Pages are not blocked if the browsers remains open



  • Hello everyone,

    I'm having a very annoying problem. my firewall is configured correctly, everything is working satisfactorily; carp, nat, squid, proxy, rules … all right. have working locks on specific schedules and releases in certain periods of time. the problem is.

    We have a rule to release full access to social networking sites, facebook, orkut etc., in the period of 12 to 14 hours and everything works right, almost.
    if the user closes the window and try to get back on the website it is locked, but if it keeps the site open the site remains "alive" and is not blocked, even if he gives a refresh on the page. My problem was complicated because users have discovered this flaw and are exploiting it.

    Ja to leaving for a more dramatic type force a restart via GPO or BAT in browsers ...

    Anyone know how to get around this?



  • Did you check:
    System: Advanced: Miscellaneous
    Shedule States and Gateway Monitoring ?

    Perhaps create a cron job to reset states and the specified times.



  • How are you trying to enforce the block against social networking sites ?

    Do you do it using Squid ACLs ?



  • Yes…i have some acl´s, and they´re working, as far as i know, just fine...the problem is that when user lets a browser open, the pfsense doesen´t block that page...



  • How is it possible to block sites with just squid by time ?
    Or are you using SquidGuard or something in addition ?

    I read something about SquidGuard having problems with time based rules.



  • Nachtfalke, squid acls allow time/date parameters (btw I've used the stand-alone version, I haven't had an opportunity to use the pfsense squid pkg yet)



  • Yes Nachtfalke.  I use squid 2.7.9 pkg v.4.3.1, and squidGuard 1.4_3 pkg v.1.9. Within Filter Proxy has a tab called TEAMS, there I determine the hours that the firewall allows access or vice versa. My problem is https protocol. I've been reading around in various forums that squid does not filter HTTPS. Some solutions were shown how to create alias for some ips facebook using https and adds it in the rules and block, but the problem is that everyone gets blocked and that's not what I want. Another way would be to apply this lock via GPO in Active Directory, it is limited only to users who want to block it, it works, but the block is permanent and only works in Internet Explorer. In this case the user has to be prevented from using other browsers. If anyone has another idea I'm listening.



  • Yes you can use HTTPS in squid, no problems.

    I think what you are trying to say is you can not setup transparent proxy in HTTPS in squid.



  • No dude,

    i mean that i can´t block https://facebook.com….can u help me?



  • @afarias:

    No dude,

    i mean that i can´t block https://facebook.com….can u help me?

    afarias, you have PM with links showing how to do what you want, with print screens. Links to the Portuguese forum but I know that… Portuguese is your mother language.   ;)


Locked