@reeko said in SSL Intercept: Blocking things with DNS is not efficient at all I have no idea why you would think that.. Its pretty simple to grab lists or create lists of blocked stuff. But here you go if your wanting to try it. https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit Intercept HTTPS CONNECT messages with SSL-Bump Clients do not send connect messages when in "transparent' mode of interception of the traffic.. You could try this https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense Good luck.. Maybe someone else will chime that does this.. Its not a common practice for sure. I haven't actually used proxy to try and do such filtering in many years. Not a fan of any sort of messing with any ssl traffic. If was going to do it, would use explict pointing to the proxy and use sslbump.. You will have to trust your CA you create - there is no way to use a cert from 3rd party for such a thing because there is no way to create certs on the fly for www.somedomain.tld from already trusted CA.. So devices that can not be set to trust your CA will not work..

@periko said in Unofficial E2guardian package for pfSense: Hello marcelloc or other e2guardian users, does e2guardian is already support for pfsense 2.5.2? Regards!!! I've been using it on 2.5.2 for months now, no issues.

please help me, thanks

UPDATE: This is a HA Proxy Dev problem it appears We had Dev on 2.4.5 prior to 21.0x When updating, HA Proxy dev went to a different version which is now not working with SSL backends. From what research we have seen and tried, it is a SSL handshake problem. We tried, reduced SSL settings, real trusted certs...and so on. The only fix was to uninstall HA Dev and install the normal HA Proxy Package Same config, works fine. (old 2.4.5 HA Dev is Current 21.05.1 Prod HA Proxy...or close) Not sure what changed in the versions to break our setup. Any insight would be appreciated if you have seen this behavior

the error is 503

@blasta Just want to say thank you!

@hadiaghajani Hello, I'm trying to do the same thing ... without success. But i'm not able like you to filter by IP adresses. See my post with scheme : https://forum.netgate.com/topic/166308/squid-reverse-proxy-firewall-rules Regards,

@khalildg That's a lovely screenshot you've got there.

Hello, I did a sheme to see what rules i'm trying to do. [image: Ticket-PFsense.jpg]