This wiki is a community-maintained resource about everything there is to know about IPFire.
The URL-Filter allows web traffic to be blocked based on category. This allows blocking unsuitable content on business networks or preventing children seeing age-inappropriate content.
To use the Filter it must be enabled in the Web Proxy configuration page. In the WUI, go to Network -> Web Proxy. Select the "enable URL filter" check box and click save at the bottom of the page.
In the WUI open the Network menu and click URL Filter.
On top of the page you can see all the categories that can be blocked. Depending on the blacklist which has been downloaded (see below for detail on blacklists) you may have different categories than those in this example.
Blocked domains (one per line). Input the domains you want to block. Example:
Optional: Blocked URLs (one per line). Input the URLs you want to block. Example:
Optional: Custom whitelist (one per line). Enable this for the manually entered domains and URLs to be allowed, override even if listed in another category.
Optional: Allowed domains (one per line). Define the domains you want to allow, override even if listed in another category. Example:
Optional: Allowed URLs (one per line). Input the URLs you want to allow. Example:
Optional: Custom expression list (one per line). Block URLs if the manually entered expressions matches them.
Note that the examples in this image are not regular expressions!
Optionally you can block files by extension.
.bat .com .exe .sys .vbs
.aiff .avi .dif .divx .mov .movie .mp3 .mpeg .mpv2 .ogg .qt .wav .wma .wmf .wmv
.bin .bz2 .cab .cdr .dmg .gz .hqx .rar .sit .sea .tgz .zip
FIXME This needs to be explained!
Unrestricted IP Addresses. Entered IP address(es) or network(s) will bypass all active filter rules.
Banned IP Addresses. Entered IP address(es) or network(s) will be forbiden, regardless of the active filter rules.
You can input (one per line) one or more single host addresses(eg. 192.168.1.10), networks in CIDR notation (192.168.0.0/24), networks with a certain netmask(192.168.0.0/255.255.255.0), or a range of hosts (192.168.1.10-192.168.1.20)
Time constraints can be configured so that blacklisted categories are permitted at specific times of the day, or week.
|Redirect page template||Legacy only??|
|Show category on block page:||If enabled, the blocked category will be shown in the block message. This can be a useful hint, if you are not sure which category is blocking your request.|
|Show URL on block page:||If enabled, the blocked URL will be shown in the block message.|
|Show IP on block page:||If enabled, the client IP address will be shown in the block message.|
|*Use "DNS error" to block URLs:||The default block message will be replaced by a “Server or DNS not found error” message.|
|Redirect to this URL:||You can define a custom website where clients will be redirected to if they are blocked.|
|Message line 1,2,3:||Define text that will be used in message block (three lines).|
Enable expression lists.
Enables predefined expression lists. In addition to the domain and URL lists, all URLs will be checked for certain keywords. The existence of those expression lists depends on the installed blacklist.
Enable SafeSearch. Enables the search-engine based "SafeSearch" filtering for both web and image searches with many search engines. This feature depends on whether a search-engine supports the SafeSearch feature.
Block "ads" with empty window. Enable this to replace banners, pop-up windows and advertisements with a blank window. This will be done by redirecting to a 1 pixel sized .gif file. Requires the category “ads” or “adv” to be selected for blocking.
Block sites accessed by their IP Address. If enabled, all sites accessed by their IP address will be blocked. The same sites will be available if accessed by their domain name, and if not blocked by another rule.
Block all URLs not explicitly allowed. Enable this to block all requests, except for those defined in the “Custom Whitelist”.
Enable log. Write blocked sites to log.
Log username. Write usernames that triggered blacklist to logfile.
Split log by categories. Only one type of category if be written in one log.
Allow custom whitelist for banned clients: IP(s) or network(s) that are banned can browse sites defined in the Custom Whitelist.
Save. After making any changes, press the Save button to save them.
Save and restart. Use the Save and restart button to save and apply changes.
In this section you can define automatic download od URL filter backlist, or even create your own blacklist, or load an existing blacklist and edit it. On bottom you can make backups/restore of your URL filter setup.
Automatic blacklist update
Setup service and time interval for automatic download of blacklist. You can also manually download lists.