How to block HTTP and HTTPS websites with E2guardian

Hi guys,

In this blog post where I’m going to show you how to block HTTP and HTTPS domains by using E2guardian service in pfSense. E2guardian is a web filter and also works as a proxy server. It has many features and more potent than SquidGuard web filter. There are so many ways to block HTTPS domains, but all methods are not helpful and don’t work well. By using E2guardian, you don’t need to do anything on the client side to block HTTPS domains. By the way we will not use Squid or SquidGuard packages.

I will share the main website, github, forum page about the E2guardian end of the post. It might helpful for you.

 

System Information

Here is the list below that we need have right now.

pfSense 2.4.x

WAN and LAN

E2guardian5.x

 

Install E2guardian Package

We will first add the unofficial repository to pfsense after that we’ll be able to install package. Access shell by using SSH or go to Diagnostics -> Command Prompt -> Execute Shell Command prompt menu and use the following command.

pfsense# fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.conf 

After fetching the repo file, go to System -> Package Manager and then install the package.

If you don’t see E2guardian package on the menu, you need to apply the patch of E2guardian to be able to install. Install “patch” package and then System > Patches > click “Add New Patch” button. Copy all code by the following link and paste it into the field.

Patch link here.

Do not forget to click “Apply” button to apply patch. When you do that, you will see E2guardian package.

 

Create Self-Signed Certificate

Create a self-signed certificate for E2guardian under System -> Cert. Manager menu. After that click + button under CAs tab. Here is the picture of it. Do not forget to save settings.

 

E2guardian Configuration

Now we configure E2guardian service and then test it. Go to Services -> E2guardian Proxy menu. Then we will download the blacklist under the Blacklist menu, install widely used blacklist which shallalist.


Go to Daemon menu and then enable the following feature and then save the settings.

So far, the configuration of E2guardian services is done. Let’s test the service that if it’s working or not.

 

E2guardian Test

In this section, we will try to block a few HTTPS domains and test them. Go to ACLs -> Site Lists -> click to + button to create new ACL. I will block these domains “youtube.com, facebook.com, twitter.com, instagram.com”, add into this Banned menu what you want to block.

NOTE: The Default ACL should be on the top referring to other ACLs. 

Now we will create a group and assign to IP address into the group that we want to block. The clients who is in this group will be blocked. Go to Groups menu and click to the + button for creating a new group.

NOTE: The Default ACL should be on the top referring to other ACLs. 

Now we will assign local users IP address into the group that we created. The user who is in the group will be blocked for the websites. Go to IPs menu and add IP address into the group that you want to block. Expect these “10.0.0.1-11-2” ip address everybody can go to everywhere like “facebook,twitter,google etc”.

Now, we will test the service and see if its works or not. Go to the computer who is in the group and try to access the these domains ( for me ) “youtube.com, facebook.com, twitter.com, instagram.com”.

 

Troubleshooting

NOTE: If clients go through to denied domains, try to kill states of the clients. Access your pfsense with ssh and use the command to kill states of client “pfctl -k client_ip_address”. Go try to access denied domains again. 

NOTE: If still clients go through to denied domains, try to clear all cache of browser and try again.

NOTE: If something wrong about e2guardian service. Go access your pfsense by using ssh and then try to restart e2guardian service with ( /usr/local/etc/rc.d/e2guardian.sh restart ) command. If something wrong you’ll see the output of service.

NOTE: After you make changes on E2guardian menus, you don’t need to go to Daemon menu and click Save button. If you make changes on menus, click “Apply Changes” and that’s all, go test if it work or not.

 

Configure Sarg with E2guardian

I wrote a blog post about getting reports from E2guardian by using Sarg service. You can see the blog post by using the following link.

https://lifeoverlinux.com/how-to-configure-sarg-to-use-with-e2guardian/

 

Big thanks to Marcelloc and developers of E2.

Here are the links that it might be helpful for you.

  1. http://e2guardian.org/cms/index.php
  2. https://github.com/e2guardian/e2guardian
  3. https://forum.netgate.com/topic/113757/unofficial-e2guardian-package-for-pfsense

If you have any question, feel free to ask in the comment section. 

” Online pfSense Firewall & Router Eğitimi | www.udemy.com/pfsense-training

Tagged with: , , ,
13 comments on “How to block HTTP and HTTPS websites with E2guardian
  1. Alexandre Salvador says:

    Hi,

    I am using 2.4.4 pfSense amd64 version but i could not success e2Guardian 5 install on my pfSense. When i add as a repository for e2Guardian 5 i could not find any package via pfSense package manager. and from the command shell i found some ways for make it, when i installed e2Guardian 5 i could not reach pfSense Web Management portal ?

    Thank you,

  2. Alexandre Salvador says:

    Thank you for your quick response than how can i make reporting except using squid ? Does lightsquid work without squid proxy server package ?

  3. Marcelloc says:

    On the same repo, sarg package is available and runs fine with e2guardian logs in squid format.

  4. Shaan says:

    I’ve followed your guide and installed e2guardian 5 on my pfsense router. But, I’m facing a problem, although site block is working, url blocking is not working. Ive followed the same steps as you have described for creating a site list to create a url list. Could you explain how it should be done ?

    The only difference I can see from yoursetup and mine is I am running it on pfsense 2.3.5 latest version as I have a i386 old board under the hood.

    • ibrahimucar says:

      I would suggest you to use pfSense 2.4.x version. It’s more stable on pfsense 2.4.x version. Most of people use pfSense 2.4 or above who use E2guardian. By the way, Site Lists and URL Lists are different things. I didn’t mention about URL Lists feature, I just told Site Lists.

      I actually have no time to write a blog post details of E2guardian. I’m preparing for IELTS exam. After 1 month I’ll try to write a new blog post about that.

      Do not forget to install latest version of E2guardian on pfSense 2.4.x version.

      • Shaan says:

        Thanks for the info, I’ll try the 2.4.x version and let you know if it works, it should I guess. There is no 2.4.x version for i386 boards, so I will have to get a spare x64 based system for that.

        It’s interesting that you are preparing for IELTS, because I am also an IELTS Exam Prep Trainer. Lemme know if you need help. Best of luck for the exam !

  5. Sujith says:

    Does e2guardian requires man in the middle ssl like squid proxy?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Archives

Tweets

Follow @ucribrahim on twitter.