Web Content Filter & AD users and groups

NethServer Version: NethServer release 7.7.1908 (final)
Module: Web Content Filter


I’m doing my first steps with Nethserver. I’ve installed AD, Firewall and proxy and Web Content Filter. I’m using Transparent with SSL proxy.

Everything works well if I use profiles related to Firewall objects, but when I want to set filters related to Active Directory groups or users the filter does not apply.

How is it possible? I think everything is correctly configured since otherwise, it would not work well with firewall objects.

I’ve checked the “Block HTTP and HTTPS ports” option.

Thank you !

Hi, first welcome to the community.

To your question,
could you post some files please. squid and ufdbguard config


and log files at the time you try to open a site which should be blocked, but isn’t blocked.



1 Like

You need to use authenticated proxy instead of transparent one to get the user/group information. Then users/groups are selectable in the Profile creation wizard.


1 Like

Hi @mrmarkuz,

first of all thank you for your answer. I changed the proxy to the authenticated one, and when I try to navigate any page, the browser asks me for a username and password. I try the user AD credentials and the browser asks again for the user and password.


1583920447.324 2 TCP_DENIED/407 4223 CONNECT accounts.google.com:443 - HIER_NONE/- text/html

The user is authenticated properly to AD and has been successfully linked to the domain.

Any Idea?

Hi @m.traeumner and thank you for your answer,

I was using Transparent Proxy, now I’m checking the authenticated proxy as I replied the other post.

Do you think it is not possible to work with AD users with a transparent proxy?

Thank you!

@mrmarkuz is right here, I didn’t think about it. A little description why it doesn’t work is here:

@mrmarkuz Any idea here?

1 Like

@hortiz, please check /var/log/squid/cache.log for errors.
Which OS/browser do you use? Did you try another browser?

All Windows clients must access the proxy server using the FQDN.

Another thread about auth proxy with AD:

1 Like

I think

could also give some hints.


In yourś client set proxy with hostname not ip address.

Sorry my english is bad.

1 Like

Welcome to the community @Leonardo_Lovera.

No problem, we can understand you and most of us aren’t English native speaker.