Using custom whitelists for web content filter

NethServer Version: 7.6.1810
Module: web content filter
I work for a school where sometimes just a group of users (a group/classroom) needs access to certain websites that are blocked by default for the filter which applies to this users.
Before moving to Nethserver we had a plain squid+ufdbguard server, so I know that is possible to define and apply a custom whitelist to just a group of users in ufdbguard, but I couldn’t find how to configure this setup in Nethserver.
I know that there is a global whitelist option, but it’s of not use for this particular case. For instance, we have a group that is requesting access to a particular gaming domain, but I don’t want to enable the whole game category, neither give access to this domain to the whole school (global whitelist) or use the “block all, allow selected content” which would need to define a category which includes ALL the allowed content.
Is there any way to accomplish this?

You can create a custom category and populate it with your own domains. Then you can reuse such category inside filters.

Take a look also to the official doc
And if you’re brave enough, you could even try the new UI:

Hi, yes but the problem is to use these custom categories as a whitelist inside filters. The only options are the “Allow all, block selected content” mode, in which the categories work as blacklists and the “Block all, allow selected content” which is of no use to us.
For instance, ufdbguard allow to define the following, but I didn’t found a way to get this configuration with Nethserver:
scr_group1 { pass whitelist1 whitelist2 !category1 !category2 all}
scr_group2 { pass whitelist1 !category1 !category2 all}

I don’t know if there a workaround for it from the UI, maybe @davide_marini has some ideas.

You could always create a template-custom for it:

mkdir -p /etc/e-smith/templates-custom/etc/ufdbguard/ufdbGuard.conf

Put your content inside a file named: /etc/e-smith/templates-custom/etc/ufdbguard/ufdbGuard.conf/99acl20custom, something like:

scr_group1 \{ pass whitelist1 whitelist2 !category1 !category2 all\}
scr_group2 \{ pass whitelist1 !category1 !category2 all\}

Note that you need to escape the curly braces otherwise the code will be executed as a perl script.

Then apply the modifications:

signal-event nethserver-squidguard-save

I didn’t try, but you should be able to do the job.
More info available here:

Edit: There was a mistake, the correct path to use is template-custom, thank you @m.traeumner for pointing it out!

1 Like

Thank you Giacomo, I’ll give it a try using custom templates.