Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking Access to Certain Web Sites for Certain Users?

    Scheduled Pinned Locked Moved
    General pfSense Questions
    2
    2
    4.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Syntax42
      last edited by

      I would like to prevent all but a few people from accessing YouTube or certain other sites at a small office.  It is safe to assume authorized users only use one computer, and no other users are given access to those computers.  Everyone should be able to access sites which are not on the block list, and only authorized users should be able to access those sites.

      The problem I've read with using a proxy like SquidGuard is that it can't block HTTPS.  Using a DNS redirect wouldn't allow authorized users to bypass the restrictions, unless I'm missing something.  Blocking by IP address would be unacceptable because it would block other Google services.

      Could Captive Portal be set up to allow all web sites for most users, then restrict access when users try to access YouTube (and certain other sites)?

      Is there another solution to this that I'm not aware of?

      If a simple Captive Portal solution isn't an option, would the following work?  Allow full web access on LAN1 interface but set up a DNS redirect to LAN2 interface IP address for restricted sites.  Set LAN2 interface to require Captive Portal login.

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Dansguardian will probably serve you well andf you will get AV scanning to boot.

        http://forum.pfsense.org/index.php?topic=42664.0
        pay attention to the section on HTTPS and forwarding to 8080
        This is a more recent write up:
        http://thegeekninja.wordpress.com/2013/07/02/pfsense-squid3-and-dansguardian-a-better-alternative-to-squidguard/
        I would stick with the stable release of squid rather than use the squid3 beta.

        Dansguardian is a package now so you can add it directly from package and no listing of commands is needed.

        Go into the ACL (access control list)
        Disable all the filters you don't want
        Make sure URL list is enabled.
        Edit the regexp in the banned section just adding the url of things you don't want people to see.

        like youtube.com
              facebook.com
              whyisuckattyping.com    or whatever.

        It will be easier to make a firewall rule for you if you make an alias including all the machines you wish to filter.

        For me, I disable all the filters except url and antivirus scan.

        1 Reply Last reply Reply Quote 0
        • K Keeks referenced this topic on
        • First post
          Last post