Please explain more. Do you want to block access by specific users/machines to specific external websites? Are you allowing web access via packet filter or via the HTTP/S Proxy? If via the Proxy, are you in a transparent mode, or are you in a mode that requires pointing the client's browser at the proxy? Is this a home-use license?
Please explain more. Do you want to block access by specific users/machines to specific external websites? Are you allowing web access via packet filter or via the HTTP/S Proxy? If via the Proxy, are you in a transparent mode, or are you in a mode that requires pointing the client's browser at the proxy? Is this a home-use license?
Cheers - Bob
HI.
Yes, home-use license.
I have a 3 computers in home.
Yes
>Do you want to block access by specific users/machines to specific external websites?
>Are you allowing web access via packet filter
I want to block access one of computer log on facebook only
You didn't respond to one question, so I'll assume that you are using the HTTP/S Proxy in transparent mode. I suggest you that you:
[LIST=1]
Create 'Static MAC/IP Mappings' for each of the three computers, or turn off DHCP and assign IPs on each computer.
Change the 'URL Filtering' page to 'Block content ...' mode and don't allow any categories.
In 'HTTP/S Profiles', create two 'Filter Actions': name one "Loose" and the other "Tight" for the computer that should block Facebook.
Now, create three Filter Assignments, one for each IP created in step 1. Two will use the "Loose" filter action, and one will use the "Tight" filter action.
Create one profile for "Internal (Network)" and add the three filter assignments. Since they each apply to only one IP, the order is unimportant. The 'Fallback action' should be 'Default content filter action."
Going forward, you will adjust capabilities in the appropriate filter action instead of on the 'HTTPS/S' 'URL Filtering' tab.
You didn't respond to one question, so I'll assume that you are using the HTTP/S Proxy in transparent mode. I suggest you that you:
[LIST=1]
Create 'Static MAC/IP Mappings' for each of the three computers, or turn off DHCP and assign IPs on each computer.
Change the 'URL Filtering' page to 'Block content ...' mode and don't allow any categories.
In 'HTTP/S Profiles', create two 'Filter Actions': name one "Loose" and the other "Tight" for the computer that should block Facebook.
Now, create three Filter Assignments, one for each IP created in step 1. Two will use the "Loose" filter action, and one will use the "Tight" filter action.
Create one profile for "Internal (Network)" and add the three filter assignments. Since they each apply to only one IP, the order is unimportant. The 'Fallback action' should be 'Default content filter action."
Going forward, you will adjust capabilities in the appropriate filter action instead of on the 'HTTPS/S' 'URL Filtering' tab.
[/LIST]
Cheers - Bob
no, i am not using the HTTP/S Proxy in transparent mode ...
I understand your response now - the yes was a response to the following. Ahhhhh...
I would recommend that you remove HTTP and HTTP-ALT from the Websurfing services group, and that you use the proxy in transparent mode as the easiest way to control browsung.
If you don't want to use the proxy, you'll need to find out all of the facebook IPs, puthem into a network group and add a packet filter rule at the "Top" of your list:
Internal (Network) -> Any -> {Facebook group} : Drop
I understand your response now - the yes was a response to the following. Ahhhhh...
I would recommend that you remove HTTP and HTTP-ALT from the Websurfing services group, and that you use the proxy in transparent mode as the easiest way to control browsung.
If you don't want to use the proxy, you'll need to find out all of the facebook IPs, puthem into a network group and add a packet filter rule at the "Top" of your list:
Internal (Network) -> Any -> {Facebook group} : Drop
The second picture shows that you now are using the HTTP/S Proxy in "Transparent" mode. Just change the deifinition of the "Websurfing" group as I said above, and make the changes recommended in post #4 above.
You also should change packet filter rules 1. and 2. from 'Any -> {service} -> Any' to
Internal (Network) -> {service} -> Any : Allow
just like the rest of the rules. Since the Astaro is a "stateful" firewall, it keeps track of what it sends so that it can accept the responses without any manual firewall rules.
The second picture shows that you now are using the HTTP/S Proxy in "Transparent" mode. Just change the deifinition of the "Websurfing" group as I said above, and make the changes recommended in post #4 above.
You also should change packet filter rules 1. and 2. from 'Any -> {service} -> Any' to
Internal (Network) -> {service} -> Any : Allow
just like the rest of the rules. Since the Astaro is a "stateful" firewall, it keeps track of what it sends so that it can accept the responses without any manual firewall rules.
Cheers - Bob
thanks for you help, i'll try!
can i ask you for help if i need it ?
I've been especially active here over the last two years and have learned a tremendous amount from that people post here. I'll still be around for awhile - I still have a lot to learn!
