NethServer Version: NethServer release 7.7.1908 (final)
Module: Web Content Filter
I’m doing my first steps with Nethserver. I’ve installed AD, Firewall and proxy and Web Content Filter. I’m using Transparent with SSL proxy.
Everything works well if I use profiles related to Firewall objects, but when I want to set filters related to Active Directory groups or users the filter does not apply.
How is it possible? I think everything is correctly configured since otherwise, it would not work well with firewall objects.
I’ve checked the “Block HTTP and HTTPS ports” option.
Thank you !
Hi, first welcome to the community.
To your question,
could you post some files please. squid and ufdbguard config
and log files at the time you try to open a site which should be blocked, but isn’t blocked.
You need to use authenticated proxy instead of transparent one to get the user/group information. Then users/groups are selectable in the Profile creation wizard.
first of all thank you for your answer. I changed the proxy to the authenticated one, and when I try to navigate any page, the browser asks me for a username and password. I try the user AD credentials and the browser asks again for the user and password.
1583920447.324 2 192.168.0.126 TCP_DENIED/407 4223 CONNECT
accounts.google.com:443 - HIER_NONE/- text/html
The user is authenticated properly to AD and has been successfully linked to the domain.
@m.traeumner and thank you for your answer,
I was using Transparent Proxy, now I’m checking the authenticated proxy as I replied the other post.
Do you think it is not possible to work with AD users with a transparent proxy?
@mrmarkuz is right here, I didn’t think about it. A little description why it doesn’t work is here:
@mrmarkuz Any idea here?
@hortiz, please check
/var/log/squid/cache.log for errors.
Which OS/browser do you use? Did you try another browser?
All Windows clients
must access the proxy server using the FQDN.
Another thread about auth proxy with AD:
welcome to the NethServer Community.
Did you setup 127.0.0.1 as DNS server like in the following thread (similar error) ?
If not please tell us some more about your config by posting the output of:
config show dns
config show sssd
Which Windows version and browser(s) do you use?
Do your clients use NethServer as DNS server?
Did you enter the NethServer FQDN in the proxy settings of your browser? There may be problems with using the IP address.
In yourś client set proxy with hostname not ip address.
Sorry my english is bad.
Welcome to the community
Sorry my english is bad.
No problem, we can understand you and most of us aren’t English native speaker.