Profile for web content filter

Hi Alessio,

As I promised, I wrote this “How-to”, as better I knew.

If anybody want or consider that this “How-to” is good for NethServer Wiki ( http://wiki.nethserver.org/doku.php?id=howto_s ), is free to annotate, prepare and publish it there (is not necessary to mention me as co-author).
I’m not lazy but first I must to learn how to prepare a doc to be published on NethServer Wiki.

How to configure “Web proxy” in “Transparent with SSL” mode.

Version: V1.0
Revision: R0
For: NethServer 6.7 (final)

Published: 2016-02-21
Review: 2016-02-21

Contact: Nethserver community forum

Description:

This “How-to” will present how to set “Web proxy” in “Transparent with SSL” mode for green zones and trusted networks and how to install the server certificate (CA) for transparent SSL mode which must be installed on each client to allow HTTPS traffic.
In this mode, all HTTP and HTTPS traffic will be redirect through the proxy.
All that is described in this guide was tested on NetServer 6.7 (final) updated.

Prerequisites:

Installed packages: “Web proxy” module from:
NethServer GUI -> “Administration -> Software center -> Available -> Firewall”.

Bibliography and useful docs:

How-to:

  1. Enable “Proxy”:
    NethServer GUI -> Gateway -> Web proxy -> Proxy tab -> select “Enable proxy”.

  2. Enable “Transparent with SSL”:
    NethServer GUI -> Gateway -> Web proxy -> Proxy tab -> Enable proxy -> Mode for green zones and trusted networks -> select “Transparent with SSL”.

  3. Download certificate for “Transparent with SSL” proxy mode:
    NethServer GUI -> Gateway -> Web proxy -> Proxy tab -> right click on “http://your_ip/proxy.crt” -> select “Open Link in New Tab” -> save the certificate.

  4. Import the certificate as “Trusted Authorities” on used browser(s).

  5. Done.

HINT:

  • the certificate can be saved on USB to be installed later on each client.
  • any other known method for deploying the certificate to the clients can be used.

Known issues by me:

  • if you have installed any AV software that can scan SSL, disable this option (sure with Bitdefender but is possible and with other AV software).
    ( Facebook blocking )

  • when “Transparent with SSL” proxy mode is used in combination with “Web content filter”, it’s possible to have the following situation as described here:
    Facebook blocking

  • when “Transparent with SSL” proxy mode is used in combination with “Web content filter” to block social media sites, it’s possible to have the following situation as described here (normal situation from my point of view):
    Facebook blocking

2 Likes

Just added with a copy/paste :slight_smile: maybe a wiki expert can improve my formatting
http://wiki.nethserver.org/doku.php?id=howto:how_to_configure_web_proxy_in_transparent_with_ssl_mode

1 Like

I would like to add that I didn’t have to do any of this for nethserver 7.4. People should try to just enable
Transparent with SSL and Block HTTP and HTTPS ports. It works as expected, great job by the way.

Tell me how to switch between profiles (filters)? for example, profile1 is allowed all except yotube.com. Profile2 is forbidden all except gmail.com
Based on global black and white lists.

It’s possible with custom categories. Create custom categories “gmail” and “youtube” and enter the domains. Then you can select the custom categories to allow/block in a filter. Now you can switch by changing the filter in a profile.