Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Https content filter

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 5 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      swamiforlife
      last edited by

      Hey I am new to PfSense so need some help.
      I need to install Pfsense in my church with about 10-15 users. And we need to do some heavy content filtering especially for https.

      1. We want to enforce google safesearch for certain users.
      2. We want to block certain Https websites and categories.
      3. We want to log attempts to open blocked sites.
      4. We need the flexibility to apply different set of blocking rules to different users.

      What is the best solution for us?
      We came across this www.diladele.com. Is this better than Squid and SquidGuard.
      Also what about e2guardian is that better than Squid and SquidGuard?

      Also if there is something i am missing please feel to add your own input

      1 Reply Last reply Reply Quote 0
      • Z Offline
        zackis
        last edited by

        You might think about layering your protections.

        The Google Safe search should not be a problem, I remember seeing those options within one of the configurations screens I was poking about in yesterday evening.

        To block certain websites, it might be better done by using something like Open DNS ( and selecting the filter to remove the options you wish to block) or using some other DNS filter in addition to the pfsense firewall.

        VPN's would be an issue ( as they can sometimes use the destinations IP as the DNS resolver) instead of using your DNS resolver of choice.

        There also might be some Proxy solutions, diladele, in addition to others.

        By layering your defenses you might be able to better filter out what you do/don't want, in addition not all solutions in one place, would eliminate the catastrophic issues that you might see if your pfsense firewall stopped working.

        1 Reply Last reply Reply Quote 0
        • C Offline
          Chrismallia
          last edited by

          I think best way is to use dns filtering on pfsense. to have different filter for diferent group well vlan with different dns rules

          1 Reply Last reply Reply Quote 0
          • P Offline
            pfBasic Banned
            last edited by

            Don't use opendns on pfsense. It's the to go for SOHO but pfsense is far more capable.

            You want to use Unbound as a resolver the way it comes out of the box.

            You'll need to setup pfBlockerNG, DNSBL and Squid + Squidguard, and suricata for best results. Use squid as an explicit proxy using WPAD.

            You can do a pretty good job of blocking VPN access with a combination of maintained lists in pfBNG & DNSBL, packet inspection on suricata and a also just whitelisting your LAN will close down some ports that many VPNs use.

            You'll also want to use TLD for best results.

            The bottom line is that doing a thorough job of this will never be perfect and it will require a beefy system (packet inspection is CPU intensive and TLD is RAM intensive).

            If you want it to be the truly effective you just have to whitelist everything, which is silly.

            1 Reply Last reply Reply Quote 0
            • A Offline
              aGeekhere
              last edited by

              https://forum.pfsense.org/index.php?topic=112335.0

              Never Fear, A Geek is Here!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.