Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

URL - filter

The URL-Filter allows web traffic to be blocked based on category. This allows blocking unsuitable content on business networks or preventing children seeing age-inappropriate content.

Enable the URL Filter

To use the Filter it must be enabled in the Web Proxy configuration page. In the WUI, go to Network -> Web Proxy. Select the "enable URL filter" check box and click save at the bottom of the page.

Configure the URL Filter

In the WUI open the Network menu and click URL Filter.

On top of the page you can see all the categories that can be blocked. Depending on the blacklist which has been downloaded (see below for detail on blacklists) you may have different categories than those in this example.

Custom blacklist/whitelist/expression listOptional: Custom blacklist - Enable. Enable this to block the manually entered domains and URLs.

Blocked domains (one per line). Input the domains you want to block. Example:


Optional: Blocked URLs (one per line). Input the URLs you want to block. Example:

example.com/ads

example.com/ads/flash
Optional: Custom whitelist (one per line). Enable this for the manually entered domains and URLs to be allowed, override even if listed in another category.
Optional: Allowed domains (one per line). Define the domains you want to allow, override even if listed in another category. Example:

example.com

subdomain.example.com
Optional: Allowed URLs (one per line). Input the URLs you want to allow. Example:

example.com/ads

example.com/ads/flash
Optional: Custom expression list (one per line). Block URLs if the manually entered expressions matches them.

Note that the examples in this image are not regular expressions!

File extension blocking

Optionally you can block files by extension.

  • Binary files. Enable this to block the download of executable files.
    • For example: .bat .com .exe .sys .vbs
  • Multimedia. Enable this to block the download of audio and video related files.
    • For example: .aiff .avi .dif .divx .mov .movie .mp3 .mpeg .mpv2 .ogg .qt .wav .wma .wmf .wmv
  • Compressed archive files. Enable this to block the download of compressed archives containing other files.
    • For example: .bin .bz2 .cab .cdr .dmg .gz .hqx .rar .sit .sea .tgz .zip

Local file redirection

FIXME This needs to be explained!

Network based access control

Unrestricted IP Addresses. Entered IP address(es) or network(s) will bypass all active filter rules.
Banned IP Addresses. Entered IP address(es) or network(s) will be forbiden, regardless of the active filter rules.

You can input (one per line) one or more single host addresses(eg. 192.168.1.10), networks in CIDR notation (192.168.0.0/24), networks with a certain netmask(192.168.0.0/255.255.255.0), or a range of hosts (192.168.1.10-192.168.1.20)

Time based access control

Time constraints can be configured so that blacklisted categories are permitted at specific times of the day, or week.

Block page settings

item description
Redirect page template Legacy only??
Show category on block page: If enabled, the blocked category will be shown in the block message. This can be a useful hint, if you are not sure which category is blocking your request.
Show URL on block page: If enabled, the blocked URL will be shown in the block message.
Show IP on block page: If enabled, the client IP address will be shown in the block message.
*Use "DNS error" to block URLs: The default block message will be replaced by a “Server or DNS not found error” message.
Redirect to this URL: You can define a custom website where clients will be redirected to if they are blocked.
Message line 1,2,3: Define text that will be used in message block (three lines).

Advanced settings

  • Enable expression lists.

  • Enables predefined expression lists. In addition to the domain and URL lists, all URLs will be checked for certain keywords. The existence of those expression lists depends on the installed blacklist.

Enable SafeSearch. Enables the search-engine based "SafeSearch" filtering for both web and image searches with many search engines. This feature depends on whether a search-engine supports the SafeSearch feature.

Block "ads" with empty window. Enable this to replace banners, pop-up windows and advertisements with a blank window. This will be done by redirecting to a 1 pixel sized .gif file. Requires the category “ads” or “adv” to be selected for blocking.

Block sites accessed by their IP Address. If enabled, all sites accessed by their IP address will be blocked. The same sites will be available if accessed by their domain name, and if not blocked by another rule.

Block all URLs not explicitly allowed. Enable this to block all requests, except for those defined in the “Custom Whitelist”.

Enable log. Write blocked sites to log.

Log username. Write usernames that triggered blacklist to logfile.

Split log by categories. Only one type of category if be written in one log.

Allow custom whitelist for banned clients: IP(s) or network(s) that are banned can browse sites defined in the Custom Whitelist.

Save/Save and restart

Save. After making any changes, press the Save button to save them.
Save and restart. Use the Save and restart button to save and apply changes.

URL filter maintenance

In this section you can define automatic download od URL filter backlist, or even create your own blacklist, or load an existing blacklist and edit it. On bottom you can make backups/restore of your URL filter setup.
Automatic blacklist update
Setup service and time interval for automatic download of blacklist. You can also manually download lists.

Edit Page ‐ Yes, you can edit!

Older Revisions • August 7 at 2:39 am • Jon