Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is possible to log user access on http, https?

    Scheduled Pinned Locked Moved
    Captive Portal
    2
    5
    266
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dimsum
      last edited by

      Hi There,

      I have med a captive portal for free wifi in the office but the office needs to keep a log of who has access to the internet. I need to know who, when, and the destination. A captive portal has only logs of who has a login but doesn't know the destination. Also, I looked in the DNS resolver log it has the IP and domain name resolved but no user login.

      I have looked at squid proxy with transparent but it doesn't work on https. and I don't want a user to do anything when using the free wifi e.g. setting the proxy in their mobile, tablet, and laptop.

      How can I combine or custom cative portal and DNS resolver log?

      Any idea please advise.

      Thanks.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @dimsum
        last edited by Gertjan

        @dimsum said in Is possible to log user access on http, https?:

        I don't want a user to do anything when using the free wifi

        Then don't let him connect in the first place 👍

        Status > System Logs > Authentication > Captive Portal Auth shows the user's IP and MAC,
        Take note : the IP will be an IP in your own local network, and the MAC is probably randomized.

        https traffic, as any other TLS traffic : unbreakable.

        You could install pfBlockerng - block all known "DNS over HTTPS/TLS/QUIC Blocking" on Firewall > pfBlockerNG > DNSBL SafeSearch
        Add this Redirecting Client DNS Requests so clients are forced to use pfSEnse as there DNS.

        ... now you'll have :

        9086fbe4-7936-47c4-b1ef-6e2b0e9e52ce-image.png

        so you can see where they go.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        D 1 Reply Last reply Reply Quote 0
        • D
          dimsum @Gertjan
          last edited by

          @Gertjan said in Is possible to log user access on http, https?:

          You could install pfBlockerng - block all known "DNS over HTTPS/TLS/QUIC Blocking" on Firewall > pfBlockerNG > DNSBL SafeSearch
          Add this Redirecting Client DNS Requests so clients are forced to use pfSEnse as there DNS.

          Can you explain these steps to process? I have to install pfBlocker and create a DNS redirect rule. but I cannot get any log just like you.

          Here is my setting:

          41d81505-7943-41e2-aa3f-419bc384087e-image.png

          c963976f-d688-4393-8478-b6d8b1830aa0-image.png

          867fa2cf-45cf-42ce-89f6-a54148aa5c1d-image.png

          Thanks.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @dimsum
            last edited by

            @dimsum

            Don't enable SafeSerach Redirection and Youtube Restrictuions as you have to study the side effects first.

            Use these settings :

            9c2311fb-aaa5-402f-a605-de1036ae9b03-image.png

            and add also, while you're there, add one or two 'small' DNSBL :

            50672d8c-e4de-4885-aed7-4f8056a23666-image.png

            Note somewhere on a post-it : "the host names present in these two lists will get blocked".

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 1
            • D
              dimsum
              last edited by

              Thank you for your help.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post