Hey,
I’m relatively inexperienced with IPFire. I inherited a setup for a small computer lab that utilizes it. I’ve kept it up to date the last few months but keep having an issue. I have some endpoints that, although they have proxy settings, they are not being filtered. I’ve tried using the PAC file as well as the IP address for the proxy settings. I’ve also noticed that if a user creates a new profile on Edge, it allows them unfiltered access to the internet despite the proxy settings. Any ideas?
1 Like
Welcome back N G.
could you post a screenshot of your Web Proxy settings and URL filter?
Don’t forget to change download source from Shala to Custom source URL:
https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz
Good morning @ndg1987.
The proxy in transparent mode does not filter HTTPS requests, only HTTPs. If you distribute the PAC, I understand that you have it in “Non-transparent” mode.
The same happens to me. For it to be all filtered, it is necessary to force all requests to go through the proxy. For this I have created the following rules in the Firewall:
1º Create a group with the HTTPS and HTTP services.
2º Create the rule that prevents HTTPS and HTTP requests that do not go through the proxy.
You have to configure the Proxy in all the Clients, either by hand, or by means of the PAC. In this way, I managed to get it to work correctly. Maybe someone has a better way to do it, but this is mine.
For Edge and Chrome, I have configured the distributed PAC option. For Firefox, it doesn’t work and you have to configure the Proxy manually either in the Browser or from “Internet Options → Connections”. wiki.ipfire.org - Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)
Try it, I hope it works for you.
Greetings.
5 Likes
This worked perfectly! Thanks for your help!!!
Ok…
This worked for about two days, but now it’s not working. It haven’t changed any settings, but all endpoints have unfiltered access to the network. I’ve rebooted ipFire, but no luck. All endpoints are configured to the proxy as well. Any ideas?
When I do a trace route and it looks like the proxy is complety bypassed and the traffic goes out the modem.
You will not have a network cable from the Switch directly to the router bypassing IPFire?