” and “youtube” and enter the domains. Then you can select the custom categories to allow/block in a filter. Now you can switch by changing the filter in a profile.