Proxy and web filter by user?


(Dale Cliett) #1

Hello to all. I wouldn’t consider this as a support issue, but more of an educational inquiry. Is it possible to use the proxy and webfilter to restrict by user in a domain environment instead of device? ( Read as, is it worth the trouble or would it be a rabbit hole best to stay away from)

If you had roving profiles where individual users had different restrictions then it would be beneficial to have the rules applied unpon the user logging into the machine automatically.
I’ve tried searching around and haven’t found an article yet that described the setup I’m asking about and wanted to see if anyone would share some knowledge about how this could be accomplished, where I might find some documentation to learn, or if it would even be worth the trouble.
Like I said, not really in need of support but just asking to learn a bit.
Thanks in advance, and I hope everyone is having a good weekend.


(Markus Neuberger) #2

Hi @FixitFelix,

yes, it’s possible with authenticated proxy and profiles in content filter.

http://docs.nethserver.org/en/v7/web_proxy.html#authenticated-mode
http://docs.nethserver.org/en/v7/content_filter.html#web-content-filter

I saw you already found this detailed howto for AD/authenticated proxy.

In web content filter you may create profiles to map users to filters:

grafik

It’s easily installed and tested. You may have problems with some devices/software but they could be excluded.from proxy.


(Dale Cliett) #3

Thank you @mrmarkuz. It seems that I completely missed this as I was going through different searches. I appreciate you responding and leading me to documentation. Take care.


(Pedro Sitan) #4

About this topic, I like to know if someone has tried this:

I have a Nethserver, with transparent proxy and AD service, in my lan everything works fine but, my question is, if I create some users and create remote openvpn clients based in these clients, can I apply a profile and apply to the client? of course the openvpn server, will have configurated the option client password and certificate.

do you tink thats configuration works or i need change the proxy configuration to authenticated mode?


(Michael Träumner) #5

Yes you have to change. It doesn’t work in transparent mode.


(Pedro Sitan) #6

Ok, thanks