11/29/2023 0 Comments Nxfilter ssl filter![]() But if we have several thousands users for NxFilter at least I think I can do something about it. Anyway NxFilter can be free as long as it uses free DB. So some of the people in this forum paying for them even though they're nothing better than NxFilter which is free.Ĭurrently I am working on building a new kind of security solution with some other company and it will have the biggest DB in the market but will not be free. Some of them are nothing better than Shallalist or URLBlacklist but they're still commercial. Coz I tested several commercial url-db these days. Jinhee200, the author of the program is also a member of Spiceworks and he should be able to give you the correct answer.įor you it might be too small but for other people it might be big enough. If I recall correctly, you have a script at logon that call the program required with the IP address of the system. ![]() I remember having some issues with the SSO also, but in the end I made it work for my test account. I tried it a few months ago, and It didn't fit with us because of the Blacklist db that was too small. It looks more like something I'd see in a Hotel/Airport/coffee shop. Honestly that DNS Redirector doesn't look like a cooperate solution. ![]() I'd rather use DNS filtering as presumably it would use less resources on my VM servers than something like a proxy server would, which can use a fare amount of resources to keep up with demand, DNS servers on the other hand are a lot more lightweight. I'm not paying for a web filter solution I will preferably use NxFilter or make my own Squid box. Why would I go for a paid solution just to get auto-updates? It's super easy to setup WGET on windows with a script to download files, move the correct file to the needed location and then cleanup when down, and it could even be run by the task scheduler. We're still using DNS Redirector Opens a new windowtoday - auto-updates categories, and doesn't require Java - not much AD integration beyond password bypass, but that's all we need. If you can't install it still then send me an email.I tried it - did not like that it didn't auto-update the blacklist categories, and technically the sources of which are for non-commercial use - did not like that it required Java on the server. I think in your home-router you can set NxFilter as your DNS easily. To read something about DHCP and DNS setup. If you have difficulties in client setup then I recommend you Maybe some other applications as long as they use DNS. Of course you can block https sites as well. You can have authentication with IP or password.Īnd you also can integrate it into Active Directory. ![]() Then you get the login prompt in your browser.Īnd the initial password for admin is 'admin'. You need to have Java 1.6 or higher installed first.Īfter you start NxFilter then click the icon to web-admin. One for starting NxFilter one for web-admin. Just click the exe file and you get several icons. There's a Windows installer for people not familiar with Linux.Īnd you can make it Windows service as well. If you are not familiar with Linux environment then you can try windows version of NxFilter. I thought I made it very easy to install NxFilter.īut you said that you have some difficulties in using it.Ĭan you tell me on what part you have the problem? This is Jinhee the developer of NxFilter. I cannot figure out from your request whom you're trying to filter, but a better method would be enforcing good behavior. I would not suggest any of this for newbie Linux users. This blocks HTTPS connections to one of Facebook's servers. You'd need to identify all the possible server addresses for each site, then write iptables rules like this: Many sites with heavy traffic loads have multiple servers listening on multiple IP addresses. If you're curious, do a search for "SSLBump".Īt one client site where I manage filtering we use iptables firewalling rules to block remote HTTPS sites. Squid 3.2 has some clever solutions for this problem, but they are not easy to implement. Putting a filter between clients and remote sites using SSL will generate repeated complaints by the client's browser that you are being subjected to a "man-in-the-middle" attack since the filter will disrupt the encrypted transaction between the browser and the server. You can write all sorts of rules that allow or deny connections to remote sites based on IP, domain name, or text in the URL. First, your best choice for a filter is Squid ().
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |