Post

Ubiquiti UniFi USG Content Filter Configuration

1568728800
1665846838
6

Recently I had a requirement to setup a content filter on the USG for a client. I couldn’t find much information online so have decided to write this article to show others how to do this

First we need to logon to the USG via SSH, On windows I recommend Putty

Once we have logged in, run the below command:

1
update webproxy blacklists

This will download all of the content filter categories to the USG, this can take some time as there is approx. 100MB (70-80MB is “adult”)

When this is completed run the following:

1
2
configure
set service webproxy url-filtering squidguard block-category <insert caregory>

This will set the categories that you wish to block, repeating the command will add more categories. pressing ? will display a list of all available categories

We now need to set the web proxy listener address for the network we wish to filter:

1
set service webproxy listen-address <-usg-lan-ip->

You are also able to set a redirect URL:

1
set service webproxy url-filtering squidguard redirect-url <url>

The redirect URL is google.com by default, however you could create a custom “Blocked Website” page to make users aware.

Now we need to commit these changes to the USG:

1
commit

The below example shows how we set this up on the network 10.10.10.1/24

1
2
3
4
5
configure
set service webproxy url-filtering squidguard block-category adult
set service webproxy listen-address 10.10.10.1
set service webproxy url-filtering squidguard redirect-url spottedhyena.co.uk
commit

To make this a permanent change you can create a configuration file on the controller, run the command:

1
mca-ctrl -t dump-cfg

Find the service section and delete all content other than the web proxy, it should looks similar to below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
"service": {
        "webproxy": {
                "cache-size": "0",
                "default-port": "3128",
                "listen-address": {
                        "10.10.10.1": "''"
                },
                "mem-cache-size": "5",
                "url-filtering": {
                        "squidguard": {
                                "block-category": [
                                        "adult"
                                ],
                                "default-action": "allow",
                                "redirect-url": "http://spottedhyena.co.uk"
                        }
                }
        }
}

Save this information into a file on your controller

  • File Location: /opt/UniFi/data/sites/[site name/default]/
  • File Name: config.gateway.json

once you have done this whenever you make any changes to your USG the Content Filtering will be re-applied.

Hopefully this article has assisted you with your configuration. Any questions please let me know.

This post is licensed under CC BY 4.0 by the author.