How to block HTTP and HTTPS websites with E2guardian

Hi guys,

In this blog post where I’m going to show you how to block HTTP and HTTPS domains by using E2guardian service in pfSense. E2guardian is a web filter and also works as a proxy server. It has many features and more potent than SquidGuard web filter. There are so many ways to block HTTPS domains, but all methods are not helpful and don’t work well. By using E2guardian, you don’t need to do anything on the client side to block HTTPS domains. By the way we will not use Squid or SquidGuard packages.

– I’ll share the main website, github, forum page about the E2guardian end of the post.

– I’ll make a video how to setup E2guardian detailed and share at here as soon as fast.

 

System Information

Here is the list below that we need have right now.

pfSense 2.4.x

WAN and LAN

E2guardian5

 

Install E2guardian Package

We will first add the unofficial repository to pfsense after that we’ll be able to install package. Access shell by using SSH or go to Diagnostics -> Command Prompt -> Execute Shell Command prompt menu and use the following command.

pfsense# fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.conf 

After fetching the repo file, go to System -> Package Manager and then install the package.


 

Create Self-Signed Certificate

Create a self-signed certificate for E2guardian under System -> Cert. Manager menu. After that click + button under CAs tab. Here is the picture of it. Do not forget to save settings.

 

E2guardian Configuration

Now we configure E2guardian service and then test it. Go to Services -> E2guardian Proxy menu. Then we will download the blacklist under the Blacklist menu, install widely used blacklist which shallalist.


Go to Daemon menu and then enable the following feature and then save the settings.

So far, the configuration of E2guardian services is done. Let’s test the service that if it’s working or not.

 

E2guardian Test

In this section, we will try to block a few HTTPS domains and test them. Go to ACLs -> Site Lists -> click to + button to create new ACL. I will block these domains “youtube.com, facebook.com, twitter.com, instagram.com”, add into this Banned menu what you want to block.

NOTE: The Default ACL should be on the top referring to other ACLs. 

Now we will create a group and assign to IP address into the group that we want to block. The clients who is in this group will be blocked. Go to Groups menu and click to the + button for creating a new group.

NOTE: The Default ACL should be on the top referring to other ACLs. 

Now we will assign local users IP address into the group that we created. The user who is in the group will be blocked for the websites. Go to IPs menu and add IP address into the group that you want to block. Expect these “10.0.0.1-11-3” ip address everybody can go to everywhere like “facebook,twitter,google etc”.

Now, we will test the service and see if its works or not. Go to the computer who is in the group and try to access the these domains ( for me ) “youtube.com, facebook.com, twitter.com, instagram.com”.

NOTE: If clients go through to denied domains, try to kill states of the clients. Access your pfsense with ssh and use the command to kill states of client “pfctl -k client_ip_address”. Go try to access denied domains again. 

NOTE: If still clients go through to denied domains, try to clear all cache of browser and try again.

NOTE: If something wrong about e2guardian service. Go access your pfsense by using ssh and then try to restart e2guardian service with ( /usr/local/etc/rc.d/e2guardian.sh restart ) command. If something wrong you’ll see the output of service.

NOTE: After you make changes on E2guardian menus, you don’t need to go to Daemon menu and click Save button. If you make changes on menus, click “Apply Changes” and that’s all, go test if it work or not.

 

Here are the links that it might be helpful for you.

  1. http://e2guardian.org/cms/index.php
  2. https://github.com/e2guardian/e2guardian
  3. https://forum.netgate.com/topic/113757/unofficial-e2guardian-package-for-pfsense

If you have any question, feel free to ask in the comment section. 

” Online pfSense Firewall & Router Eğitimi | www.udemy.com/pfsense-training

Tagged with: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Archives

Tweets

Follow @ucribrahim on twitter.