Best Content Filter for HTTP / HTTPS or DNS



  • I need a content filter that I can use within pfSense to block certain categories.  It needs to either filter HTTP and HTTPS (transparent), or DNS.  We have a public guest network that BYOD go on, we don't want them getting a certificate error.  Any ideas?



  • If you don't want cert errors and you don't control the devices then transparent mode is out of the question.  Squid, squidGuard and a blacklist will do what you want.  WPAD can be used to configure auto-detection of the proxy.


  • LAYER 8 Netgate

    Getting in the middle of HTTPS connections is ugly no matter who does it and no matter the reason.



  • I guess I'm looking more for DNS Filtering…. If we did HTTP & HTTPS filtering, WPAD would work to configure browsers so they don't get a certificate error?



  • WPAD would work to configure browsers so they don't get a certificate error?

    You have it backwards.  The browsers support the WPAD method of auto-detecting the proxy.  WPAD doesn't do anything.  You have to edit your DNS and DHCP to support WPAD, but it's easy.  The only real gotcha is that the wpad.dat/proxy.pac files must be hosted on an HTTP server, and the web server must support the dat/pac MIME type.



  • Okay so if I go that route, then SquidProxy would be the way to go with HTTP and HTTPS filtering?  Or…



  • Or Dansguardian?



  • I think DansGuardian is being deprecated for 2.3, so you might want to avoid it.  Squid is the only way to go for now.


  • Moderator

    @cmb991:

    I guess I'm looking more for DNS Filtering….

    https://forum.pfsense.org/index.php?topic=102470.0



  • DNS filtering using that would be awesome, we already have it installed.  but there isn't anyway to do categories…


  • Moderator

    @cmb991:

    DNS filtering using that would be awesome, we already have it installed.  but there isn't anyway to do categories…

    Some others have asked to get that incorporated into the package which I should be able to do at some point…. In the meantime, just download the Feed that you use into  /var/db/pfblockerng and extract the archive. The extraction should create the subfolders for the Feed in that base folder.

    Then add a new DNSBL Alias, and in the 'Source Fields', map to the category folders that you would like to use… Add a new Source line for each category.

    You could also rig a cron task to download once/day and extract to the same folder.


Log in to reply