Proxy mode Authenticated-bypass block blacklist

Support
,
1

Hi Expert,

Please help to fix issue that can not block blacklist

There is more about a configure:

System version: NethServer release 7.3.1611

allow_domain
nethserver.org
bbc.com

nh_blacklist
youtube.com
facebook.com

Proxy mode
Authenticated

vi /etc/ufdbguard/ufdbGuard.conf

src src_user1_profiles {
user “user1”
}

time always {
weekly mtwhfas 00:00-23:59
}

# Profile: User1_profiles
src_user1_profiles within always {
    pass !security nh_whitelist  !nh_blacklist  !files  !builtin  "allow_domain"  none
}

default {
    pass !security nh_whitelist  !nh_blacklist  !in-addr  !files  !builtin  "nofilter_user"  none
    redirect     http://1xx.xxx.xx.xx/cgi-bin/nethserver-block.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup=%t&url=%u
}
default {
    pass !security nh_whitelist  !nh_blacklist  !in-addr  !files  !builtin  "nofilter_user"  none
    redirect     http://1xx.xxx.xx.xx/cgi-bin/nethserver-block.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup=%t&url=%u
}

tail -f /var/log/squid/access.log

TCP_TUNNEL/200 6343 CONNECT www.youtube.com:443 user1@xxxx.xxxx HIER_DIRECT/216.58.196.14 -
TCP_TUNNEL/200 129567 CONNECT www.facebook.com:443 user1@xxxx.xxxx HIER_DIRECT/157.240.7.35 -
tail -f /var/log/ufdbguard/ufdbguardd.log
2017-06-17 09:53:57 [30663] LANG is ‘C’
2017-06-17 09:53:57 [30663] 32 HTTPS verification threads created.
2017-06-17 09:53:57 [30663] ERROR: A FATAL ERROR OCCURRED: ALL REQUESTS ARE ANSWERED WITH “OK” (see previous lines with “FATAL ERROR” for more information) *****
2017-06-17 09:53:57 [30663] Changing daemon status to “error”
2017-06-17 09:53:57 [30663] UNIX socket “/tmp/ufdbguardd-03977” successfully created
2017-06-17 09:53:57 [30663] listening on UNIX socket “/tmp/ufdbguardd-03977”
2017-06-17 09:53:57 [30663] using rwlock for database locking with preference for “writer”
2017-06-17 09:53:57 [30663] processor yielding is enabled
2017-06-17 09:53:57 [30663] system: x86_64 Linux 3.10.0-514.16.1.el7.x86_64 bypass.network.local on 4 CPUs
2017-06-17 09:53:57 [30663] ufdbguardd 1.32.4 started with 68 URL verification threads and 32 SSL verification threads

default Filter.png575×517 5.15 KB

The Result :

user1 can access the youtube and facebook !

Thank you
Ya

2

Hi @Ya_Ley ,

Facebook and YouTube are redirected to https. Try to use “Transparent with SSL”. All users must have the SSL certificate installed.

There are some detailed topics in this forum about Web proxy utilisation.

BR,
Gabriel

1 Like
3

Hello Gabriel

Thank you but why’s the version 6.8 can do this?
BR,
Ya

4

Hi @Ya_Ley ,

There are differences between the versions.
Please read here:

http://docs.nethserver.org/en/v7/web_proxy.html

http://docs.nethserver.org/en/v6/web_proxy.html

BR,
Gabriel

5

Rename user1_profiles to user1-profiles should work.

6

why ? can not use _ ?

7

Yes, you can not use underscore (_).