wiki.ipfire.org

The community-maintained documentation platform of IPFire

User Tools

Site Tools


configuration:network:proxy:url-filter

URL - filter

Firstly, you need to enable URL Filter. You can find this option on Web User Interface, Network → Webproxy. There, enable URL filter.

On Web User Interface, select Network→URL Filter.

On top of the page you can see categories that can be blocked. Depending on downloaded blacklist (discussed later), you may have different categories than those in example.

Custom blacklist/whitelist/expression list

Custom blacklist - Enable. Enable this to block the manually entered domains and URLs. Blocked domains (one per line). Input the domains you want to block. Example:

Blocked URLs (one per line). Input the URLs you want to block. Example:

example.com/ads

example.com/ads/flash

Custom whitelist (one per line). Enable this for the manually entered domains and URLs to be allowed, override even if listed in another category.

Allowed domains (one per line). Define the domains you want to allow, override even if listed in another category.. Example:

example.com

subdomain.example.com

Allowed URLs (one per line). Input the URLs you want to allow. Example:

example.com/ads

example.com/ads/flash

Custom expression list (one per line). Block URLs if the manually entered expressions matches them. Example:

File extension blocking

Binary files. Enable this to block the download of executable files. Extensions examples:

.bat .com .exe .sys .vbs

Multimedia. Enable this to block the download of audio and video related files. Extensions examples:

.aiff .avi .dif .divx .mov .movie .mp3 .mpeg .mpv2 .ogg .qt .wav .wma .wmf .wmv

Compressed archive files. Enable this to block the download of compressed archives containing other files. Extensions examples:

.bin .bz2 .cab .cdr .dmg .gz .hqx .rar .sit .sea .tgz .zip

Local file redirection FIXME

Network based access control

Unrestricted IP Addresses. Entered IP address(es) or network(s) will bypass all active filter rules.

Banned IP Addresses. Entered IP address(es) or network(s) will be forbiden, regardless of the active filter rules.

You can input (one per line) one or more single host addresses(eg. 192.168.1.10), networks in CIDR notation (192.168.0.0/24), networks with a certain netmask(192.168.0.0/255.255.255.0), or a range of hosts (192.168.1.10-192.168.1.20)

Time based access control FIXME

Block page settings Show category on block page. If enabled, the blocked category will be shown in the block message. This can be a useful hint, if you are not sure which category is blocking your request.

Show URL on block page. If enabled, the blocked URL will be shown in the block message.

Show IP on block page. If enabled, the client IP address will be shown in the block message.

Use “DNS error” to block URLs: The default block message will be replaced by a “Server or DNS not found error” message.

Redirect to this URL: You can define a custom website where clients will be redirected to if they are blocked.

Message line 1,2,3: Define text that will be used in message block (three lines).

Advanced settings Enable expression lists. Enables predefined expression lists. In addition to the domain and URL lists, all URLs will be checked for certain keywords. The existence of those expression lists depends on the installed blacklist.

Enable SafeSearch. Enables the search-engine based SafeSearch filtering for image search and ordinary web search. This may depend on whether a search-engine supports the SafeSearch feature.

Block “ads” with empty window. Enable this to replace banners, pop-up windows and advertisements with a blank window. This will be done by redirecting to a 1 pixel sized .gif file. Requires the category “ads” or “adv” to be selected for blocking.

Block sites accessed by their IP Address. If enabled, all sites accessed by their IP address will be blocked. The same sites will be available if accessed by their domain name, and if not blocked by another rule.

Block all URLs not explicitly allowed. Enable this to block all requests, except for those defined in the “Custom Whitelist”.

Enable log. Write blocked sites to log.

Log username. Write usernames that triggered blacklist to logfile.

Split log by categories. Only one type of category if be written in one log.

Allow custom whitelist for banned clients: IP(s) or network(s) that are banned can browse sites defined in the Custom Whitelist.

Save/Save and restart

Save. After making any changes, press the Save button to save them.

Save and restart. Use the Save and restart button to save and apply changes.

URL filter maintenance

In this section you can define automatic download od URL filter backlist, or even create your own blacklist, or load an existing blacklist and edit it. On bottom you can make backups/restore of your URL filter setup.

Automatic blacklist update Setup service and time interval for automatic download of blacklist. You can also manually download lists.

configuration/network/proxy/url-filter.txt · Last modified: 2018/08/20 03:02 by Jon