What’s the most effective way to filter content?
-
As the title states, I am wondering what would be my best route to go to Filter content? namely mainstream VPN services, social media, YouTube.
Would openDNS work to block VPN?
I do have squid installed, and setup, IS it possible to block VPN THAT way? Although I haven’t had much luck with squid.
Are there better options for pfsense?
I know I’m asking a loaded question here. Thanks in advance
-
@Wijet said in What’s the most effective way to filter content?:
As the title states, I am wondering what would be my best route to go to Filter content? namely mainstream VPN services, social media, YouTube.
Would openDNS work to block VPN?
I do have squid installed, and setup, IS it possible to block VPN THAT way? Although I haven’t had much luck with squid.
Are there better options for pfsense?
I know I’m asking a loaded question here. Thanks in advance
Did you set up man-in-middle with squid? huge pain in the arse.
Blocklists etc ?
-
@Wijet Only squid + squidguard will do all that you need, and even then you're entirely dependent on accurate blocklists. For example, do you know of any blocklists that contain entries for all the commercial VPNs on Earth? I don't.
@X2LR "Did you set up man-in-middle with squid? huge pain in the arse."
Not really, unless you insist on full SSL interception which is not required for URL filtering. Just use Splice All and you don't have to install a cert on every client.
Personally, I use squid in explicit mode + squidguard, and use WPAD to help my users find it automatically. No certs required, no SSL interception and I can still filter URLs.
-
@KOM said in What’s the most effective way to filter content?:
Splice
Splice huh ill have to look that up.
Does it work fine Kom?
-
Just watch their video. It explains everything. And yes, it allows me to filter HTTPS URLs without having to install certs everywhere. You only need client certs if you want to see their encrypted traffic and not just the destination URL.
Squid, SquidGuard, and Lightsquid on pfSense 2.4
-
@KOM said in What’s the most effective way to filter content?:
Just watch their video. It explains everything. And yes, it allows me to filter HTTPS URLs without having to install certs everywhere. You only need client certs if you want to see their encrypted traffic and not just the destination URL.
Squid, SquidGuard, and Lightsquid on pfSense 2.4
didn't even know they did videos :O! Thanks
-
Android devices have problems with splice all and transparent squid, some apps doesn't work.
When you connect to a wifi being filtered by squid transparent, it shows no internet connectivity.
Tested using samsung galaxy s10.I believe that I found a way:
Noticed that when my phone connects to the wifi, it tries to reach: http://connectivitycheck.gstatic.com/generate_204 - 216.58.222.99.
and
http://clients3.google.com/generate_204 - 172.217.162.174I was getting code: TCP_MISS/204 for both of these addresses
As this is a dynamic IP and it is always changing, I've put all their CIDR: 216.58.192.0/19 and 172.217.0.0/16 at the bypass for destination IP at the transparent proxy settings, and now everything seems to be working fine.
Tested using chrome, and it's blocking porn:
TCP_MISS/301 http://www.xvideos.com/ - 192.168.255.249
TCP_MISS/302 http://185.88.181.10/ - 185.88.181.10
TCP_MISS/301 http://www.xvideos.com/ - 192.168.255.2
-
Hi, I did manage to find a pretty secure system, for anybody willing to spend the $. On a trial with it right now, works perfectly for us so far... Adamnet.works
