HTTP/HTTPS web filtering by IP series



  • Dear All,

    I'm trying to configure a customer filtering for different subnets. What I actually want is that the filters & restrictions need to be applied for particular IP series. The rest should have access accordingly.. can this be achieved in a certain way where the specified users only should have restrictions but not the rest. I tried this tutorial here which makes me confusing.

    Any other alternative solutions will also be great as I tried squid which only works for http under transparent.



  • HTTP blocking with different blocking groups is relatively simple to set up. HTTPS is a bit more difficult… I struggled with getting HTTPS filtering set up at our school for a couple of months toward the beginning of this school year. The way I ended up setting it up is by using the "SSL man in the middle Filtering" in the Squid3-Dev package. Unfortunately, this throws certificate errors unless you install a CA cert from pfSense. It's a pain to set up (need to install the CA cert on each individual computer), but once it's in place it works. As far as I know (unless you go the route of DNS-based filtering such as OpenDNS) there is no way to do completely transparent HTTPS filtering without needing to install a certificate on each computer.

    As for having different blocking groups, you can most certainly do this with Squid. (I use Squidguard here for blocking, by the way, so I'm not familiar with the blocking package used in the tutorial you linked). Under the "Groups ACL" tab you can create a new group, and set up which IP addresses it is applied to (you can do individual IPs, or whole subnets... I just do 192.168.4.0/24 to apply it to the whole .4 subnet).

    Hopefully that helped some... At what point are you in the setup? Have you gotten the proxy working yet for at least HTTP?


Log in to reply