• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Web filtering (allow only few websites to a group)

Scheduled Pinned Locked Moved General pfSense Questions
10 Posts 5 Posters 12.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    V4705
    last edited by Apr 25, 2012, 7:57 PM

    Hi,
    We need to block all the websites (except for only few) to one division in this office (few people with static ip).

    What's my options with pfSense?

    Many thanks!

    1 Reply Last reply Reply Quote 0
    • D
      dreamslacker
      last edited by Apr 27, 2012, 12:22 PM

      Squid with Squidguard is probably your best bet.  Alternatively, where the running of Squid has undesired effects, you can use URL aliases and firewall rules to block all port 80/ 443 traffic sourced from the group and bound for the URL alias.

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by May 1, 2012, 5:02 PM

        That's not how URL aliases work.

        Squid+SquidGuard (And maybe Dansguardian?) are the only ways to block/allow sites selectively. It can't be done with firewalls in any meaningful way.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by May 1, 2012, 5:34 PM

          If you only want to allow access to, say, the companies web servers then you probably know what IPs they are on and can allow access only to those.
          Depends what you mean by 'only a few'.

          Steve

          1 Reply Last reply Reply Quote 0
          • D
            dreamslacker
            last edited by May 2, 2012, 5:48 AM

            @jimp:

            That's not how URL aliases work.

            I was under the impression that URL aliases are used to periodically resolve the IP addresses for firewall rules.  If that is not the case, could you enlighten me on the purpose of the URL aliases?

            Thank you.

            1 Reply Last reply Reply Quote 0
            • V
              V4705
              last edited by May 9, 2012, 4:12 PM

              @jimp:

              That's not how URL aliases work.

              Squid+SquidGuard (And maybe Dansguardian?) are the only ways to block/allow sites selectively. It can't be done with firewalls in any meaningful way.

              Thanks for the answer,
              I tried to setup squid and squidguard but for some reason when I set the proxy configuration in my computer, I can't access any website (don't know if the proxy blocked that or it doesnt even communicate with the proxy…).

              What I did until now:
              installed squid and squidguard addons
              set on squid ("proxy server"):
              interface: lan
              [v] allow users on interface
              log dir: /pfsenselogs/proxy (dunno, just wrote some path…).
              port: 8484 (again, dunno what to choose, just picked one because it didnt offer any default).

              set on squidguard ("proxy filter"):
              target categories -> "category1" -> domain list with 5-6 domains, separate by space.
              common acl -> category1 whitelist, default access deny.
              [v] not to allow ip addresses in url
              redirect mode: int error page
              redirect info: blocked
              general ->
              [v] enable
              apply

              Any help\tip\suggestion to start working with it, will be HIGHLY appreciated.

              Thanks.

              1 Reply Last reply Reply Quote 0
              • D
                dhatz
                last edited by May 9, 2012, 6:24 PM

                @V4705:

                We need to block all the websites (except for only few) to one division in this office (few people with static ip).
                What's my options with pfSense?

                It depends on which "few websites" you want to allow.

                Most webpages load objects from many different domains, sometimes CDNs, in which case white-listing specific domains can be problematic.

                1 Reply Last reply Reply Quote 0
                • V
                  V4705
                  last edited by May 18, 2012, 6:22 AM

                  Our own websites and few web-based apps we're paying for (3rd companies).

                  1 Reply Last reply Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator
                    last edited by May 18, 2012, 12:33 PM

                    If those web sites are being served from a small number of fixed IPs then simply add those to an alias and use that in a firewall rule.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • V
                      V4705
                      last edited by May 18, 2012, 2:19 PM

                      Thanks for the quick reply,
                      I tried that, unfortunately its not working for those websites.
                      Any tips\guides on how to use Squid\SquidGuard on pfSense?

                      Thanks!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        [[user:consent.lead]]
                        [[user:consent.not_received]]