- \n
- OPNsense \u4e2d\u7684\u7f13\u5b58\u4ee3\u7406\u6709\u54ea\u4e9b\u7279\u70b9\uff1f<\/li>\n
- \u5982\u4f55\u5728OPNsense\u7f13\u5b58\u4ee3\u7406\u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u9519\u8bef\u9875\u9762\uff1f<\/li>\n
- \u5982\u4f55\u5728OPNsense\u4e2d\u8bbe\u7f6e\u57fa\u672c\u7f13\u5b58\u4ee3\u7406\uff1f<\/li>\n
- \u5982\u4f55\u5728OPNsense\u4ee3\u7406\u4e2d\u542f\u7528Web\u8fc7\u6ee4\uff1f<\/li>\n
- \u5982\u4f55\u5728OPNsense\u4ee3\u7406\u4e2d\u542f\u7528\u900f\u660eHTTP\u548cSSL \u6a21\u5f0f\uff1f<\/li>\n
- \u5982\u4f55\u5c06\u5185\u90e8CA \u8bc1\u4e66\u4f5c\u4e3a\u53d7\u4fe1\u4efb\u7684\u6839CA \u5bfc\u5165Windows 10\uff1f<\/li>\n<\/ul>\n\n\u6ce8\u610f\uff0c\u7f13\u5b58\u4ee3\u7406\u670d\u52a1\u4e25\u91cd\u4f9d\u8d56CPU\u8d1f\u8f7d\u548c\u78c1\u76d8\u7f13\u5b58\u5199\u5165\uff0c\u5efa\u8bae\u4f7f\u7528 SSD\u786c\u76d8\u6765\u7f13\u5b58\u4ee3\u7406\u670d\u52a1\u3002<\/div>\n<\/div>\n
\u7f13\u5b58\u4ee3\u7406\u529f\u80fd<\/h1>\n
OPNsense \u7f13\u5b58\u4ee3\u7406\u670d\u52a1\u7684\u4e3b\u8981\u529f\u80fd\uff1a<\/p>\n
- \n
- \u8ba4\u8bc1\uff1a\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u5c06\u4ee3\u7406\u8bbe\u7f6e\u4e3a\u900f\u660e\u4ee3\u7406\uff1a<\/li>\n<\/ol>\n
- \n
- \u65e0\u8eab\u4efd\u8ba4\u8bc1<\/li>\n
- \u672c\u5730\u6570\u636e\u5e93<\/li>\n
- Radius<\/li>\n
- LDAP<\/li>\n<\/ul>\n\n\u5bfc\u822a\u5230Web Proxy>\u00a0Administration>\u00a0Forward Proxy>Authentication Settings\u914d\u7f6e OPNsense \u7f13\u5b58\u4ee3\u7406\u8eab\u4efd\u9a8c\u8bc1\u9009\u9879\u3002<\/div>\n\n
![\"\u8bbf\u95ee](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/1-928deadcf621daaa5beea99b58afe1d4.png\" "\\"\u8bbf\u95ee")
<\/a><\/p>\n<\/div>\n<\/div>\n- \n
- \u8bbf\u95ee\u63a7\u5236\uff1a\u5b83\u901a\u8fc7\u4f7f\u7528\u4ee5\u4e0b\u6807\u51c6\u652f\u6301\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff1a<\/li>\n<\/ol>\n
- \n
- \u5b50\u7f51<\/li>\n
- \u7aef\u53e3<\/li>\n
- MIME \u7c7b\u578b<\/li>\n
- \u7981\u6b62 IP<\/li>\n
- \u767d\u540d\u5355<\/li>\n
- \u9ed1\u540d\u5355<\/li>\n
- \u6d4f\u89c8\u5668\/\u7528\u6237\u4ee3\u7406<\/li>\n
- \u652f\u6301\u9ed1\u540d\u5355<\/li>\n<\/ul>\n\n
\u5bfc\u822a\u5230Web Proxy>\u00a0Administration>\u00a0Forward Proxy>Access Control Lists\u914d\u7f6e OPNsense \u7f13\u5b58\u4ee3\u7406\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u3002<\/p>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/2-55f1441db19cefe185b5086e0db2f5b1.png\" "\\"\u5728")
<\/a><\/p>\n<\/div>\n- \n
- \u900f\u660e\u6a21\u5f0f\uff1a\u900f\u660e\u6a21\u5f0f\u5141\u8bb8\u5c06\u6240\u6709\u8bf7\u6c42\u8def\u7531\u5230\u4ee3\u7406\uff0c\u800c\u4e0d\u9700\u8981\u5728\u5ba2\u6237\u7aef\u8fdb\u884c\u4efb\u4f55\u914d\u7f6e\u3002\u900f\u660e\u6a21\u5f0f\u9002\u7528\u4e8e\u4e0d\u5b89\u5168\u7684 HTTP \u6d41\u91cf\u3002\u4f46\u662f\u5bf9\u4e8e\u5b89\u5168 (SSL) HTTPS \u8fde\u63a5\uff0c\u4ee3\u7406\u6210\u4e3a\u4e2d\u95f4\u4eba\uff0c\u56e0\u4e3a\u5ba2\u6237\u7aef\u4e0e\u4ee3\u7406\u201c\u5bf9\u8bdd\u201d\uff0c\u5e76\u4e14\u4ee3\u7406\u4f7f\u7528\u5ba2\u6237\u7aef\u5fc5\u987b\u4fe1\u4efb\u7684\u4e3b\u5bc6\u94a5\u52a0\u5bc6\u7f51\u7edc\u6570\u636e\u5305\u3002<\/li>\n<\/ol>\n\n\u6ce8\u610f\uff1a\u4f7f\u7528\u900f\u660e HTTPS \u4ee3\u7406\u53ef\u80fd\u5b58\u5728\u98ce\u9669\uff0c\u53ef\u80fd\u4f1a\u4e0d\u5141\u8bb8\u7528\u4e8e\u67d0\u4e9b Web \u5e94\u7528\u7a0b\u5e8f\uff0c\u4f8b\u5982\u7535\u5b50\u5546\u52a1\u3002<\/div>\n<\/div>\n
- \n
- Web \u8fc7\u6ee4\u5668\uff1a\u00a0OPNsense \u5305\u62ec\u57fa\u4e8e\u7c7b\u522b\u7684 Web \u8fc7\u6ee4\u652f\u6301\uff0c\u5177\u6709\u4ee5\u4e0b\u529f\u80fd\uff1a<\/li>\n<\/ol>\n
- \n
- \u4ece\u8fdc\u7a0b URL \u83b7\u53d6\u6570\u636e\u3002<\/li>\n
- \u4f7f\u7528\u5185\u7f6e\u8c03\u5ea6\u7a0b\u5e8f\u4fdd\u6301\u6700\u65b0\u3002<\/li>\n
- \u517c\u5bb9\u6700\u5e7f\u6cdb\u4f7f\u7528\u7684\u9ed1\u540d\u5355<\/li>\n
- \u652f\u6301\u5e73\u9762\u6587\u4ef6\u5217\u8868\u548c\u57fa\u4e8e\u7c7b\u522b\u7684\u538b\u7f29\u5217\u8868\u3002<\/li>\n
- \u81ea\u52a8\u5c06\u57fa\u4e8e\u7c7b\u522b\u7684\u9ed1\u540d\u5355\u8f6c\u6362\u4e3a squid ACL\u3002<\/li>\n<\/ul>\n
- \n
- \u6d41\u91cf\u7ba1\u7406\uff1a\u4ee3\u7406\u53ef\u4ee5\u4e0e\u6d41\u91cf\u6574\u5f62\u5668\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u5145\u5206\u5229\u7528\u5176\u6574\u5f62\u529f\u80fd\u3002\u5b83\u8fd8\u63d0\u4f9b\u4ee5\u4e0b\u9009\u9879\uff1a<\/li>\n<\/ol>\n
- \n
- \u8bbe\u7f6e\u4e0b\u8f7d\/\u4e0a\u4f20\u7684\u6700\u5927\u6587\u4ef6\u5927\u5c0f<\/li>\n
- \u9650\u5236\u6574\u4f53\u5e26\u5bbd<\/li>\n
- \u9650\u5236\u6bcf\u53f0\u4e3b\u673a\u7684\u5e26\u5bbd<\/li>\n<\/ul>\n\n
\u5bfc\u822a\u5230Web Proxy>\u00a0Administration>\u00a0General Proxy Settings>Traffic Management Settings\u914d\u7f6e\u6d41\u91cf\u7ba1\u7406\u3002<\/p>\n
![\"\"](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/Jietu20221102-100706.png\")
<\/a><\/p>\n<\/div>\n- \n
- WPAD \/ PAC\uff1a\u00a0OPNsense \u901a\u8fc7 WPAD \/ PAC \u63d0\u4f9b\u81ea\u52a8\u4ee3\u7406\u914d\u7f6e\uff0c\u7528\u4e8e\u65e0\u6cd5\u4f7f\u7528\u900f\u660e\u6a21\u5f0f\u7684\u60c5\u51b5\u3002<\/li>\n<\/ol>\n\n\u6ce8\u610f\uff1a\u7531\u4e8e\u901a\u8fc7 DNS \u7684WPAD\u9700\u8981Web UI \u5728\u9ed8\u8ba4 HTTP \u7aef\u53e3 (TCP\/80) \u4e0a\u8fd0\u884c\uff0c\u56e0\u6b64\u5b83\u5b58\u5728 MITM \u653b\u51fb\u6f0f\u6d1e\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5e94\u8be5\u4f7f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u6216\u907f\u514d\u4ece\u4e0d\u53d7\u4fe1\u4efb\u7684\u7f51\u7edc\u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f\u3002<\/div>\n<\/div>\n
- \n
- \u81ea\u5b9a\u4e49\u9519\u8bef\u9875\u9762\uff1a OPNsense \u7f13\u5b58\u4ee3\u7406\u670d\u52a1\u53ef\u81ea\u5b9a\u4e49\u7684\u9519\u8bef\u9875\u9762\u3002<\/li>\n
- \u591a\u63a5\u53e3\uff1a\u4ee3\u7406\u53ef\u4ee5\u540c\u65f6\u5728\u591a\u4e2a\u7f51\u7edc\u63a5\u53e3\u4e0a\u8fd0\u884c\u3002<\/li>\n<\/ol>\n
\u914d\u7f6e\u81ea\u5b9a\u4e49\u9519\u8bef\u9875\u9762<\/h1>\n
\u6309\u7167\u4e0b\u5217\u6b65\u9aa4\u5728OPNsense \u7f13\u5b58\u4ee3\u7406\u670d\u52a1\u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u9519\u8bef\u9875\u9762\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services>\u00a0Web Proxy>\u00a0Administration> \u3002General Proxy Settings<\/li>\n
- \u627e\u5230\u7528\u6237\u9519\u8bef\u9875\u9762\uff0c\u9009Custom\u3002\u7136\u540e\uff0c\u5c06\u51fa\u73b0Error Pages\u9644\u52a0\u9009\u9879\u5361\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/4-e55f13c1f18e5253626f4c2bff5ed35a.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u5355\u51fbError Pages\u9009\u9879\u5361\u3002<\/li>\n
- \u5355\u51fbDownload\u56fe\u6807\u83b7\u53d6\u5305\u542b\u6240\u6709\u53ef\u7528\u9519\u8bef\u9875\u9762\u548c\u7ea7\u8054\u6837\u5f0f\u8868\u6587\u4ef6\uff1aproxy_template.zip<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/5-daf2cff0418994cd215e70ac7a6e8287.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u6839\u636e\u9700\u8981\u66f4\u6539\u76f8\u5173\u6587\u4ef6\u538b\u7f29\u3002<\/li>\n<\/ol>\n
![\"OPNsense](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/6-8cff30dc5e94a8ca67c5b4ca80bba66c.png\" "\\"OPNsense")
<\/a><\/p>\n- \n
- \u5355\u51fbcustom_template.zip\u6587\u4ef6\u5939\u56fe\u6807\u4ee5\u9009\u62e9\u65b0\u521b\u5efa\u7684 zip\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/7-f3e39887d59b2774b8084904895f96e5.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u70b9\u51fb\u4e0a\u4f20\u6309\u94ae\u3002<\/li>\n
- \u70b9\u51fbApply\u6309\u94ae\u3002<\/li>\n
- \u5355\u51fbGeneral Proxy Settings\u9009\u9879\u5361\u3002<\/li>\n
- \u5355\u51fbApply\u6309\u94ae\u6fc0\u6d3b\u9519\u8bef\u9875\u9762\u6a21\u677f\u3002<\/li>\n<\/ol>\n\n\n
\u8bbe\u7f6e\u57fa\u672c\u7f13\u5b58\u4ee3\u7406<\/h1>\n<\/div>\n<\/div>\n
\u53ef\u4ee5\u6309\u7167\u4e0b\u976210 \u4e2a\u4e3b\u8981\u6b65\u9aa4\u5728OPNsense \u8bbe\u7f6e\u57fa\u672c\u7f13\u5b58\u4ee3\u7406\u670d\u52a1\uff1a<\/p>\n
- \n
- \u542f\u7528\/\u7981\u7528\u4ee3\u7406\u670d\u52a1\u5668<\/li>\n
- \u914d\u7f6e\u4ee3\u7406\u63a5\u53e3<\/li>\n
- \u914d\u7f6e\u4ee3\u7406\u76d1\u542c\u7aef\u53e3<\/li>\n
- \u542f\u7528\/\u7981\u7528\u7f13\u5b58<\/li>\n
- \u914d\u7f6e\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5<\/li>\n
- \u542f\u7528\/\u7981\u7528 FTP \u4ee3\u7406<\/li>\n
- \u5b9a\u4e49\u8bbf\u95ee\u63a7\u5236\u5217\u8868<\/li>\n
- \u5b9a\u4e49\u8fdc\u7a0b\u8bbf\u95ee\u63a7\u5236\u5217\u8868<\/li>\n
- \u5b9a\u4e49\u9632\u706b\u5899\u89c4\u5219\u4ee5\u9632\u6b62\u5ba2\u6237\u7aef\u7ed5\u8fc7\u4ee3\u7406\u670d\u52a1\u5668<\/li>\n
- \u914d\u7f6e\u5ba2\u6237\u7aef\u4ee3\u7406<\/li>\n<\/ol>\n
\u4e0b\u9762\u7b80\u8981\u4ecb\u7ecd\u8fd9\u4e9b\u6b65\u9aa4\u3002<\/p>\n
1.\u542f\u7528\/\u7981\u7528\u4ee3\u7406\u670d\u52a1\u5668<\/h3>\n
\u5728OPNsense \u9632\u706b\u5899\u4e2d\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u5e26\u6709\u5408\u7406\u7684\u9ed8\u8ba4\u8bbe\u7f6e\uff0c\u53ef\u4ee5\u5feb\u901f\u8bbe\u7f6e\u3002\u8981\u5728 OPNsense \u9632\u706b\u5899\u4e2d\u542f\u7528\u4ee3\u7406\u670d\u52a1\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u9009\u4e2dEnable proxy\u9009\u9879\u3002<\/li>\n
- \u5355\u51fbApply\u6fc0\u6d3b\u4ee3\u7406\u670d\u52a1\u5668\u3002<\/li>\n<\/ol>\n
\u4ee3\u7406\u5c06\u542f\u7528\u57fa\u4e8e\u672c\u5730\u7528\u6237\u6570\u636e\u5e93\u7684\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u9ed8\u8ba4\u5728 LAN \u63a5\u53e3\u7684 3128 \u7aef\u53e3\u4e0a\u8fd0\u884c\u3002<\/p>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/8-757864c718dd4ef33ff19a2b8807a1d9.png\" "\\"\u5728")
<\/a><\/p>\n\u5982\u4f55\u542f\u52a8\/\u91cd\u542f\/\u505c\u6b62\u4ee3\u7406\u670d\u52a1\u5668\uff1f<\/h4>\n
\u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u6765\u67e5\u770b\u4ee3\u7406\u670d\u52a1\u7684\u72b6\u6001\u3002\u72b6\u6001\u548c\u64cd\u4f5c\u6309\u94ae\u4f4d\u4e8e\u7ba1\u7406\u9875\u9762\u7684\u53f3\u4e0a\u89d2\u3002<\/p>\n
\u4ee3\u7406\u670d\u52a1\u5668\u8fd0\u884c\u65f6\uff0c\u72b6\u6001\u6309\u94ae\u663e\u793a\u4e3a\u5e26\u6709\u767d\u8272\u53f3\u7bad\u5934\u56fe\u6807\u7684\u7eff\u8272\u77e9\u5f62\u3002<\/p>\n
\u5355\u51fbRestart\u6309\u94ae\u91cd\u65b0\u542f\u52a8\u4ee3\u7406\u670d\u52a1\u5668\u3002<\/p>\n
\u5355\u51fbStop\u6309\u94ae\u505c\u6b62\u4ee3\u7406\u670d\u52a1\u5668\u3002<\/p>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/9-d8172410f0263dc49edddd4ec7623ef3.png\" "\\"\u5728")
<\/a><\/p>\n\u5f53\u4ee3\u7406\u670d\u52a1\u5668\u505c\u6b62\u65f6\uff0c\u72b6\u6001\u6309\u94ae\u663e\u793a\u4e3a\u5e26\u6709\u767d\u8272\u65b9\u5f62\u56fe\u6807\u7684\u7ea2\u8272\u77e9\u5f62\u3002<\/p>\n
\u53ef\u4ee5\u5355\u51fbStart\u6309\u94ae\u542f\u52a8\u4ee3\u7406\u670d\u52a1\u5668\u3002<\/p>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/10-8095c2ac679a7540bfd7ac18a36ed184.png\" "\\"\u5728")
<\/a><\/p>\n2.\u914d\u7f6e\u4ee3\u7406\u63a5\u53e3\u548c\u5e38\u89c4\u8f6c\u53d1\u8bbe\u7f6e<\/h3>\n
\u5982\u679c\u9700\u8981\u66f4\u6539\u4ee3\u7406\u5c06\u7ed1\u5b9a\u7684\u63a5\u53e3\uff08\u5b50\u7f51\uff09\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u9009\u9879\u5361\uff0c\u6253\u5f00General Forward Settings\u9875\u9762\u3002<\/li>\n
- \u5728\u4ee3\u7406\u63a5\u53e3\u5b57\u6bb5\u4e2d\u9009\u62e9\u63a5\u53e3\u3002\u53ef\u4ee5\u6839\u636e\u9700\u8981\u6dfb\u52a0\u4efb\u610f\u6570\u91cf\u7684\u63a5\u53e3\u6216\u5220\u9664\u4e00\u4e2a\u3002<\/li>\n
- \u5355\u51fbApply\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/11-9dd7c2580c00015d4c07e9f02b91a76b.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u8fd9\u91cc\u53ef\u4ee5\u9009\u4e2d\u900f\u660e\u4ee3\u7406\u6a21\u5f0f\u7684\u542f\u7528\u900f\u660e HTTP \u4ee3\u7406\u9009\u9879\u3002<\/li>\n
- \u53ef\u4ee5\u9009\u4e2d\u542f\u7528 SSL \u68c0\u67e5\u6765\u8bb0\u5f55 HTTPS \u6d41\u91cf\uff0c\u6216\u8ba9\u4ee3\u7406\u5145\u5f53 Internet \u548c\u60a8\u7684\u5ba2\u6237\u7aef\u4e4b\u95f4\u7684\u4e2d\u95f4\u4eba\u3002\u5728\u542f\u7528\u6b64\u9009\u9879\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u5b89\u5168\u9690\u60a3\u3002\u5982\u679c\u4f7f\u7528\u900f\u660e HTTPS \u6a21\u5f0f\uff0c\u9700\u8981\u8bbe\u7f6eNAT\u89c4\u5219\u6765\u53cd\u6620\u6d41\u91cf\u3002<\/li>\n
- \u53ef\u4ee5\u9009\u4e2d\u4ec5\u8bb0\u5f55 SNI \u4fe1\u606f\u9009\u9879\uff0c\u8fd9\u6837\u53ea\u4f1a\u8bb0\u5f55\u8bf7\u6c42\u7684\u57df\u548c IP \u5730\u5740\uff0c\u4e0d\u89e3\u7801\u6216\u8fc7\u6ee4 SSL \u5185\u5bb9\u3002<\/li>\n
- \u53ef\u4ee5\u66f4\u6539SSL\u4ee3\u7406\u670d\u52a1\u5c06\u4fa6\u542c\u7684SSL \u4ee3\u7406\u7aef\u53e3\u3002\u9ed8\u8ba4\u4e3a 3129\u3002<\/li>\n
- \u53ef\u4ee5\u9009\u62e9\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7528\u4e8eSSL \u68c0\u67e5\u3002<\/li>\n
- \u53ef\u4ee5\u5728SSL \u65e0\u78b0\u649e\u7ad9\u70b9\u5b57\u6bb5\u4e2d\u8f93\u5165\u9700\u8981\u4e0d\u88ab\u68c0\u67e5\u7684\u7ad9\u70b9\u5217\u8868\uff0c\u4f8b\u5982\u94f6\u884c\u548c\u7535\u5b50\u5546\u52a1\u7ad9\u70b9\u3002\u8981\u63a5\u53d7\u6240\u6709\u5b50\u57df\uff0c\u5728\u57df\u524d\u52a0\u4e0a.\u3002<\/li>\n<\/ol>\n
3.\u914d\u7f6e\u4ee3\u7406\u76d1\u542c\u7aef\u53e3<\/h3>\n
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4ee3\u7406\u5c06\u4fa6\u542c\u7aef\u53e3 3128\u3002\u8981\u66f4\u6539\u4ee3\u7406\u4fa6\u542c\u7aef\u53e3\uff0c\u60a8\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u9009\u9879\u5361\uff0c\u6253\u5f00General Forward Settings\u9875\u9762\u3002<\/li>\n
- \u6839\u636e\u9700\u8981\u5c06\u4ee3\u7406\u7aef\u53e3\u8bbe\u7f6e\u4e3a\u9002\u5f53\u7684\u503c\uff0c\u4f8b\u5982 8080\u3002<\/li>\n
- \u5355\u51fbApply\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/12-8b5760f1eaa8bb3d6ba8844a1f44c632.png\" "\\"\u5728")
<\/a><\/p>\n4.\u542f\u7528\/\u7981\u7528\u7f13\u5b58<\/h3>\n
\u6309\u7167\u4e0b\u9762\u7684\u6b65\u9aa4\u8fdb\u884c\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbGeneral Proxy Settings\u67e5\u770b\u4e0b\u62c9\u83dc\u5355\u3002<\/li>\n
- \u70b9\u51fbLocal Cache Settings\u3002<\/li>\n
- \u9009\u4e2dEnable local cache\u9009\u9879\u3002<\/li>\n
- \u6253\u5f00\u9876\u90e8\u7684\u9ad8\u7ea7\u6a21\u5f0f\u6309\u94ae\u3002<\/li>\n
- Memory Cache size in Megabytes\u9009\u9879\u6839\u636e\u9700\u8981\u589e\u52a0 \uff0c\u4f8b\u59821024\u3002 \u9ed8\u8ba4\u4e3a256 MB\u3002<\/li>\n
- Cache size in Megabytes\u9009\u9879\u6839\u636e\u9700\u8981\u589e\u52a0\uff0c\u4f8b\u59821024\u3002\u9ed8\u8ba4\u4e3a100 MB<\/li>\n
- \u3002<\/li>\n
- Maximum object size (MB)\u4fdd\u6301\u9ed8\u8ba4\u7559\u7a7a\uff0c\u5373 4MB\u3002<\/li>\n
- Maximum object size in memory (KB)\u4fdd\u6301\u7559\u7a7a\u3002<\/li>\n
- Memory cache mode\u9009\u9879\u53ef\u4ee5\u4fdd\u6301\u9ed8\u8ba4\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u9009\u9879\uff1a<\/li>\n<\/ol>\n
- \n
- always\uff1a\u4fdd\u7559\u6700\u8fd1\u68c0\u7d22\u5230\u7684\u5bf9\u8c61\uff08\u9ed8\u8ba4\uff09<\/li>\n
- disk\uff1a\u53ea\u6709\u78c1\u76d8\u7f13\u5b58\u547d\u4e2d\u5b58\u50a8\u5728\u5185\u5b58\u4e2d\uff0c\u56e0\u6b64\u5bf9\u8c61\u5fc5\u987b\u5148\u7f13\u5b58\u5728\u78c1\u76d8\u4e0a\uff0c\u7136\u540e\u518d\u547d\u4e2d\u7b2c\u4e8c\u6b21\uff0c\u7136\u540e\u624d\u80fd\u7f13\u5b58\u5728\u5185\u5b58\u4e2d\u3002<\/li>\n
- network\uff1a\u53ea\u6709\u4ece\u7f51\u7edc\u68c0\u7d22\u5230\u7684\u5bf9\u8c61\u624d\u4f1a\u5b58\u50a8\u5728\u5185\u5b58\u4e2d\u3002<\/li>\n<\/ul>\n
- \n
- Enable Linux Package Cache\u9009\u9879\uff0c\u5982\u679c\u7f51\u7edc\u4e2d\u6709\u591a\u4e2a\u670d\u52a1\u5668\u5e76\u4e14\u4e0d\u6258\u7ba1\u81ea\u5df1\u7684\u5305\u955c\u50cf\uff0c\u53ef\u4ee5\u9009\u4e2d\u4e3a Linux \u53d1\u884c\u7248\u542f\u7528\u5305\u7f13\u5b58\u7684\u9009\u9879\u3002\u53ef\u4ee5\u8282\u7701 Internet \u5e26\u5bbd\uff0c\u540c\u65f6\u589e\u52a0\u78c1\u76d8\u8bbf\u95ee\u3002<\/li>\n
- Enable Windows Update Cache\u9009\u9879\uff0c\u5982\u679c\u6ca1\u6709 WSUS \u670d\u52a1\u5668\uff0c\u5219\u53ef\u4ee5\u9009\u4e2d\u542f\u7528\u6216\u7981\u7528 Windows \u66f4\u65b0\u7f13\u5b58\u7684\u9009\u9879\u3002<\/li>\n
- \u5355\u51fbApply\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/13-5e668e2d97191ff6411452b7c1124ed2.png\" "\\"\u5728")
<\/a><\/p>\n\u6ce8\u610f\uff1a\u56e0\u4e3a\u9ed8\u8ba4\u4e0d\u521b\u5efa\u7f13\u5b58\uff0c\u6240\u4ee5\u5fc5\u987b\u505c\u6b62\u5e76\u91cd\u65b0\u542f\u52a8\u4ee3\u7406\u670d\u52a1\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u521b\u5efa\u7f13\u5b58\u3002<\/p>\n
5.\u914d\u7f6e\u8ba4\u8bc1\u65b9\u5f0f<\/h3>\n
\u8981\u4fee\u6539OPNsense \u4e2d\u4ee3\u7406\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u67e5\u770b\u4e0b\u62c9\u83dc\u5355\u3002<\/li>\n
- \u70b9\u51fbAuthentication Settings\u3002<\/li>\n
- \u5728 Authentication method\u5b57\u6bb5\u4e2d\u9009\u62e9\u6240\u9700\u7684\u8eab\u4efd\u9a8c\u8bc1\u5668\u3002\u5982\u679c\u4e0d\u60f3\u4f7f\u7528\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\uff0c\u8bf7\u5355\u51fb\u4e0b\u9762\u7684Clear All\u6309\u94ae\u3002<\/li>\n<\/ol>\n\n\u63d0\u793a\uff1a\u6839\u636eSystem>\u00a0Access>Servers\u4e2d\u914d\u7f6e\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u5668\uff0c\u53ef\u4ee5\u9009\u62e9\u4ee5\u4e0b\u4e00\u4e2a\u6216\u591a\u4e2a\u9009\u9879\uff1a<\/div>\n\n
- \n
- \u672c\u5730\u7528\u6237\u6570\u636e\u5e93<\/li>\n
- \u534a\u5f84<\/li>\n
- Radius<\/li>\n
- \u57fa\u4e8e\u65f6\u95f4\u7684\u4e00\u6b21\u6027\u5bc6\u7801<\/li>\n
- \u4e0d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff08\u5c06\u6b64\u5b57\u6bb5\u7559\u7a7a\uff09<\/li>\n<\/ul>\n<\/div>\n<\/div>\n
- \n
- \u5982\u679c\u9700\u8981\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u5f3a\u5236\u672c\u5730\u7ec4\u6765\u9650\u5236\u5236\u5bf9\u9009\u5b9a\uff08\u672c\u5730\uff09\u7ec4\u4e2d\u7684\u7528\u6237\u7684\u8bbf\u95ee\u3002<\/li>\n
- \u53ef\u4ee5\u6839\u636e\u9700\u8981\u586b\u5199\u8eab\u4efd\u9a8c\u8bc1\u63d0\u793a\u3002\u5b83\u5c06\u663e\u793a\u5728\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u7a97\u53e3\u4e2d\u3002<\/li>\n
- \u5c06\u8eab\u4efd\u9a8c\u8bc1 TTL\uff08\u5c0f\u65f6\uff09\u8bbe\u7f6e\u4e3a8\u3002\u5c06\u6307\u5b9a\u4ee3\u7406\u670d\u52a1\u5668\u5047\u5b9a\u5916\u90e8\u9a8c\u8bc1\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u7ec4\u5408\u6709\u6548\u7684\u65f6\u95f4\uff08\u4ee5\u5c0f\u65f6\u4e3a\u5355\u4f4d\uff09\u3002\u5f53 TTL \u8fc7\u671f\u65f6\uff0c\u5c06\u63d0\u793a\u7528\u6237\u518d\u6b21\u8f93\u5165\u51ed\u636e\u3002<\/li>\n
- \u53ef\u4ee5\u5c06\u8eab\u4efd\u9a8c\u8bc1\u8fdb\u7a0b\u4fdd\u7559\u4e3a\u9ed8\u8ba4\u503c\u3002\u5c06\u63a7\u5236\u8eab\u4efd\u9a8c\u8bc1\u5668\u8fdb\u7a0b\u7684\u603b\u6570\u3002<\/li>\n
- \u5355\u51fbApply\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/14-62265f3ad11e382699acb400f3e7a631.png\" "\\"\u5728")
<\/a><\/p>\n6.\u542f\u7528FTP\u4ee3\u7406<\/h3>\n
\u5728OPNsense \u4e2d\u542f\u7528FTP \u4ee3\u7406\u670d\u52a1\uff0c\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u67e5\u770b\u4e0b\u62c9\u83dc\u5355\u3002<\/li>\n
- \u70b9\u51fbFTP Proxy Settings\u3002<\/li>\n
- \u5728FTP \u4ee3\u7406\u63a5\u53e3\u5b57\u6bb5\u4e2d\u9009\u62e9\u4e00\u4e2a\u6216\u591a\u4e2a\u63a5\u53e3\uff0c\u4f8b\u5982LAN\u6216GUESTNET\u3002<\/li>\n
- \u53ef\u4ee5\u66f4\u6539\u9ed8\u8ba4\u7684FTP \u4ee3\u7406\u7aef\u53e3\uff0c\u9ed8\u8ba4\u4e3a2121.<\/li>\n
- \u53ef\u4ee5\u52fe\u9009\u542f\u7528\u900f\u660e\u6a21\u5f0f\uff0c\u5c06\u76ee\u6807\u7aef\u53e3 21 \u7684\u6240\u6709\u8bf7\u6c42\u8f6c\u53d1\u5230\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u65e0\u9700\u4efb\u4f55\u989d\u5916\u914d\u7f6e\u3002<\/li>\n
- \u70b9\u51fbApply\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/15-91666e5a8f8d3ec559d7b348bd48d2f2.png\" "\\"\u5728")
<\/a><\/p>\n\u6ce8\u610f\uff1aFTP \u4ee3\u7406\u4ec5\u5728\u542f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u7684\u60c5\u51b5\u4e0b\u624d\u80fd\u5de5\u4f5c\u3002\u6b64\u5916\uff0c\u4ee3\u7406\u4ec5\u9002\u7528\u4e8e\u672a\u52a0\u5bc6\u7684 FTP \u6d41\u91cf\u3002<\/p>\n
7.\u5b9a\u4e49\u8bbf\u95ee\u63a7\u5236\u5217\u8868<\/h3>\n
\u5728OPNsense\u4e2d\u4e3a\u4ee3\u7406\u670d\u52a1\u5b9a\u4e49\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff0c\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u67e5\u770b\u4e0b\u62c9\u83dc\u5355\u3002<\/li>\n
- \u70b9\u51fbAccess Control Lists\u3002<\/li>\n
- \u70b9\u51fbadvanced mode toggle button.<\/li>\n
- \u5728\u5141\u8bb8\u7684\u5b50\u7f51\u8f93\u5165\u8981\u5141\u8bb8\u8bbf\u95ee\u4ee3\u7406\u670d\u52a1\u5668\u7684\u5b50\u7f51\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5141\u8bb8\u4ee3\u7406\u63a5\u53e3\u3002<\/li>\n
- \u6dfb\u52a0\u4e0d\u53d7\u9650\u5236\u7684 IP \u5730\u5740\u3002\u5bf9\u4e8e\u8fd9\u4e9b IP \u5730\u5740\uff0c\u4e0d\u5e94\u7528\u8eab\u4efd\u9a8c\u8bc1\u548c\u9ed1\u540d\u5355\u3002<\/li>\n
- \u53ef\u4ee5\u5728\u7981\u6b62\u7684\u4e3b\u673a IP \u5730\u5740\u5b57\u6bb5\u4e2d\u8f93\u5165\u5165\u8981\u62d2\u7edd\u8bbf\u95ee\u4ee3\u7406\u670d\u52a1\u5668\u7684IP \u5730\u5740\u3002<\/li>\n
- \u53ef\u4ee5\u5c06\u57df\u6dfb\u52a0\u5230\u767d\u540d\u5355\u4e2d\uff0c\u8fd9\u6837\u5b83\u4eec\u5c31\u4e0d\u4f1a\u88ab\u4ee3\u7406\u670d\u52a1\u5668\u963b\u6b62\uff0c\u4f8b\u5982unharmful.com<\/li>\n
- \u53ef\u4ee5\u5c06\u57df\u6dfb\u52a0\u5230\u9ed1\u540d\u5355\u4e2d\uff0c\u5b83\u4eec\u5c06\u88ab\u4ee3\u7406\u670d\u52a1\u5668\u963b\u6b62\uff0c\u4f8b\u5982harmful.com.<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/16-7d0cb3f71f1e5033303155192cba9e2e.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u53ef\u4ee5\u8bbe\u7f6eBlock browser\/user-agents\u6765\u963b\u6b62\u7279\u5b9a\u6d4f\u89c8\u5668\u3002\u4f8b\u5982\uff0c\u201cMozilla\u201d\u5c06\u963b\u6b62\u201c\u6240\u6709\u57fa\u4e8e Mozilla \u7684\u6d4f\u89c8\u5668\u201d\uff0c\u800c “(.) Macintosh(.) Firefox\/36.0” \u5c06\u963b\u6b62\u201cMacintosh \u7248\u672c\u7684 Firefox \u4fee\u8ba2\u7248 36.0\u201d\u3002\u4e0b\u56fe\u7684\u8bbe\u7f6e\u963b\u6b62\u4e86\u5177\u6709\u4e25\u91cd\u5b89\u5168\u6f0f\u6d1e\u7684\u4ece6\u523010\u7684MS Internet Explorer\u6d4f\u89c8\u5668\u3002<\/li>\n
- \u53ef\u4ee5\u8bbe\u7f6eBlock specific MIME type reply\u4ee5\u6839\u636e\u670d\u52a1\u5668\u7684 MIME \u7c7b\u578b\u56de\u590d\u7684\u5185\u5bb9\u6765\u963b\u6b62 HTTP \u56de\u590d\uff0c\u4f8b\u5982\u56fe\u50cf\u3001\u6587\u672c\u3001HTML\u3001flash\u3001\u97f3\u4e50\u3001MPEG \u7b49\u3002\u4f8b\u5982\uff0c\u8f93\u5165\u201cvideo\/Flv\u201d\u5c06\u963b\u6b62 Youtube flash \u89c6\u9891\u5185\u5bb9\uff0c\u5e76\u4e14\u201capplication\/x-javascript\u201d\u4f1a\u963b\u6b62\u201cjavascript\u201d\u3002<\/li>\n
- \u53ef\u4ee5\u5728Google GSuite restricted\u00a0\u5b57\u6bb5\u4e2d\u8f93\u5165\u5141\u8bb8\u4f7f\u7528Google GSuite\u7684\u57df\u3002\u6240\u6709\u4e0d\u5c5e\u4e8e\u6b64\u57df\u7684\u5e10\u6237\u90fd\u5c06\u88ab\u7981\u6b62\u4f7f\u7528\u3002<\/li>\n
- \u53ef\u4ee5\u5c06YouTube Filter\u00a0\u5b57\u6bb5\u8bbe\u7f6e\u4e3aModerate\u6216Strict\u4f7f\u7528 Youtube \u9650\u5236\u3002<\/li>\n
- \u53ef\u4ee5\u6dfb\u52a0\u5141\u8bb8\u7684\u76ee\u6807 TCP \u7aef\u53e3\u3002<\/li>\n
- \u53ef\u4ee5\u6dfb\u52a0\u5141\u8bb8\u7684 SSL \u7aef\u53e3\u3002<\/li>\n
- \u5355\u51fbApply\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/17-0fe7621cdbf2a3d5d207049a71b9a757.png\" "\\"\u5728")
<\/a><\/p>\n\u63d0\u793a\uff1a\u53ef\u4ee5\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u3001\u9017\u53f7\u6216\u6309 Enter \u952e\u6765\u521b\u5efa\u65b0\u9879\u76ee\u3002\u201cmydomain.com\u201d\u5339\u914d\u201c .mydomain.com\u201d\u3001\u201chttps?:\/\/( [a-zA-Z] ).mydomain\u201d\u548c\u201chttp(s):\/\/textONLY.mydomain. \u201d\uff1b<\/p>\n
\n“.gif$” \u5339\u914d ”\u00a0.gif” \u4f46\u4e0d\u5339\u914d ” .giftest”\uff1b”\u00a0[0-9]\u00a0 .gif$” \u5339\u914d “123.gif” \u4f46\u4e0d\u5339\u914d “test.gif”\u3002<\/div>\n<\/div>\n8.\u5b9a\u4e49\u8fdc\u7a0b\u8bbf\u95ee\u63a7\u5236\u5217\u8868<\/h3>\n
\u5728\u4ee3\u7406\u670d\u52a1\u5668\u4e2d\u5b9a\u4e49\u8fdc\u7a0b\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff0c\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbRemote Access Control Lists\u3002<\/li>\n
- \u70b9\u51fb\u53f3\u4e0b\u89d2\u7684 \u6309\u94ae\u6dfb\u52a0\u8fdc\u7a0b\u9ed1\u540d\u5355\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/18-8ebc385f732658aeeb5f0c4ee542e7e4.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u9009\u4e2denabled\u9009\u9879\u3002<\/li>\n
- \u8f93\u5165\u4e00\u4e2a\u552f\u4e00\u7684\u6587\u4ef6\u540d\u6765\u5b58\u50a8\u65b0\u7684\u9ed1\u540d\u5355\uff0c\u4f8b\u5982StevenBlackListPorn\u3002<\/li>\n
- \u8f93\u5165\u8981\u4ece\u4e2d\u68c0\u7d22\u9ed1\u540d\u5355\u7684 URL\uff0c\u4f8b\u5982\uff1ahttps:\/\/raw.githubusercontent.com\/StevenBlack\/hosts\/master\/alternates\/fakenews-gambling-porn-social\/hosts\u3002<\/li>\n
- \u8f93\u5165\u4e00\u4e2a\u63cf\u8ff0\u6765\u8bf4\u660e\u8be5\u9ed1\u540d\u5355\uff0c\u4f8b\u5982StevenBlackList for social, fake news, gambling, and porn sites\u00a0\u3002<\/li>\n
- \u5176\u4ed6\u9009\u9879\u53ef\u4ee5\u4fdd\u7559\u4e3a\u9ed8\u8ba4\u503c\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/19-e23017634e47dfe1f60e2a2e147252ca.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u5355\u51fbSave\u5b58\u50a8\u8bbe\u7f6e\u3002<\/li>\n
- \u5355\u51fbDownload ACLs & Apply\u83b7\u53d6\u5e76\u6fc0\u6d3b\u4ee3\u7406\u4e2d\u65b0\u6dfb\u52a0\u7684\u8fdc\u7a0b\u9ed1\u540d\u5355\u3002<\/li>\n<\/ol>\n
![\"\u4e0b\u8f7d\u4e0e](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/20-4d27dfe376cd814fbdcb6ac823e07435.png\" "\\"\u5728")
<\/a><\/p>\n\u63d0\u793a\uff1a\u4e0b\u8f7d\u8fdc\u7a0b\u9ed1\u540d\u5355\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u5355\u51fb\u5e26\u6709\u7b14\u56fe\u6807\u7684\u7f16\u8f91\u6309\u94ae\u6765\u7f16\u8f91\u8fdc\u7a0bACL\u3002\u53ef\u4ee5\u9009\u62e9\u8981\u4f7f\u7528\u7684\u7c7b\u522b\u3002\u5b83\u4eec\u7528\u4e8e\u57fa\u4e8e\u7c7b\u522b\u7684 Web \u8fc7\u6ee4\u3002<\/p>\n
9.\u5b9a\u4e49\u9632\u706b\u5899\u89c4\u5219\u4ee5\u9632\u6b62\u5ba2\u6237\u7aef\u7ed5\u8fc7\u4ee3\u7406\u670d\u52a1\u5668<\/h3>\n
\u5fc5\u987b\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u4ee5\u786e\u4fdd\u6ca1\u6709\u4eba\u53ef\u4ee5\u7ed5\u8fc7\u4ee3\u7406\u3002\u7531\u4e8e\u6240\u6709\u5ba2\u6237\u7aef\u90fd\u5fc5\u987b\u901a\u8fc7\u8fd0\u884c\u5728\u7aef\u53e3 3128 \u4e0a\u7684 OPNsense \u4ee3\u7406\u670d\u52a1\u5668\u8bbf\u95ee Internet\uff0c\uff0c\u56e0\u6b64\u5fc5\u987b\u963b\u6b62\u53d1\u9001\u5230 80\/433 \u7aef\u53e3\u7684\u6240\u6709 HTTP(S) \u8bf7\u6c42\u3002\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u56db\u4e2a\u4e3b\u8981\u6b65\u9aa4\u6765\u963b\u6b62\u7528\u6237\u7ed5\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\uff1a<\/p>\n
- \n
- \u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u963b\u6b62\u7aef\u53e3 80 \u4e0a\u7684\u51fa\u7ad9 HTTP \u6d41\u91cf\u3002<\/li>\n
- \u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u963b\u6b62\u7aef\u53e3 443 \u4e0a\u7684\u51fa\u7ad9 HTTPS \u6d41\u91cf\u3002<\/li>\n
- \u5c06\u65b0\u521b\u5efa\u7684\u89c4\u5219\u79fb\u52a8\u5230\u9632\u706b\u5899\u89c4\u5219\u5217\u8868\u7684\u9876\u90e8\u3002<\/li>\n
- \u6fc0\u6d3b\u65b0\u7684\u9632\u706b\u5899\u89c4\u5219\u3002<\/li>\n<\/ol>\n
\uff081\uff09\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\uff0c\u963b\u6b6280\u7aef\u53e3<\/strong><\/p>\n
\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u963b\u6b62\u7aef\u53e3 80 \u4e0a\u7684\u51fa\u7ad9HTTP \u6d41\u91cf\uff0c\u9632\u6b62\u5ba2\u6237\u7aef\u7ed5\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u81f3Firewall> \u3002Rules<\/li>\n
- \u70b9\u51fb\u4ee3\u7406\u7ed1\u5b9a\u7684\u63a5\u53e3\uff0c\u5982LAN\u3002<\/li>\n
- \u5355\u51fb \u6309\u94ae\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u3002<\/li>\n
- \u5c06\u52a8\u4f5c\u8bbe\u7f6e \u4e3aBlock\u3002<\/li>\n
- \u5c06\u63a5\u53e3\u8bbe\u7f6e\u4e3a\u4ee3\u7406\u7ed1\u5b9a\u5230\u7684\u63a5\u53e3\uff0c\u5982LAN.<\/li>\n
- \u5c06\u534f\u8bae\u8bbe\u7f6e \u4e3aTCP\/UDP\u3002<\/li>\n
- \u5c06\u6e90\u8bbe\u7f6e \u4e3aLAN net<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/21-2731f14b4ce7dddbba20bb59cbbe821a.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u5c06\u76ee\u6807\u7aef\u53e3\u8303\u56f4\u8bbe\u7f6e\u4e3aHTTP\u3002<\/li>\n
- \u9009\u4e2d\u8bb0\u5f55\u6b64\u89c4\u5219\u5904\u7406\u7684\u6570\u636e\u5305\u9009\u9879\u6765\u542f\u7528\u65e5\u5fd7\u8bb0\u5f55\u3002<\/li>\n
- \u8f93\u5165Block Proxy Bypass\u7c7b\u522b\u5b57\u6bb5\u3002<\/li>\n
- \u8f93\u5165\u63cf\u8ff0\u8bf4\u660e\uff1aBlock HTTP Bypass\u3002<\/li>\n
- \u5176\u4ed6\u8bbe\u7f6e\u4fdd\u7559\u4e3a\u9ed8\u8ba4\u8bbe\u7f6e\u3002<\/li>\n
- \u5355\u51fbSave\u6309\u94ae\u4fdd\u5b58\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u4ee5\u963b\u6b62](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/22-93b811e4295a355665e25087a7ba0963.png\" "\\"\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\u4ee5\u963b\u6b62")
<\/a><\/p>\n\uff082\uff09\u6dfb\u52a0\u9632\u706b\u5899\u89c4\u5219\uff0c\u963b\u6b62443\u7aef\u53e3<\/strong><\/p>\n
\u00a0 \u00a0 \u00a0 \u00a0\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5728\u89c4\u5219\u5217\u8868\u9875\u9762\uff0c\u5728\u524d\u9762\u521b\u5efa\u7684\u963b\u6b6280\u7aef\u53e3\u51fa\u7ad9\u7684\u89c4\u5219\u7684\u53f3\u4fa7\uff0c\u5355\u51fbClone\u6309\u94ae\uff0c\u6253\u5f00\u4e00\u4e2a\u65b0\u7684\u9632\u706b\u5899\u89c4\u5219\u7f16\u8f91\u9875\u9762\u3002<\/li>\n
- \u5c06\u76ee\u6807\u7aef\u53e3\u8303\u56f4\u8bbe\u7f6e\u4e3aHTTPS\u3002<\/li>\n
- \u5c06\u63cf\u8ff0\u5b57\u6bb5\u66f4\u6539\u4e3aBlock HTTPS Bypass\u3002<\/li>\n
- \u5176\u4ed6\u8bbe\u7f6e\u4fdd\u7559\u4e3a\u9ed8\u8ba4\u8bbe\u7f6e\u3002<\/li>\n
- \u5355\u51fbSave\u6309\u94ae\u4fdd\u5b58\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
\uff083\uff09<\/strong>\u5c06\u65b0\u5efa\u7684\u89c4\u5219\u79fb\u81f3\u9632\u706b\u5899\u89c4\u5219\u5217\u8868\u9876\u90e8<\/h4>\n
\u5fc5\u987b\u5c06\u521b\u5efa\u7684\u4e24\u4e2a\u9632\u706b\u5899\u89c4\u5219\u79fb\u5230\u5217\u8868\u9876\u90e8\uff0c\u4ee5\u4fbf\u5ba2\u6237\u7aef\u7684 HTTP(S) \u8bf7\u6c42\u4e0e\u5b83\u4eec\u5339\u914d\u5e76\u88ab\u963b\u6b62\u3002<\/p>\n
![\"\u79fb\u52a8\u9632\u706b\u5899\u89c4\u5219\u4ee5\u9632\u6b62\u5ba2\u6237\u7aef\u7ed5\u8fc7](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/23-7e784047b6144befd114738156143180.png\" "\\"\u79fb\u52a8\u9632\u706b\u5899\u89c4\u5219\u4ee5\u9632\u6b62\u5ba2\u6237\u7aef\u7ed5\u8fc7")
<\/a><\/p>\n\uff084\uff09<\/strong>\u6fc0\u6d3b\u65b0\u7684\u9632\u706b\u5899\u89c4\u5219<\/h4>\n
\u70b9\u51fb\u9875\u9762\u53f3\u4e0a\u89d2\u7684Apply Changes \u6309\u94ae\u3002<\/p>\n
10.\u914d\u7f6eWindows\u5ba2\u6237\u7aef\u6216\u6d4f\u89c8\u5668<\/h3>\n
\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u8bbe\u7f6e Windows \u5ba2\u6237\u7aef\u4e2d\u7684\u4ee3\u7406\uff0c\u8ba9\u5ba2\u6237\u7aef\u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\u8bbf\u95ee\u7f51\u7edc\uff1a<\/p>\n
- \n
- \u53f3\u952e\u5355\u51fb Windows 10 PC \u4efb\u52a1\u680f\u4e0a\u7684\u7f51\u7edc\u56fe\u6807\uff0c\u6253\u5f00\u7f51\u7edc\u548c Internet \u8bbe\u7f6e\u3002\u6216\u6253\u5f00chrome\u6d4f\u89c8\u5668\uff0c\u627e\u5230Settings>\u00a0Advanced>\u00a0System>\u00a0Open your computer’s proxy settings\u9009\u9879\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/24-993b80e78de640b8c4d6777c1213eaf8.png\" "\\"\u5728")
<\/a><\/p>\n\u56fe 24.\u00a0\u5728 Chrome \u6d4f\u89c8\u5668\u4e2d\u8bbf\u95ee\u4ee3\u7406\u670d\u52a1\u5668\u8bbe\u7f6e<\/p>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/25-fd2e825bb6064121ef5d327faa439fde.png\")
<\/a><\/p>\n- \n
- \u70b9\u51fb\u4ee3\u7406\u3002<\/li>\n
- \u5728\u4f7f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u9009\u9879\uff0c\u624b\u52a8\u8f93\u5165\u4ee3\u7406\u5730\u5740\u548c\u7aef\u53e3\u3002<\/li>\n
- \u5728\u5730\u5740\u5b57\u6bb5\u4e2d\u8f93\u5165\u4ee3\u7406\u670d\u52a1\u5668 IP \u5730\u5740\uff0c\u598210.10.10.1.<\/li>\n
- \u5728\u7aef\u53e3\u5b57\u6bb5\u4e2d\u8f93\u5165\u5728\u4e0a\u4e00\u8282\u4e2d\u8bbe\u7f6e\u7684\u4ee3\u7406\u670d\u52a1\u5668\u7aef\u53e3\u53f7\uff0c\u59823128\u3002<\/li>\n
- \u5355\u51fbSave\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/26-ff8b890b68c676d3bc143c0a7743bf31-1.png\")
<\/a><\/p>\n\u4ee3\u7406\u670d\u52a1\u5668\u548c\u5ba2\u6237\u7aef\u914d\u7f6e\u5df2\u5b8c\u6210\u3002\u73b0\u5728\uff0c\u53ef\u4ee5\u6d4b\u8bd5\u8bbe\u7f6e\u3002<\/p>\n
11.\u6d4b\u8bd5\u4ee3\u7406\u914d\u7f6e<\/h3>\n
\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u6d4b\u8bd5\u4ee3\u7406\u914d\u7f6e\uff1a<\/p>\n
- \n
- \u5728\u5ba2\u6237\u7684 PC \u4e0a\u6253\u5f00\u6d4f\u89c8\u5668\u3002\u5982\u679c\u5728\u4ee3\u7406\u8bbe\u7f6e\u4e2d\u542f\u7528\u4e86\u8eab\u4efd\u9a8c\u8bc1\uff0c\u8fd9\u5c06\u5f39\u51fa\u4e00\u4e2a\u7c7b\u4f3c\u4e8e\u56fe 27 \u7684\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u8bdd\u6846\u3002<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/86386827.png\")
<\/a><\/p>\n- \n
- \u5c1d\u8bd5\u901a\u8fc7\u6d4f\u89c8\u5668\u8fde\u63a5\u6253\u5f00http:\/\/wizhumpgyros.com\/\u3002\u7531\u4e8e\u8be5 URL \u5b58\u5728\u4e8e\u8fdc\u7a0b ACL \u6dfb\u52a0\u5230\u4ee3\u7406\u670d\u52a1\u5668\u7684StevenBlack \u5217\u8868\u4e2d\uff0c\u56e0\u6b64\u4f1a\u88ab\u963b\u6b62\u3002<\/li>\n<\/ol>\n
![\"OPNsense](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/28-e576c614b748e16e8b37f1d28093aeb1.png\" "\\"OPNsense")
<\/a><\/p>\n- \n
- \u5bfc\u822a\u5230Service>Web Proxy >Access Log\uff0c\u5c06\u4f1a\u770b\u5230\u8bbf\u95ee\u88ab\u963b\u6b62\u7684\u4fe1\u606f\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/29-5f1d412fcef69ad72deeed9061238b74.png\" "\\"\u5728")
<\/a><\/p>\n\u542f\u7528Web\u8fc7\u6ee4<\/h1>\n
OPNsense \u901a\u8fc7\u5229\u7528\u5185\u7f6e\u4ee3\u7406\u548c\u514d\u8d39\u6216\u5546\u4e1a\u9ed1\u540d\u5355\u4e4b\u4e00\u6267\u884c\u57fa\u4e8e\u7c7b\u522b\u7684 Web \u8fc7\u6ee4\u3002\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u4f7f\u7528 Shalla \u7684\u9ed1\u540d\u5355\uff0c\u5b83\u662f\u6309\u7c7b\u522b\u7ec4\u7ec7\u7684 URL \u5217\u8868\u7684\u96c6\u5408\uff0c\u65e8\u5728\u4e0e SquidGuard \u6216 Dansguardian \u7b49 URL \u8fc7\u6ee4\u5668\u4e00\u8d77\u4f7f\u7528\u3002\u5b83\u4eec\u53ef\u4ee5\u514d\u8d39\u7528\u4e8e\u4e2a\u4eba\u548c\u5546\u4e1a\u76ee\u7684\u3002<\/p>\n
\n\u63d0\u793a\uff1a\u4e5f\u53ef\u4ee5\u4f7f\u7528\u56fe\u5362\u5179\u5927\u5b66\u7684 Fabrice Prigent \u7684 UT1\u201c\u7f51\u7edc\u5206\u7c7b\u5217\u8868\u201d\u3002\u5728\u77e5\u8bc6\u5171\u4eab\u8bb8\u53ef\u4e0b\u53ef\u4ee5\u514d\u8d39\u4f7f\u7528\u3002<\/div>\n\n\u5176\u4ed6\u6d41\u884c\u7684\u7f51\u7edc\u8fc7\u6ee4\u5217\u8868\u53ef\u4ee5\u5728 https:\/\/github.com\/maravento\/blackweb\u627e\u5230\u3002<\/p>\n<\/div>\n<\/div>\n
\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u4e24\u4e2a\u4e3b\u8981\u6b65\u9aa4\u5728OPNsense \u4ee3\u7406\u670d\u52a1\u4e2d\u542f\u7528 Web \u8fc7\u6ee4\uff1a<\/p>\n
- \n
- \u914d\u7f6e\u8fdc\u7a0b\u8bbf\u95ee\u63a7\u5236\u5217\u8868<\/li>\n
- \u914d\u7f6e Web \u7c7b\u522b<\/li>\n<\/ol>\n\n\u63d0\u793a\uff1a\u5047\u8bbe\u5df2\u7ecf\u6309\u7167\u4e0a\u4e00\u8282\u4e2d\u7684\u8bf4\u660e\u5728 OPNsense \u4e2d\u914d\u7f6e\u4e86\u57fa\u672c\u7f13\u5b58\u4ee3\u7406\u3002<\/div>\n<\/div>\n
\u914d\u7f6e\u8fdc\u7a0b\u8bbf\u95ee\u63a7\u5236\u5217\u8868<\/strong><\/h3>\n
\u8981\u5728\u4ee3\u7406\u670d\u52a1\u5668\u4e2d\u5b9a\u4e49\u8fdc\u7a0b\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbRemote Access Control Lists\u9009\u9879\u5361\u3002<\/li>\n
- \u70b9\u51fb\u53f3\u4e0b\u89d2\u7684 \u56fe\u6807\u6309\u94ae\u6dfb\u52a0\u8fdc\u7a0b\u9ed1\u540d\u5355\u3002<\/li>\n
- \u9009\u4e2denabled\u9009\u9879\u3002<\/li>\n
- \u8f93\u5165\u4e00\u4e2a\u552f\u4e00\u7684\u6587\u4ef6\u540d\u6765\u5b58\u50a8\u65b0\u7684\u9ed1\u540d\u5355\uff0c\u4f8b\u5982ShallaBlackList.<\/li>\n
- \u8f93\u5165\u8981\u4ece\u4e2d\u68c0\u7d22\u9ed1\u540d\u5355\u7684 URL\uff0c\u4f8b\u5982\uff1ahttp:\/\/www.shallalist.de\/Downloads\/shallalist.tar.gz.<\/li>\n
- \u8f93\u5165\u63cf\u8ff0\u8bf4\u660e\uff0c\u5982ShallaBlackList for category-based web filtering\u3002<\/li>\n
- \u5176\u4ed6\u9009\u9879\u4fdd\u7559\u4e3a\u9ed8\u8ba4\u503c\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/30-c2aa47f8e6a54f4c5f8cc33655579ec6.png\" "\\"\u5728")
<\/a><\/p>\n9.\u5355\u51fbSave\u5b58\u50a8\u8bbe\u7f6e\u3002<\/p>\n
10.\u5355\u51fbDownload ACLs & Apply\uff0c\u83b7\u53d6\u5e76\u6fc0\u6d3b\u4ee3\u7406\u4e2d\u65b0\u6dfb\u52a0\u7684\u8fdc\u7a0b\u9ed1\u540d\u5355\u3002<\/p>\n
![\"\u4e0b\u8f7d\u4e0e](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/31-113a08152bde32d30c775ad73c8d2a33.png\" "\\"\u4e0b\u8f7d\u548c\u5e94\u7528\u8fdc\u7a0b")
<\/a><\/p>\n\u914d\u7f6e\u7f51\u9875\u5206\u7c7b<\/strong><\/h3>\n
\u4e0b\u8f7d\u8fdc\u7a0b\u9ed1\u540d\u5355\u540e\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u9009\u62e9\u8981\u4f7f\u7528\u7684\u7f51\u9875\u7c7b\u522b\uff1a<\/p>\n
- \n
- \u5355\u51fb\u8fdc\u7a0b\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u9875\u9762\u4e2d\u65b0\u6dfb\u52a0\u7684\u9ed1\u540d\u5355\u65c1\u8fb9\u5e26\u6709\u7b14\u56fe\u6807\u7684\u7f16\u8f91\u6309\u94ae\u3002<\/li>\n
- \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728\u7c7b\u522b\u5b57\u6bb5\u4e2d\u9009\u62e9\u6240\u6709 Web \u7c7b\u522b\u8fdb\u884c\u8fc7\u6ee4\u3002\u53ef\u4ee5\u53d6\u6d88\u9009\u4e2d\u4efb\u4f55\u7c7b\u522b\u6765\u5141\u8bb8\u7528\u6237\u6839\u636e\u9700\u8981\u8bbf\u95ee\u5b83\u4eec\u3002<\/li>\n<\/ol>\n
![\"\u9009\u62e9\u8981\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/32-fb7541f66f6504a77000f3a3a7dddfb1.png\" "\\"\u9009\u62e9\u8981\u5728")
<\/a><\/p>\n\u56fe 32.\u00a0\u9009\u62e9\u8981\u5728 OPNsense \u4ee3\u7406\u4e2d\u963b\u6b62\u7684 Web \u7c7b\u522b<\/p>\n
- \n
- \u5355\u51fbSave\u4ee5\u5b58\u50a8\u65b0\u8bbe\u7f6e\u3002<\/li>\n
- \u518d\u6b21\u5355\u51fbDownload ACLs\uff0c\u4e0b\u8f7d\u5e76\u91cd\u5efa\u4ec5\u5305\u542b\u6240\u9009\u7c7b\u522b\u7684\u5217\u8868\u3002<\/li>\n<\/ol>\n
\u6d4b\u8bd5\u914d\u7f6e<\/strong><\/h3>\n
\u6211\u4eec\u5047\u8bbe\u5728\u4e0a\u4e00\u6b65\u4e2d\u9009\u62e9\u4e86\u8981\u963b\u6b62\u7684\u5e7f\u544a\u7c7b\u522b\u3002\u73b0\u5728\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u6d4b\u8bd5\u4ee3\u7406\u914d\u7f6e\uff1a<\/p>\n
- \n
- \u5728\u5ba2\u6237\u7684 PC \u4e0a\u6253\u5f00\u6d4f\u89c8\u5668\u3002<\/li>\n
- \u5c1d\u8bd5\u901a\u8fc7\u6d4f\u89c8\u5668\u6253\u5f00trafficcenter.com\uff0c\u7531\u4e8e\u8be5 URL \u5728\u8fdc\u7a0b ACL Stalla \u7684\u9ed1\u540d\u5355\u4e2d\uff0c\u56e0\u6b64\u4f1a\u88ab\u963b\u6b62\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/33-ec418f590d42ff6388adf1e2d14d783c.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u5bfc\u822a\u5230Service>Web Proxy >Access Log\uff0c\u5c06\u4f1a\u770b\u5230\u8bbf\u95ee\u88ab\u963b\u6b62\u7684\u4fe1\u606f\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/34-346064afe05abac16b2e12fde0e90056.png\" "\\"\u5728")
<\/a><\/p>\n\u56fe 34.\u00a0\u5728 OPNsense \u4ee3\u7406\u4e2d\u67e5\u770b\u8bbf\u95ee\u65e5\u5fd7<\/p>\n
\u542f\u7528\u900f\u660eSSL\u6a21\u5f0f<\/h1>\n
\u53ef\u4ee5\u5c06 OPNsense\u4ee3\u7406\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ee5\u900f\u660e\u6a21\u5f0f\u8fd0\u884c\u3002\u8fd9\u6837\u5ba2\u6237\u7aef\u6d4f\u89c8\u5668\u5c31\u4e0d\u9700\u8981\u4e3a\u7f51\u7edc\u4ee3\u7406\u8fdb\u884c\u4efb\u4f55\u914d\u7f6e\u3002\u6240\u6709\u7f51\u7edc\u6d41\u91cf\u90fd\u901a\u8fc7\u7f51\u7edc\u5730\u5740\u8f6c\u6362\u81ea\u52a8\u8def\u7531\u5230\u4ee3\u7406\u3002<\/p>\n
\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728 OPNsense \u9632\u706b\u5899\u4e2d\u914d\u7f6e HTTP \u548c HTTPS\uff08SSL \u78b0\u649e\uff09\u900f\u660e\u4ee3\u7406\u6a21\u5f0f\u3002<\/p>\n
\u6ce8\u610f\uff1a\u4f7f\u7528\u900f\u660e HTTPS \u4ee3\u7406\u53ef\u80fd\u5f88\u5371\u9669\uff0c\u5e76\u4e14\u53ef\u80fd\u4f1a\u8ba9\u4f60\u6240\u4f7f\u7528\u7684\u670d\u52a1\u7684\u9650\u5236\uff0c\u4f8b\u5982\u7535\u5b50\u5546\u52a1\uff0c\u56e0\u4e3a\u900f\u660e SSL\/HTTPS \u4ee3\u7406\u6a21\u5f0f\u5229\u7528\u4e86\u4e00\u79cd\u79f0\u4e3a\u4e2d\u95f4\u4eba\u7684\u65b9\u6cd5\u3002\u5982\u679c\u5bf9\u81ea\u5df1\u7684\u80fd\u529b\u6709\u4fe1\u5fc3\uff0c\u8bf7\u4ec5\u914d\u7f6e\u548c\u4f7f\u7528\u900f\u660e\u6a21\u5f0f\u3002\u5982\u679c\u914d\u7f6e\u9519\u8bef\uff0c\u9632\u706b\u5899\u7684\u5b89\u5168\u9632\u5fa1\u53ef\u80fd\u4f1a\u88ab\u4e25\u91cd\u524a\u5f31\u800c\u4e0d\u662f\u52a0\u5f3a\u3002<\/p>\n
\u901a\u8fc7\u4ee5\u4e0b 5 \u4e2a\u4e3b\u8981\u6b65\u9aa4\u5728OPNsense\u4ee3\u7406\u670d\u52a1\u4e2d\u542f\u7528\u900f\u660e SSL \u6a21\u5f0f\uff1a<\/p>\n
- \n
- \u4e3a\u900f\u660e SSL\u521b\u5efa\u8bc1\u4e66\u9881\u53d1\u673a\u6784<\/li>\n
- \u7981\u7528\u4ee3\u7406\u670d\u52a1\u5668\u7684\u8eab\u4efd\u9a8c\u8bc1<\/li>\n
- \u542f\u7528\u900f\u660e HTTP\u548c SSL \u6a21\u5f0f<\/li>\n
- \u914d\u7f6e\u975eSSL \u78b0\u649e<\/li>\n
- \u4e3a HTTP(S) \u6dfb\u52a0 NAT \u9632\u706b\u5899\u89c4\u5219<\/li>\n
- \u914d\u7f6e\u4ee3\u7406\u5ba2\u6237\u7aef<\/li>\n<\/ol>\n\n\u63d0\u793a\uff1a\u5047\u8bbe\u5df2\u7ecf\u6309\u7167\u7b2c\u4e00\u90e8\u5206\u4e2d\u7684\u8bf4\u660e\u5728 OPNsense \u4e2d\u914d\u7f6e\u4e86\u57fa\u672c\u7f13\u5b58\u4ee3\u7406\u3002<\/div>\n<\/div>\n
\u4e0b\u9762\u7b80\u8981\u8bf4\u660e\u5728OPNsense\u4ee3\u7406\u4e2d\u542f\u7528\u900f\u660e SSL \u6a21\u5f0f\u7684\u6bcf\u4e2a\u4e3b\u8981\u6b65\u9aa4\u3002<\/p>\n
\u521b\u5efa\u8bc1\u4e66\u9881\u53d1\u673a\u6784<\/h3>\n
\u5728\u4ee3\u7406\u670d\u52a1\u5668\u4e2d\u542f\u7528\u900f\u660e SSL \u6a21\u5f0f\u4e4b\u524d\uff0c\u5982\u679c\u6ca1\u6709\u5185\u90e8\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff0c\u5219\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u5185\u90e8\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002<\/p>\n
\u7981\u7528\u4ee3\u7406\u8ba4\u8bc1<\/strong><\/h3>\n
\u5728\u900f\u660e\u6a21\u5f0f\u4e0b\u64cd\u4f5c\u65f6\uff0c\u65e0\u6cd5\u4f7f\u7528\u4ee3\u7406\u8eab\u4efd\u9a8c\u8bc1\u3002\u7531\u4e8e\u6d4f\u89c8\u5668\u4e0d\u77e5\u9053\u6b63\u5728\u4f7f\u7528\u4ee3\u7406\uff0c\u56e0\u6b64\u65e0\u6cd5\u54cd\u5e94\u4ee3\u7406\u8eab\u4efd\u9a8c\u8bc1\u8bf7\u6c42\u3002\u8981\u66f4\u6539 OPNsense \u4e2d\u4ee3\u7406\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u67e5\u770b\u4e0b\u62c9\u83dc\u5355\u3002<\/li>\n
- \u70b9\u51fbAuthentication Settings\u3002<\/li>\n
- \u5355\u51fb\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u5b57\u6bb5\u4e2d\u7684Clear All\u94fe\u63a5\u6e05\u9664\u4f55\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002<\/li>\n<\/ol>\n
\u542f\u7528\u900f\u660eHTTP\u548cSSL\u6a21\u5f0f<\/h3>\n
\u6309\u7167\u4e0b\u9762\u7684\u540e\u7eed\u6b65\u9aa4\u542f\u7528\u900f\u660e HTTP \u6a21\u5f0f\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u9009\u9879\u5361\uff0c\u627e\u5230General Forward Settings\u3002<\/li>\n
- \u9009\u4e2d\u542f\u7528\u900f\u660e HTTP \u4ee3\u7406\u9009\u9879\u3002<\/li>\n
- \u9009\u4e2d\u542f\u7528 SSL \u68c0\u67e5\u9009\u9879\u3002<\/li>\n
- \u5355\u51fbApply\u6309\u94ae\u5e94\u7528\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/35-42e16634d1ee0f8c07df728aac0f66e4.png\" "\\"\u5728")
<\/a>\u00a0\u56fe 35.\u00a0\u5728 OPNsense \u4ee3\u7406\u4e2d\u542f\u7528\u900f\u660e HTTP \u548c SSL \u6a21\u5f0f<\/p>\n\u914d\u7f6e\u975eSSL\u78b0\u649e<\/h3>\n
\u4e3a\u786e\u4fdd\u5df2\u77e5\u7ad9\u70b9\u4e0d\u4f1a\u88ab\u78b0\u649e\u5e76\u4fdd\u7559\u5176\u539f\u59cb\u5b89\u5168\u5c42\uff0c\u9700\u8981\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5c06\u5b83\u4eec\u6dfb\u52a0\u5230 SSL \u975e\u78b0\u649e\u7ad9\u70b9\u5b57\u6bb5\uff0c\u5305\u62ec\u6240\u6709\u5b50\u57df\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u9009\u9879\u5361\uff0c\u627e\u5230General Forward Settings<\/li>\n
- \u5c06\u57df\u8f93\u5165SSL\u975e\u78b0\u649e\u7ad9\u70b9\uff0c\u7136\u540e\u6309 Enter\u3002<\/li>\n<\/ol>\n\n\u63d0\u793a\uff1a\u8981\u5305\u542b\u6240\u6709\u5b50\u57df\uff0c\u5fc5\u987b\u4ee5.\u5f00\u5934\uff0c\u4f8b\u5982\uff1a.paypal.com,\u00a0.google.com,\u00a0.amazon.com,\u00a0.hsbc.com\u3002<\/div>\n<\/div>\n\n\u6ce8\u610f\uff1a\u786e\u4fdd\u5728\u6b64\u5b57\u6bb5\u4e2d\u5305\u542b\u63d0\u4f9b\u4e2a\u4eba\u6216\u767b\u5f55\u4fe1\u606f\u7684\u6240\u6709\u94f6\u884c\u7f51\u7ad9\u548c\u7f51\u7ad9\u3002<\/div>\n<\/div>\n
\u4e3a HTTP(S) \u6dfb\u52a0 NAT \u9632\u706b\u5899\u89c4\u5219<\/h3>\n
\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u4e3a HTTP(S) \u6dfb\u52a0 NAT \u9632\u706b\u5899\u89c4\u5219\uff1a<\/p>\n
- \n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u9009\u9879\u5361\uff0c\u627e\u5230General Forward Settings\u3002<\/li>\n
- \u5355\u51fb\u542f\u7528\u900f\u660e HTTP \u4ee3\u7406\u9009\u9879\u5de6\u4fa7\u7684 (i) \u56fe\u6807\u3002<\/li>\n
- \u5355\u51fb\u6dfb\u52a0\u65b0\u9632\u706b\u5899\u89c4\u5219\u94fe\u63a5\uff0c\u4f1a\u8f6c\u5230Firewall>\u00a0NAT>Port Forward\u8bbe\u7f6e\u9875\u9762\u3002<\/li>\n<\/ol>\n
![\"OPNsense](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/36-fc140567748a1ee803382f9a55d66169.png\" "\\"OPNsense")
<\/a><\/p>\n![\"OPNsense](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/37-d7c0346675d4ba1016f6a70a89048ab7.png\" "\\"OPNsense")
<\/a><\/p>\n- \n
- \u5355\u51fbSave\u6309\u94ae\u3002<\/li>\n
- \u5bfc\u822a\u5230Services\u00a0>\u00a0Web Proxy\u00a0>\u00a0Administration\u3002<\/li>\n
- \u5355\u51fbForward Proxy\u9009\u9879\u5361\uff0c\u627e\u5230General Forward Settings\u3002<\/li>\n
- \u5355\u51fb\u542f\u7528 SSL \u68c0\u67e5\u9009\u9879\u5de6\u4fa7\u7684 (i) \u56fe\u6807\u3002<\/li>\n
- \u5355\u51fb\u6dfb\u52a0\u65b0\u9632\u706b\u5899\u89c4\u5219\u94fe\u63a5\uff0c\u4f1a\u8f6c\u5230Firewall>\u00a0NAT>Port Forward\u8bbe\u7f6e\u9875\u9762\u3002<\/li>\n<\/ol>\n
![\"OPNsense](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/38-d568a904a743730b17fa10003cf83732.png\" "\\"OPNsense")
<\/a><\/p>\n![\"OPNsense](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/39-6525e0571569d012b2928d689241bb21.png\" "\\"OPNsense")
<\/a><\/p>\n- \n
- \u5355\u51fbSave\u6309\u94ae\u3002<\/li>\n
- \u5355\u51fbApply Changes\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/li>\n<\/ol>\n
![\"OPNsense](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/40-ea9627042647bbd7d718d3bd6de94a68.png\" "\\"OPNsense")
<\/a><\/p>\n\u914d\u7f6e\u4ee3\u7406\u5ba2\u6237\u7aef<\/h3>\n
\u7531\u4e8e\u6d4f\u89c8\u5668\u4e0d\u4fe1\u4efb\u9632\u706b\u5899\u7684\u5185\u90e8 CA\uff0c\u8bbf\u95ee\u7684\u6bcf\u4e2a SSL \u7ad9\u70b9\uff0c\u90fd\u4f1a\u6536\u5230\u4e00\u6761\u8b66\u544a\u6d88\u606f\uff0c\u4f8b\u5982Your connection isn’t private. Attackers might be trying to steal your information NET::ERR_CERT_AUTHORITY_INVALID\u3002<\/p>\n
![\"\"](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/\u4e0b\u8f7d.png\")
<\/a><\/p>\n\u8981\u89e3\u51b3\u6b64\u95ee\u9898\uff0c\u5fc5\u987b\u5728\u5ba2\u6237\u7aef\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u6dfb\u52a0 CA \u8bc1\u4e66\u4f5c\u4e3a\u53d7\u4fe1\u4efb\u7684\u6839 CA \u8bc1\u4e66\u3002\u53ef\u4ee5\u6309\u4ee5\u4e0b\u6b65\u9aa4\u5c06\u5176\u5bfc\u5165 Windows 10 PC \u5e76\u5c06\u5176\u8bbe\u7f6e\u4e3a\u53d7\u4fe1\u4efb\u7684\u6839 CA \u8bc1\u4e66\uff1a<\/p>\n
- \n
- OPNsense Web UI \u4e2d\u5bfc\u822a\u81f3System>\u00a0Trust> \u3002Authorities<\/li>\n
- \u5355\u51fb\u4e0b\u8f7d\u56fe\u6807\u5bfc\u51fa CA \u8bc1\u4e66\u3002<\/li>\n<\/ol>\n
![\"\u5728](\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2022\/11\/42-75413c5b3be90d1d63b7e9d07fa973fa.png\" "\\"\u5728")
<\/a><\/p>\n- \n
- \u5c06 CA \u8bc1\u4e66\u590d\u5236\u5230\u5ba2\u6237\u7aef PC\uff0c\u672c\u793a\u4f8b\u4e3a Windows 10 PC\u3002<\/li>\n
- \u53ef\u4ee5\u4f7f\u7528 Windows 10 PC \u4e2d\u7684 MMC \u5de5\u5177\u5c06 CA \u8bc1\u4e66\u5bfc\u5165\u4e3a\u53d7\u4fe1\u4efb\u7684\u6839 CA \u8bc1\u4e66\u3002\u5728\u641c\u7d22\u680f\u4e2d\u952e\u5165mmc\u5e76\u6309 Enter \u952e\u8fd0\u884c Microsoft Management Control\u3002<\/li>\n
- \u5355\u51fbFile\u83dc\u5355\u94fe\u63a5\u5e76\u9009\u62e9Add\/Remove Snap-in\u3002<\/li>\n<\/ol>\n
- \u5bfc\u822a\u5230Service>Web Proxy >Access Log\uff0c\u5c06\u4f1a\u770b\u5230\u8bbf\u95ee\u88ab\u963b\u6b62\u7684\u4fe1\u606f\u3002<\/li>\n<\/ol>\n
- \u5bfc\u822a\u5230Service>Web Proxy >Access Log\uff0c\u5c06\u4f1a\u770b\u5230\u8bbf\u95ee\u88ab\u963b\u6b62\u7684\u4fe1\u606f\u3002<\/li>\n<\/ol>\n
- \u5c1d\u8bd5\u901a\u8fc7\u6d4f\u89c8\u5668\u8fde\u63a5\u6253\u5f00http:\/\/wizhumpgyros.com\/\u3002\u7531\u4e8e\u8be5 URL \u5b58\u5728\u4e8e\u8fdc\u7a0b ACL \u6dfb\u52a0\u5230\u4ee3\u7406\u670d\u52a1\u5668\u7684StevenBlack \u5217\u8868\u4e2d\uff0c\u56e0\u6b64\u4f1a\u88ab\u963b\u6b62\u3002<\/li>\n<\/ol>\n
- \u5728\u5ba2\u6237\u7684 PC \u4e0a\u6253\u5f00\u6d4f\u89c8\u5668\u3002\u5982\u679c\u5728\u4ee3\u7406\u8bbe\u7f6e\u4e2d\u542f\u7528\u4e86\u8eab\u4efd\u9a8c\u8bc1\uff0c\u8fd9\u5c06\u5f39\u51fa\u4e00\u4e2a\u7c7b\u4f3c\u4e8e\u56fe 27 \u7684\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u8bdd\u6846\u3002<\/li>\n<\/ol>\n
- \u53f3\u952e\u5355\u51fb Windows 10 PC \u4efb\u52a1\u680f\u4e0a\u7684\u7f51\u7edc\u56fe\u6807\uff0c\u6253\u5f00\u7f51\u7edc\u548c Internet \u8bbe\u7f6e\u3002\u6216\u6253\u5f00chrome\u6d4f\u89c8\u5668\uff0c\u627e\u5230Settings>\u00a0Advanced>\u00a0System>\u00a0Open your computer’s proxy settings\u9009\u9879\u3002<\/li>\n<\/ol>\n
- \u5355\u51fbcustom_template.zip\u6587\u4ef6\u5939\u56fe\u6807\u4ee5\u9009\u62e9\u65b0\u521b\u5efa\u7684 zip\u3002<\/li>\n<\/ol>\n
- \u6839\u636e\u9700\u8981\u66f4\u6539\u76f8\u5173\u6587\u4ef6\u538b\u7f29\u3002<\/li>\n<\/ol>\n
- WPAD \/ PAC\uff1a\u00a0OPNsense \u901a\u8fc7 WPAD \/ PAC \u63d0\u4f9b\u81ea\u52a8\u4ee3\u7406\u914d\u7f6e\uff0c\u7528\u4e8e\u65e0\u6cd5\u4f7f\u7528\u900f\u660e\u6a21\u5f0f\u7684\u60c5\u51b5\u3002<\/li>\n<\/ol>\n
- \u6d41\u91cf\u7ba1\u7406\uff1a\u4ee3\u7406\u53ef\u4ee5\u4e0e\u6d41\u91cf\u6574\u5f62\u5668\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u5145\u5206\u5229\u7528\u5176\u6574\u5f62\u529f\u80fd\u3002\u5b83\u8fd8\u63d0\u4f9b\u4ee5\u4e0b\u9009\u9879\uff1a<\/li>\n<\/ol>\n
- Web \u8fc7\u6ee4\u5668\uff1a\u00a0OPNsense \u5305\u62ec\u57fa\u4e8e\u7c7b\u522b\u7684 Web \u8fc7\u6ee4\u652f\u6301\uff0c\u5177\u6709\u4ee5\u4e0b\u529f\u80fd\uff1a<\/li>\n<\/ol>\n
- \u900f\u660e\u6a21\u5f0f\uff1a\u900f\u660e\u6a21\u5f0f\u5141\u8bb8\u5c06\u6240\u6709\u8bf7\u6c42\u8def\u7531\u5230\u4ee3\u7406\uff0c\u800c\u4e0d\u9700\u8981\u5728\u5ba2\u6237\u7aef\u8fdb\u884c\u4efb\u4f55\u914d\u7f6e\u3002\u900f\u660e\u6a21\u5f0f\u9002\u7528\u4e8e\u4e0d\u5b89\u5168\u7684 HTTP \u6d41\u91cf\u3002\u4f46\u662f\u5bf9\u4e8e\u5b89\u5168 (SSL) HTTPS \u8fde\u63a5\uff0c\u4ee3\u7406\u6210\u4e3a\u4e2d\u95f4\u4eba\uff0c\u56e0\u4e3a\u5ba2\u6237\u7aef\u4e0e\u4ee3\u7406\u201c\u5bf9\u8bdd\u201d\uff0c\u5e76\u4e14\u4ee3\u7406\u4f7f\u7528\u5ba2\u6237\u7aef\u5fc5\u987b\u4fe1\u4efb\u7684\u4e3b\u5bc6\u94a5\u52a0\u5bc6\u7f51\u7edc\u6570\u636e\u5305\u3002<\/li>\n<\/ol>\n
- \u8bbf\u95ee\u63a7\u5236\uff1a\u5b83\u901a\u8fc7\u4f7f\u7528\u4ee5\u4e0b\u6807\u51c6\u652f\u6301\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff1a<\/li>\n<\/ol>\n
- \u8ba4\u8bc1\uff1a\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u5c06\u4ee3\u7406\u8bbe\u7f6e\u4e3a\u900f\u660e\u4ee3\u7406\uff1a<\/li>\n<\/ol>\n