Url filter https sites

tratru · 22 January 2021 12:47

Hi everyone, I know that the question has already been asked by other users and perhaps also by me, but I have to find a plausible solution to my problem.
I have installed IPFire at some technical institutes, as a firewall for students, the purpose is to authenticate devices and prevent you from browsing some sites
the problem is that the URL Filter system does not work if the site is in HTPPS, and the solution of setting a proxy on each device is not viable
currently, however, all sites are like this, so I can say that it does not work, so what was previously forbidden to browse is now accessible, if for social networks it is not a big problem, a serious problem is detected when it comes to pornographic sites or sale of illicit products
how can i solve the problem, because if i don’t find a solution soon i will be forced to delete all installations

thanks

tulpenknicker · 22 January 2021 14:31

If you avoid the work of setting up all the devices, you can try PAC instead.

tratru · 22 January 2021 15:07

the problem is that the proxy must be transparent, if I have to install or configure the personal devices of each customization it can be modified

ip-mfg · 23 January 2021 11:52

As Tulpenknicker said use PAC. This is only a small modification in f.e. firefox which defines the access to the internet.
I f you define no forward rule for https or http in the firewall (all traffic blocked) nobody can use the internet without using the proxy.
But don’t forget to define web rules for the outgoing traffic so that the proxy traffic can go to the internet.

tratru · 22 February 2021 17:28

I have configured IPFire with the PAC file
but I find it an unsafe solution.
it does not work on android devices
I did not understand how it works on PCs some installations work regularly, others ignore the filter

bbitsch · 22 February 2021 19:40

A PAC file alone doesn’t guarantee the use of the proxy.
You must deny direct HTTP(S) access in the firewall.