Pfsense can url filter ????????

dinhvietbk

I used pfsense with firewall function…But i don't see url filter function of pfsense..Have pfsense got url filter function ? If has, it where and how configuration ???????

Perry

Using OpenDNS.com as your DNS Servers is the easy way.
or you can use Squid + Squidguard which is available as packages.

iamthed

install squid +squidguard then configure..
solved the problem

jigpe

Is it okay to use squid+squidguard if you have traffic shaper enabled? Seems like traffic shaper slow down all of the rules ive set in the Firewall Rules.

jigp
Davao City

zabidin2

I use squid+squidgard. When i add domain that i want to block in destination tab on proxy filter, user still can access domain that i want to block. Not solved my problem.

Cry Havok

Is the user using the proxy - if they aren't then of course they can bypass the restrictions in the proxy.

chudy

squid alone can filter url or anything http

zabidin2

squid, it self can filter url only not advanced like squidgard. And also, we cannot customize error page on squid. I create page that i customize but image not appear.

chudy

First of all SquidGuard runs on squid's feature url_rewrite.

Squid can do and SquidGuard cant….
Filtering:
mac-address
browser used
referer
maximum connections
mime-type
header

SquidGuard can do and Squid cant?
so far nothing I've known.

Which do you think is not advance? ;) maybe you mean easy  :)
You might ask why I don't want to use squidguard? Its because it degrades the reqs/sec.

For url filter:
you can always use custom configurations under squid and try the following below.

If URL you can use url_regex but the problem is what if the client access sites by IP? so ill use dstdom_regex to resolve the IP(not tested).
block youporn.com gayporn.com worldsex.com and any domain contains xxx

acl porndomain dstdom_regex porn sex xxx;
http_access deny porndomain;

you might ask why there is ;? Its for webgui custom configurations.
If you like to blocked only porn site's videos?

acl porndomain dstdom_regex -i porn sex xxx;
acl videos urlpath_regex \.flv \.asf \.wmv \.on2;
http_access deny porndomain videos;

remember all acl are OR logic while all access are AND logic.

Custom error pages? edit /usr/local/etc/squid/errors/English/ERR_ACCESS_DENIED
i've tried add css and reconfigure  ;D

Or

acl porndomain dstdom_regex porn sex xxx;
deny_info ERR_ACCESS_PORN porndomain;
http_access deny porndomain;

/usr/local/etc/squid/errors/English/ERR_ACCESS_PORN <- file location if English(default)
if you put some images it should be in /usr/local/www unless you want to link inside squids errors directory.

How to remove squid footer? add this in error pages.

One more thing. Controlling partial download(like DAP)

acl maxcon maxconn 2;
acl partial rep_header Content-Range .*;
http_reply_access deny partial maxcon;

jigpe

After following the steps, my squid package wont run now. I have to reinstall the package..Reinstalling package did the trick but i lost the backup squid configuration.Good thing i backup the xml..

jigp
Davao City