• Https blocking

    2
    0 Votes
    2 Posts
    753 Views
    S

    Hello,

    It is not clear what you mean when you say "block in https". There are several possibilities:

    terminate HTTPS connections so that browser warns the user "cannot establish connection" - yes it is possible allow HTTPS connection and show the 'this site is blocked' message to the user - you would need the SSL man in the middle allow HTTPS connections, decrypt it and block within site contents if something inappropriate found - you would need the SSL man in the middle and ICAP server like http://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html

    Best regards,
    Sich

  • Certificate errors with SSL Filtering using SquidGuard

    4
    0 Votes
    4 Posts
    2k Views
    M

    Solved this problem a few minutes ago for my installation.
    In my setup i have Pfsense 2.3.2, squid and squidguard.

    The problem i've dealth with, was the certification error "http". After clicking everything possible in squid configuration i've found out it was the squidguard common ACL "blk_BL_adv"
    I imagine that many users use the shallalist blacklist, at the very moment i disabled that rule everything in the Man in The Middle worked like charm.

    I'm not a programmer nor a squid expert, if anyone in this forum can contact the squidguard developers maybe they will find out if i was lucky or if there's a problem with squidguard, shallalist and ssl filtering

    Sorry for my poor english.
    Bye

  • HTTP pages won't load

    1
    0 Votes
    1 Posts
    664 Views
    No one has replied
  • Some images not loading

    3
    0 Votes
    3 Posts
    1k Views
    M

    I only block porn.

  • Squid + SSL filtering iOS Linux

    2
    0 Votes
    2 Posts
    2k Views
    R

    Another post relevant question.
    Is there a way to white list a domain? Perhaps this will circumvent the above issue.
    I tried : Services -> SquidProxy ->  ACL -> Whitelist: *facebook.com but that does nothing. perhaps the syntax is wrong or this is not what it's for?

    Thanks,

  • Enabling man in the middle ssl

    5
    0 Votes
    5 Posts
    2k Views
    R

    The .crt I was referring to WAS exported from pfSense self-signed CA i created exactly for use with squid SSL.
    Isn't custom website the only way to have client easily interact with that certificate (install it). I mean that involves making said website available, which I am not sure exactly easier. Please correct me if I am wrong.

  • HaProxy will not connect to new server

    3
    0 Votes
    3 Posts
    855 Views
    C

    thanks, the troubleshoot web page helped

    Found issue and corrected.

    CJB

  • Access to HAPROXY Backend with and without OpenVPN

    3
    0 Votes
    3 Posts
    2k Views
    S

    Unchecking the 'transparent client ip' feature solved my problem.

    Thank you very much,

    Regards,
    Joe

  • Squid HTTPS, iphone certificate

    5
    0 Votes
    5 Posts
    2k Views
    R

    thanks, good point.
    Ill experiment more with this.

  • SQUID - The requested URL CAN NOT recovered

    3
    0 Votes
    3 Posts
    1k Views
    jimpJ

    http://downforeveryoneorjustme.com/www.eletrobraspiaui.com

    It's actually down, or appears to be down.

  • HAProxy redirect custom http port to standard http port.

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Digest_auth and manual config

    2
    0 Votes
    2 Posts
    618 Views
    KOMK

    No idea

    The squid config General page has an Advanced Options button that you can use to expand the section that allows you to enter custom parameters.

    If the squid package isn't to your liking then I don't know why you don't just spin up a Linux box, compile squid with whatever options you need and then just use that.

  • Squid blocking app's web socket to 127.0.0.1?

    11
    0 Votes
    11 Posts
    22k Views
    A

    @Nachtfalke:

    Status –> System Logs --> Settings
    Dsiable "Log packets matched from the default pass rules put in the ruleset"

    OR

    Create a specific Firewall rule with destination "127.0.0.1" , action=allow and port=any and source=any and siable logging.
    So traffic will match this specific rule and will be allowed but not logged.

    Well, your first suggestion stops all pass logging it seems. The second suggestion didn't work. I'm guessing since the traffic is on the lo0 interface?

  • Lag on Http/Https Sites every now and then?

    13
    0 Votes
    13 Posts
    2k Views
    K

    Thats true the WPAD ignores that IP goes though for a moment I thought it was WPAD now that I have been doing a deep analyze its not it. Not even sure what to do now…

  • Squid Authentication in Web Page (Not Captive Portal)

    2
    0 Votes
    2 Posts
    788 Views
    J

    I found how to fix Captive Portal, so now I may try to use CP for squid authentication.

    For anyone that read this thread, DHCP can be run on the Domain and CP will still work, it is not required to have DHCP in pfsense.

  • How to block browsers to bypass proxy?

    19
    0 Votes
    19 Posts
    8k Views
    J

    @jetberrocal:

    @jetberrocal:

    @chris4916:

    2 - As I previously wrote, configure captive portal (without authentication) and display page explaining that proxy needs to be manually configured. This page will not be reached but in any case, for devices not WPAD aware, this may help

    This is an idea that I could try.  I will write down the outcome after trying.

    OK.  It worked nicely.  I did not use the default CP page as it includes authentication fields, I loaded a ngnix sample test page and it work as expected

    Thank you for the idea. 
    I was trying CP with authentication before and it did not work. (But that is another thread)

    Just one more question.  With this I do not need the block rules anymore?

    I answer my self the block rule question.  I removed them to test and it work without them.

  • 0 Votes
    1 Posts
    1k Views
    No one has replied
  • Squid Explicit Mode Cannot Logged HTTPS Domain With Chrome and Firefox

    3
    0 Votes
    3 Posts
    832 Views
    J

    Thank you for your reply

    I tried two methods which are manually configuration and WPAD but neither chrome nor firefox don't works as expected although i was sure that chrome or firefox used proxy configuration. I captured traffic and could see the CONNECT www.facebook.com but squid didn't logged domain in log file.

    Strange thing which i don't understand is if i close chrome or firefox, it works as expected.

    Best regards

  • Transparent Proxy with digital signed certificate

    2
    0 Votes
    2 Posts
    882 Views
    N

    Dear All,

    Please help on above.

    Regards,

  • HAProxy with SNI+HTTPS offloading gives permission denied for socket.

    3
    0 Votes
    3 Posts
    1k Views
    R

    Yes, that gets the socket file created with the correct ownership and everything seems to be working perfectly for me now.

    Thank you for the help PiBa.  You're awesome!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.