4. Prevent proxy / DNS filter bypass - whitelist domains

Prevent proxy / DNS filter bypass - whitelist domains

  • S

    Hi,

    I need to limit the access of some PCs to the internet in a way that they can only access certain websites. (I think) I can't do it based on IP address since they change rather often and I'd need to whitelist probably half the cloud making the setup rather pointless. With squid I can limit access but afaik you can still bypass the proxy by connecting directly to an IP. The same is true for DNS filters.
    My current setup is a pfsense router running squid and doing DNS over TLS.
    Is there any way to prevent bypassing the filter? Or can pf adjust the rules so that during a dns lookup muh.cloud.com resolves to e.g. 6.6.6.6 which then gets automatically allowed?

    0
  • Netgate Administrator

    If you are forcing all traffic through Squid/Squidguard you can block IPs in the request directly. There is an option for that.

    Steve

    0
  • S

    Found it, thx.
    I have a similar problem still. When I go to a website, the site itself might fetch scripts etc from other domains which would need to be whitelisted, too. Doing that manually is a hassle in particular when the external resources are fetched through muh.cloudfront.net while the other day it is meh.cloudfront.net. Can squid whitelist a whole website?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy