Unofficial E2guardian package for pfSense
-
Do you know of a wiki or tutorial to doit?
No. I didn't tried to convert sarg from 2.2 to 2.3 yet.
It will be nice to have the package with gui and all but that is not what I mean. I can doit command mode. The problem is how to set up the pfsense web server to show the reports?
I know it has to be in a different port as it wont conflict with wpad.
-
I know it has to be in a different port as it wont conflict with wpad.
Just send reports to /usr/local/www/sarg. It will not have authentication, but will work.
-
Early in the thread is mentioned that e2g can generated the log in squid format with extended field including reason of blocked.
With SARG I could not used the squid format in extended mode.
Does the squidanalyser can read this format and provide the reason of block as part of the reports? -
I found an workaround util 4.1.1 gets fixed 8)
-
Configure squid to intercept SSL connections with splice all mode (this checks only remote certificate)
-
Configure e2guardian Parent proxy Settings with your squid ssl interface configured.
Testing with steps I know that crashes the daemon but it's still alive with and without MITM.
Does this still have to be done?
If yes, can you provide a screenshot of how to do it?
-
-
Does this still have to be done?
No. Just update the package to current version and select automatic on parent mode.
Sometime the udpate process on package manager does not update binaries. If it happens, just do a uninstall and then install.
-
I'm getting some false positives with it detecting normal websites as "Japanese pornography". For example on a housing website, nothing related to porn, no Japanese at all. I had it detecting some YouTube pages as Japanese pornography too.
The actual phrase lists, and content checking I think needs a little more improvement.
-
I'm getting some false positives with it detecting normal websites as "Japanese pornography". For example on a housing website, nothing related to porn, no Japanese at all. I had it detecting some YouTube pages as Japanese pornography too.
The actual phrase lists, and content checking I think needs a little more improvement.
In the past, pfsense forum was getting a portuguese pornography status :D
-
I'm getting some false positives with it detecting normal websites as "Japanese pornography". For example on a housing website, nothing related to porn, no Japanese at all. I had it detecting some YouTube pages as Japanese pornography too.
The actual phrase lists, and content checking I think needs a little more improvement.
In the past, pfsense forum was getting a portuguese pornography status :D
Maybe we should report this on Github? It is detecting things too easily. The annoying thing is. because the configuration needs to be messed around with so much its overwhelming and hard to understand where the problem is. Is it an issue in configuration? Or E2Guardian itself. But Japanese porn is one phrase list that I know has issues, even though its needed. That is something that maybe needing looking into.
EDIT: MITM seems to have stopped working for me for some reason. I haven't been using it for a while due to some issues with Windows updates, I tried enabling it now in order to test and it isn't forging certificates.
-
Using fully report returns what it identified as Japanese porn?
-
Using fully report returns what it identified as Japanese porn?
I haven't tried it yet, want me to try? Usually for kids etc, I don't want them to see what words are being detected. I was also hoping that since we have developed a group of enthusiasts via this thread, you Marcello, myself, Jetborrocal, and others, maybe those of us who have started using HTTPS, should make a list of exclusions.
What I mean is, when using HTTPS inspection (SSL certificate forging) a lot of services just won't work, because they check to see if its the authentic certificate. For example, Facebook app, Twitter App, Snapchat, mostly the apps it seems. However, a lot of desktop programs are moving to this too, its becoming quite an annoyance, and if we still want to use these services behind the proxy. We need to stop it being intercepted and touched by E2Guardian.
Also Marcello, I think you misunderstood me last time. I meant E2 Guardian misses a good reporting system where we can see who tried to access a block site, when, and why it was blocked. Not a graph showing overall blocked sites, which is what I guess your version of Squid analyzer will do?
Furthermore, I can't change or edit the block page anymore via the GUI. I guess it's due to your php updates?
-
For novice users, there is no guide on how to configure this E2Guardian for Http and Https web filtering.
As I read, E2Guardian is forked from Dansguardian but still novice users may know nothing about Dansguardian as well.
We hope that the is a detailed step by step guide on installation and configuration for http and https web filtering.
Like for me, I am creating a group on Group Tab but I dont know what ip address belongs to this group because I dont see where to set that up.
-
For novice users, there is no guide on how to configure this E2Guardian for Http and Https web filtering.
As I read, E2Guardian is forked from Dansguardian but still novice users may know nothing about Dansguardian as well.
We hope that the is a detailed step by step guide on installation and configuration for http and https web filtering.
Like for me, I am creating a group on Group Tab but I dont know what ip address belongs to this group because I dont see where to set that up.
I explained in your thread the two ways you can filter HTTPS, and I explained how the group system works. The group system is used to actually identify users and group their access permissions together. For example, in a school one group could be students, another could be teachers.
There's plenty of documentation on Dansguardian which is pretty much the same thing, I know it can be a little overwhelming at first. But you need to play around with it to understand how it works. Essentially, phraselists are used to detect words and phrases within websites, URL lists are used to block URL's based on categories, site lists can be used to block certain URL's.
You then need to pick a way to identify users, one of the more simple ways is to assign devices static IP's, and then setup identification based on IP's. You then need to assign those IP's to whatever group you want, and set up the ACL's for the groups.
Here's the Dansguardian Wiki: http://contentfilter.futuragts.com/wiki/doku.php?id=faq. The actual method of how it works is pretty much the same, so the info on there applies to E2Guardian too. I can give you pointers and help towards setting everything up a bit, but I can't go through even the networking side such as setting up static IP's when there are so many great guides already out there.
-
what about the wpad you mentioned that is part of e2guardian package. where can i find it?
-
Pfsensation:
Where do you set the exclusions? At exceptionsitelist?
Have you tried using Logmein through the proxy? -
another thing, how do you disallow using ip address in the browser like done in squid.
-
Pfsensation:
Where do you set the exclusions? At exceptionsitelist?
Have you tried using Logmein through the proxy?Yeah, its under the sites list tab under exceptions. That's where you can throw in all the domain names. It's paramount we start creating a small list of exceptions. I don't want E2Guardian to become something which causes more problems down the line than benefits.
what about the wpad you mentioned that is part of e2guardian package. where can i find it?
If you've installed the unofficial repository, via the instructions in the OP. Just go to the package manager and search for it.
another thing, how do you disallow using ip address in the browser like done in squid.
I'm not 100% sure but I believe that it maybe blocked by default. I just tried going to "http://8.8.8.8" and it gave me a 504 gateway timeout instead. I don't even see how using the IP would make a different when you use E2Guardian. E2Guardian is designed in a way in which it can scan websites on the fly, whether you connect to them via IP or domain. This is the biggest reasons why I recommend it over any other kind of filtering system, because it doesn't just rely on the website link, it can scan the contents of the page too!
-
Ah nope. It should not block by default browsing by ip address because some programs here in us uses ip address, therefore, i should be able to allow it or disable it.
The OP gave two ways to install, thru package and installing using commandline, which one is it.
-
Pfsensation
Have you used logmein behind the e2g using mitm?
-
Pfsensation
Have you used logmein behind the e2g using mitm?
Nope, however I have used TeamViewer etc, no issues. If you have problems with logmein, just add it to the exceptions.
@Marcelloc, which one is the correct E2Guardian config that we use now? I see a tonne of them in "/usr/local/etc/e2guardian"
I'm asking because FredB, over at GitHub recons that the blacklist categories not showing maybe due to not having the following :
# List categorisation #listcategory: "Banned Sites"Check it here: https://github.com/e2guardian/e2guardian/issues/244
-
Pfsensation
Have you used logmein behind the e2g using mitm?
Nope, however I have used TeamViewer etc, no issues. If you have problems with logmein, just add it to the exceptions.
Next week I am going to test with version 4. With v3 I add it to the exceptions but Logmein did not work. Teamviewer did worked. It seems some apps are more strict with MITM.
