New HTTP+HTTPS Proxy / DNS Filter Package



  • First, I'd like to introduce ourselves, Northshore Network Solutions is a small group of small business consultants who work with a lot of schools.  Unable to find a solution that worked for us when it came to content filtering with pfSense, we decided to write our own using node.js.

    We have spent a lot of time over the last few months working on this, We have built the application as well as created a pfSense package, it is finally at a stage where we would like to get some testing in.

    This is intended to be a commercial product, as we have to pay a commercial service for the URL/Domain categorization, as well as we intend to support our software.

    The package has options for filtering by DNS or through an HTTP & HTTPS proxy server. You can filter by category or through blacklists and whitelists for specific urls, content types or file patterns, the proxy also includes support for things like enforcing safe searches with Google/Yahoo/Bing, as well as support for YouTube for schools.

    Users can be identified by IP or through authentication via local user or Active Directory credentials. Policies can be applied to both users and groups. Authentication and block pages are fully customizable.

    Documentation is a little sparse at the moment but we will be working on that over the next few weeks.

    Please feel free to contact us with any questions etc, you can install a demo of our code on any amd64 based pfsense install.

    Learn more on http://northshoresoftware.com or shoot us some questions on here.

    Thanks,
    Adam Snodgrass,
    Development Lead,
    Northshore Network Solutions
    adam@northshoresoftware.com



  • Thank you for the work you have done. But the package is not listed in the available packages of Pfsense. So, would you give a brief explanation to install the package. I would love to try it. :)



  • Ah, right. We have a tutorial here http://www.northshoresoftware.com/knowledgebase.php?action=displayarticle&id=13 that should get you started.



  • Adam… what is the advantage of what you've built over the combination of Squid/Dansguardian/OpenDNS?

    Thanks!



  • Maybe his actually works?  Anyone who has fought with squid3 will sympathize.



  • @rjcrowder:

    Adam… what is the advantage of what you've built over the combination of Squid/Dansguardian/OpenDNS?

    Thanks!

    I was wondering that too.

    ·  (If you plan on using DNS filtering) Disable the DNSForwarder, under Services > DNSForwarder disable the forwarder (In DNS filter mode, NSFilter starts a DNS server on port 53 to serve DNS queries)
    ·  Obtain a license, you can get this from www.northshoresoftware.com (Free 30 day trial is available)
    ·  Set your package repo to the Northshore repository, go to https:///pkg_mgr_settings.php, check the box to use the repo and enter repo.northshoresoftware.com into the text box.

    I am not sure I will want to use any external repo  :(



  • @asnodgrass:

    Ah, right. We have a tutorial here http://www.northshoresoftware.com/knowledgebase.php?action=displayarticle&id=13 that should get you started.

    I followed the instructions given in the above link and installed the NSFilter package. I manually adjusted the browser settings and pointed it to the Pfsense ip address and all the websites are getting blocked. The reason given by NSFilter webpage is "Invalid License".
    Is it because I'm using the trial version?



  • @networkinggeek please submit a support ticket and we'll get you straightened out.

    @Hollander we are working out some kinks but we intend to be in the main package repo.

    @rjcrowder & @Hollander We use a cloud based categorization service that has over 500 million urls categorized. We've made it so you can install the package and be filtering https traffic within 5 mins.