Skip to content

Ubiquiti UniFi USG Content Filter Configuration

Recently I had a requirement to setup a content filter on the USG for a client. I couldn’t find much information online so have decided to write this article to show others how to do this

First we need to logon to the USG via SSH, On windows i recommend Putty

Once we have logged in, run the below command:

update webproxy blacklists

This will download all of the content filter categories to the USG, this can take some time as there is aprox 100MB (70-80MB is “adult”)

When this is completed run the following:

configure
set service webproxy url-filtering squidguard block-category <insert caregory>

This will set the categories that you wish to block, repeating the command will add more categories. pressing ? will display a list of all available categories

We now need to set the web proxy listener address for the network we wish to filter:

set service webproxy listen-address <-usg-lan-ip->

You are also able to set a redirect URL:

set service webproxy url-filtering squidguard redirect-url <url>

The redirect url is google.com by default, however you could create a custom “Blocked Website” page to make users aware.

Now we need to commit these changes to the USG:

commit

The below example shows how we set this up on the network 10.10.10.1/24

configure
set service webproxy url-filtering squidguard block-category adult
set service webproxy listen-address 10.10.10.1
set service webproxy url-filtering squidguard redirect-url spottedhyena.co.uk
commit

To make this a permenant change you can create a configuration file on the controller, run the command:

mca-ctrl -t dump-cfg

Find the “service” section and delete all content other than the webproxy, it should looks similar to below:

 "service": {
        "webproxy": {
                "cache-size": "0",
                "default-port": "3128",
                "listen-address": {
                        "10.10.10.1": "''"
                },
                "mem-cache-size": "5",
                "url-filtering": {
                        "squidguard": {
                                "block-category": [
                                        "adult"
                                ],
                                "default-action": "allow",
                                "redirect-url": "http://spottedhyena.co.uk"
                        }
                }
        }
}

Save this information into a file on your controller

  • File Location: /opt/UniFi/data/sites/[site name/default]/
  • File Name: config.gateway.json

once you have done this whenever you make any changes to your USG the Content Filtering will be re-applied.

Hopefully this article has assisted you with your configuration. Any questions please let me know.

Published inUbiquiti

2 Comments

  1. Nicolas Nicolas

    Hi marksie,

    Thanks for this great article, is there a way to keep the url list up to date without regularly doing “update webproxy blacklists” on the command line ?

    Best regards.

    • marksie1988 marksie1988

      Hey, this isn’t something I ave done, however you should be able to schedule a script that will run the command on a schedule.

Leave a Reply

Your email address will not be published. Required fields are marked *