Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Prevent proxy / DNS filter bypass - whitelist domains

    General pfSense Questions
    2
    3
    107
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Salamander last edited by

      Hi,

      I need to limit the access of some PCs to the internet in a way that they can only access certain websites. (I think) I can't do it based on IP address since they change rather often and I'd need to whitelist probably half the cloud making the setup rather pointless. With squid I can limit access but afaik you can still bypass the proxy by connecting directly to an IP. The same is true for DNS filters.
      My current setup is a pfsense router running squid and doing DNS over TLS.
      Is there any way to prevent bypassing the filter? Or can pf adjust the rules so that during a dns lookup muh.cloud.com resolves to e.g. 6.6.6.6 which then gets automatically allowed?

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        If you are forcing all traffic through Squid/Squidguard you can block IPs in the request directly. There is an option for that.

        Steve

        1 Reply Last reply Reply Quote 0
        • S
          Salamander last edited by

          Found it, thx.
          I have a similar problem still. When I go to a website, the site itself might fetch scripts etc from other domains which would need to be whitelisted, too. Doing that manually is a hassle in particular when the external resources are fetched through muh.cloudfront.net while the other day it is meh.cloudfront.net. Can squid whitelist a whole website?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy