Transparent HTTP/HTTPs filtering with NSFilter



  • We recently added transparent HTTPs ability to NSFilter, here is a quick demo video of transparent HTTP/HTTPs filtering using NSFilter with pfSense:

    https://www.youtube.com/watch?v=Q94bbFa6lME

    We will try to add more videos demoing more features very soon.



  • Wow looks a lot like many of the enterprise Proxy content filtering firewall features that I have been using for my clients (one off the top that I think of is sonicwall).

    This has the potential to be up to par for a quick alternative content filter proxy.

    The potential for pfs2.2 can spell out a lot of fun for clustering.

    ESXI seems to have no complaints.

    Well done. I will keep testing.



  • @nsnetworks:

    We recently added transparent HTTPs ability to NSFilter, here is a quick demo video of transparent HTTP/HTTPs filtering using NSFilter with pfSense:

    https://www.youtube.com/watch?v=Q94bbFa6lME

    We will try to add more videos demoing more features very soon.

    I have tested the content filtering and its working absolutely fine, especially the YouTube education filter. I tried the safesearch with some loaded terms and the results of search were filtered (most of the contents).



  • This filter is paid filter or free to use at home. if it is paid what is the cost for 10 users.



  • @exograpix:

    This filter is paid filter or free to use at home. if it is paid what is the cost for 10 users.

    Here is the link for your query
    http://www.northshoresoftware.com/pricing.php



  • What it doesn't explain, is how are users counted? and what happens when that count is exceeded?

    I'm thinking the pricing isn't home friendly depending on the answers above.

    I'm thinking a typical household of four who is a pfSense consumer. Two adults, two children, there are probably at least 2 computers, 4 smart phones, a couple tablets, 1-2 internet capable game systems. a Smart TV/Roku/ChromeCast or other smart device. So 10 Users? Add on a geek, and you probably have more computers/ a few servers, and other gadgets that require internet access.

    Now, What happens when This family has guests over, that may use their wireless? Now they need to have more Licenses for those?

    What about the Internet of Things?

    I can tell you from my family of 2, I have a day to day count between 20-30 active devices that poll some internet location. The product is appealing, but not at $300+/year. I can easily see that number of devices doubling in the next couple to five years. (Count is based off current Squid/Lightsquid results)

    P.S. if this is taken as flame bait, it's not. I am genuinely interested in what the product offers, and I think the pricing is in the realm of reason for Business users, but is potentially out of reach for most modern family households.



  • I suspect that this is targeted at the Enterprise.  Home users aren't going to pay a monthly fee when they could use their AV solution's URL filtering/parental controls, or an external solution like Norton ConnectSafe DNS.



  • Or the dansguardian package…



  • Hi All,

    I just saw this thread and wanted to clear a few things up.  NSFilter is a commercial product that we had one of our developers make a pfSense package for.  We were running it for a few of our customers and decided to compile on the older version of FreeBSD that pfSense uses and create some php pages to talk to our rest api to configure the filter.  Soon we will make our own UI and binary packages to run the filter standalone on popular *nix distros, pfSense was simply an early entry into that.  Many of our current installs have hand managed json configs that we mange manually, this was simply an easy way to put a UI around it on a popular platform.  I'll try to answer your questions inline as best I can:

    What it doesn't explain, is how are users counted? and what happens when that count is exceeded?

    A user is counted when a new IP address hits the filter, it is kept in a table until the filter is restarted, once exceeded the n + 1 user will receive a block message with the reason "License Count Exceeded"

    I'm thinking the pricing isn't home friendly depending on the answers above.

    Yes, home users weren't our target when we started this, most of our current users are small private schools and some municipal stuff, generally 100-200 user sites.

    _I'm thinking a typical household of four who is a pfSense consumer. Two adults, two children, there are probably at least 2 computers, 4 smart phones, a couple tablets, 1-2 internet capable game systems. a Smart TV/Roku/ChromeCast or other smart device. So 10 Users? Add on a geek, and you probably have more computers/ a few servers, and other gadgets that require internet access.

    Now, What happens when This family has guests over, that may use their wireless? Now they need to have more Licenses for those?

    What about the Internet of Things?

    I can tell you from my family of 2, I have a day to day count between 20-30 active devices that poll some internet location. The product is appealing, but not at $300+/year. I can easily see that number of devices doubling in the next couple to five years. (Count is based off current Squid/Lightsquid results)_

    You are right, I actually just bought a wifi thermostat, and imagine many ip cameras, devices in my future, the nice thing about the way we have this setup on pfSense is that you control what devices get redirected to the filter via NAT rules, currently I only have my kids computers redirected to the filter, unless I'm doing testing.  Again, home users are not really the target, and pfSense home users are prone to having a few more ip devices than the average household.  That being said, you do have complete control of what ip's get directed to the filter, there is no reason to send a thermostat to the filter for instance.

    P.S. if this is taken as flame bait, it's not. I am genuinely interested in what the product offers, and I think the pricing is in the realm of reason for Business users, but is potentially out of reach for most modern family households.

    Not taken as such, we are experimenting with pfSense albeit fully supporting it, but it is new and interesting ground, users are much more technically astute, and we get some flack for being a commercial product but that comes from paying developers and supporting our product as well as using a commercial grade cloud service for the url/domain categorization.

    This was a venture that was started a few years back when we were trying to come up with a solution for a 200 user school.  It continues to be a very interesting and fun project, I know documentation is sparse at the moment, this is due to the development work that is going into the filter.

    Please let me know if any of you have questions, I look forward to a constructive dialog.

    Thanks,
    Adam



  • Adam… I'm glad you chimed in on this.

    I've created a lot of custom screens and menus on top of pfSense to create a simple home content filtering firewall/router. It forces use of filtering DNS providers, includes the squid and dansguardian packages, a custom dansguardian reporting page, custom time limiting pages, etc. I've stripped out all of the pfSense pages that would be confusing to most home users. I've also changed the theme, "branded" it and started a manual for it with the idea of selling devices with it pre-installed. I've also started playing around with pfSense 2.2 with the intent of creating an "all-in-one" device that would include wireless N connectivity.  Obviously what I'm doing is targeted to a very specific niche - my goal is to provide a simple high quality home content filtering appliance that does not have yearly licensing costs. I'm not really looking to make much money off of it, but doing it more as a ministry.

    All that said... I've always thought that a cloud based filtering approach like nsFilter would be a better way to go. Have you ever considered trying to target the home market?



  • Just wanted to update the thread to let everyone know that we have added support for pfSense 2.2, the installation is exactly the same as the previous versions.  Here is a brief rundown of current features:

    DNS Filtering:
      Domain name categorization using realtime cloud categorization service
      User/Group/IP based policies
      Local Domain Override (*New, overrides DNS lookups to alternate server for specified domains, ie mydomain.com uses 192.168.1.1 vs 8.8.8.8 for everything else).
      Customizable Block Pages

    HTTP/HTTPS filtering:
      URL categorization using realtime cloud categorization service
      Transparent mode supported
      User/Group/IP based policies
      Force Safesearch (Google/Yahoo/Bing)
      Youtube for Schools
      URL Black/White lists
      Content Type Black/White lists
      File Pattern Black/White lists
      Customizable Block Pages

    Authentication:
      LDAP integration
      Domain Controller Agent (In development, this will allow users to automatically authenticate to NSFilter when logging in successfully to the domain).

    Please let us know if there are any features you would be interested in trying or like to see about having added to NSFilter, we are always looking to improve.

    Also if there are any of you testing 2.2 if you would like to give NSFilter a try, we would love to get some more data points on running on the new platform.

    Thanks,
    Adam