I select the categories for filter, for example, violence, drugs, and porn, and the other options, so when I search a site with porn and entering the page, this content is not blocked, and I don’t understand this, because I follow the steps for create a filter for urls. How can we block content permanently?
I’m following the URL filter config and the Web proxy config but nothing seems to work.
Hi @zombi3, welcome.
In transparent proxy mode not work https. You must configure proxy in non-transparent mode.
After this, you have to make sure that all http and https traffic goes through the proxy by modifying in “Control Panel” the “internet options” → “connections” → “lan settings”. (in windows).
And finally, create a rule in the Firewall so that it discards all the requests that do not pass through the proxy so that they cannot bypass the protection.
If you search the forum, you will surely find more information on these topics. 
Greetings
I created these two rules. They must be put with this order!!! When one rule is valid, the following rules are not executed. This is the logic.
The first one “frees” a certain group of IP in my green.
The second blocks all traffic from GREEN to RED for all other IP. Automatically, all traffic that “goes through the proxy,” is not affected by this rule.
Big problem: In this way, only browsing is possible. All services that use other ports (POP3, WhatsApp, SMTP, FTP, … will not work, unless other rules are set to free the relevant ports).
Can this major problem be remedied?
Even acting on the protocol (changing ALL with the ports to be closed) creates another problem: If http(80) and https(443) porn sites use other ports (which is rare but possible), those are not blocked (if the traffic does not “go through the proxy”). I have to add rules for each list of ports to close.
And by the way, porn images displayed in search engines (google), are not filtered. (You need to block google).
The “Blocked Expressions” function, “the list of dirty words,” works only for http, but I could not integrate it for https.
I am convinced that there is no other remedy. If I am wrong please correct me.
In this case I am doing it with virtualbox. Within the ipfire interface in the advanced web proxy configuration, I only have Green active and Transparent in Green is not activated.
I don’t know what I’m missing to configure, I don’t know if you can give me a tutorial or a post to find the solution.
Hi @zombi3.
I tell you.
It happens to me with the “Windows Sandbox” that creates a virtual interface with a different range from the IP ranges that I have in the Green Interface.
Maybe this is your case and to solve it, you have to put that range of the virtual interface in the IPFire Squid Proxy:
Try it and tell us.
Greetings.
Hello, honestly I do not understand very well. Now, if it’s not too much trouble, could you give me some kind of tutorial or instructions to follow, for example, some pages do block me and others don’t. And the truth I do not understand. So I have activated both transparent mode and enable on green.
But I don’t know what to do to get it to block me, for example YouTube.com or another page, it doesn’t work for me.
Some images:
Transparent mode only works with http websites and not with https. To include https web sites you need to use the Conventional mode (Non Transparent mode)web proxy.
https://wiki.ipfire.org/configuration/network/proxy/wui_conf/settings
Yes, I know, but if I deactivate it and enter a page that is not https, that is, it is http, it does not block it either.
I would suggest that you go to the console, and issue this command:
tail -f /var/log/messages
this will display the logs in real time (ctrl-c to exit). Then open the browser and point it to the server that should be blocked by the proxy and post the logs here. I would like to see if those packets are redirected to the proxy and if the proxy will forward the traffic instead of block in it.
Then I can’t help much more as I don’t use the URL filter so have no experience with that.
I understand, but I still haven’t been able to configure the url filter, also, I don’t have much experience configuring a firewall like this, I don’t know if anyone could help me if it’s not too much trouble and my apologies.
We do not know where the problem is. Maybe it is not urlfilter failing or not configured well. Maybe your traffic goes directly from your browser to the web server without touching the proxy. Troubleshooting means looking at the logs. There is no way around this.
Can you use the web user interface to create two rules blocking the traffic from green to red on port 80 and 443? We can help you out here. You need to make sure the firewall will not allow any direct traffic before trying to see why urlfilter fails. Either the logs, or closing the gate at the firewall level. likely, you need both.
and how could I do that, is that as I eat you I am a noob and I have just begun to enter this world. Greetings.
I have worked on it a lot over the years with url filter, because I had to install it in a school. It is not difficult to use, but I don’t know how I can explain it. I’ll send you an image of my current setup. I hope it can help as a cue.
In any case, know that if you remove the proxy in the clients, the url filter is useless. As I already explained in an initial post, you have to set up rules in your firewall to remedy this.
And this is an example of setting proxy in a client.
I set the proxy on the firefox browser.
10.168.1.254 = IP of IPFire server (green)
This procedure is vital. If you do not set a proxy here, as already explained, sites will never be blocked (or ONLY HTTP 80 will be blocked in case you have TRANSPARENCY enabled).
“By acting on the firewall rules,” you can make sure to “force proxy browsing.” In other words, if the proxy is removed in the client, the computer will not be able to browse.
Some users have asked me privately for this information.
I thought I would make it public here, knowing that it may be useful to all users.
This is what I see for a blocked https site:
And this is what I see for a blocked http site:
N.B:
For https the “connection failed” error applies.
I don’t think you can customize an error page for https. At least I couldn’t. I don’t know why.
The site blocker works perfectly for me, though!
One can take a cue from these images to create rules suitable for forcing proxy browsing in clients…
Whenever you create or edit a firewall rule, the green button you see in the picture on the firewall/firewall rules menu will appear.
Click on it for it to disappear, otherwise the rule changes/creations will never take effect.
@zombi3
Make screenshot of your settings for DHCP Server green and blue.
Those are important for the URL Filter function.
BR
Trash
If needed I can send my configuration. Let me know. I am at your disposal.
@casabenedetti
I thought Zombi3 had an issue.
If you need to clear that too ? Sure you can.
BR
Trash
