• Transparent HTTP Proxy + HTTPS/SSL Interception = No HTTPS traffic

    10
    0 Votes
    10 Posts
    5k Views
    W
    I do not know if I would downplay this package heh. Does anyone have anyidea why SSL_RECORD_TOO_LONG happens with blocked sites?
  • Squid and s3.amazonaws.com problem

    1
    0 Votes
    1 Posts
    772 Views
    No one has replied
  • 2.3.3 not filtering anymore

    1
    0 Votes
    1 Posts
    583 Views
    No one has replied
  • How to block domain but open same domain's URL?

    3
    0 Votes
    3 Posts
    724 Views
    J
    Hi! Thanks for your help. I think my settings can't see the full URL. because squidguard blacklist log just like this. "play.google.com:443 Request(PROXY_BASIC/none/-) - CONNECT REDIRECT" so how to set a method that can see the full URL? Thank you. Installed Version:pfSense(2.3.3-RELEASE-p1 (amd64) ) with Squid(0.4.36_2) and SquidGuard(1.16.1)
  • SSL Intercept and AWS gives "Access Denied" instead of remote site

    6
    0 Votes
    6 Posts
    3k Views
    K
    Trying to debug the thing, I decided to turn off the SSL Man In the Middle Filtering, just to see if I could get Squid and pfsense on AWS to act as a regular proxy and take it from there. Turns out that that one did not work either  :( I tried a normal, non-ssl, site and still get Access Denied. I wonder if there is something weird with AWS and their network that is acting up on me? On the Inbound rules I have: HTTP            TCP 80 0.0.0.0/0 Custom UDP Rule UDP 1194 0.0.0.0/0 SSH            TCP 22 0.0.0.0/0 Custom TCP Rule TCP 3128 - 3129 0.0.0.0/0 HTTPS          TCP 443 0.0.0.0/0 And on outbound, nothing
  • Squid routing ?

    2
    0 Votes
    2 Posts
    840 Views
    H
    Transparent squid will bind.to the default gateway, it does not follow policy routing
  • SquidGuard "Block Page" served via IP Address and HTTPS

    6
    0 Votes
    6 Posts
    5k Views
    R
    @aeleus: I have a similar issue. Everything was working as expected using HTTP. I recently switched the webConfigurator (System/Advanced/Admin Access) from HTTP to HTTPS. Now, that redirects everything to HTTPS - including SquidGuard redirects that are set to HTTP. From squidGuard.conf: default  { pass Internal Allowed !in-addr !Blocked none redirect 301:http://proxy.mydomain.net/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } That would be fine except that I have this in squidGuard.conf: dest blk_BL_adv { domainlist blk_BL_adv/domains urllist blk_BL_adv/urls redirect http://10.0.0.1:80/sgerror.php?url=blank_img&msg=&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u log block.log } That gives me certificate errors when it redirects to https://10.0.0.1/…. I don't know why that's the only entry - aside from the default and explicit ACL's that I set - that has a redirect. Any thoughts on how to change it? To get rid of the certificate errors for sgerror happens, you need to create a certificate for your server. Specify the alternative names for your server like FQDN and IP address of the server.
  • MITM stopped working.

    13
    0 Votes
    13 Posts
    2k Views
    P
    @doktornotor: There is no need for MITM nor for installing certificates on clients when you explicitly set the proxy on clients. Squid will use CONNECT for HTTPS on sslports ACL to connect to HTTPS websites. If you want MITM, make the proxy transparent and stop configuring it on clients. I want to be able to see HTTPS traffic for both inspection + caching. I've tried not configuring the proxy on clients and leaving on transparent mode. That's throwing errors too. Am I the only one having this issue?? I'm guessing the DNS alternative name isn't being mimicked by Squid properly. Since on Chrome mobile, that's an error it's saying "DNS alternative name invalid".
  • Haproxy - Reverse Proxy to subdomain.exemple.com

    13
    0 Votes
    13 Posts
    6k Views
    D
    At the risk of stating the obvious: exemple is NOT the same thing as example. You keep producing that typo over and over and over again. When you keep obfuscating your setup and producing collateral typos in the way, it's impossible for others to debug anyway. You've already been told how to debug in the post directly above.
  • Youtube cache not working after pfsense upgrade

    3
    0 Votes
    3 Posts
    2k Views
    W
    thank you!!
  • Squid.conf to multiple proxies

    6
    0 Votes
    6 Posts
    2k Views
    R
    Of course with your suggestion i am thinking in try the authenticator in my cenario. If works fine it´s the better option update the versions and use the sync.
  • SquidGuard stop working

    1
    0 Votes
    1 Posts
    464 Views
    No one has replied
  • HAProxy SSL Offloading to Foscam IP Cameras

    Locked
    2
    1 Votes
    2 Posts
    632 Views
    No one has replied
  • HAProxy DNS resolvers - IP address change on WAN

    1
    0 Votes
    1 Posts
    777 Views
    No one has replied
  • Squid Proxy Logs

    3
    0 Votes
    3 Posts
    1k Views
    S
    Appreciate the location. Are they viewed from a terminal command, or through the WebUI?
  • SquidGuard Group Acl not working

    12
    0 Votes
    12 Posts
    8k Views
    L
    @niko2: For those who have not reached to get it working : here is the trick (working on pfsense 2.3) : in general settings tab of squidguard, there is an "apply" button. it is mandatory to click after any changes, event on other tabs. ACL groups work for me ! hopes this help :) Work like a charm !!!
  • Squid cache redirector errors

    1
    0 Votes
    1 Posts
    442 Views
    No one has replied
  • 0 Votes
    8 Posts
    4k Views
    D
    You are welcome.
  • Squid User Access Report

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    D
    This is not the place to debug your browsers and extensions. Has absolutely nothing to do with Squid and/or pfSense.
  • Squid blocking file downloads

    1
    0 Votes
    1 Posts
    610 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.