The following error was encountered while trying to retrieve https://http/*

coffeelover · Jul 29, 2020, 1:11 PM

You have to append

url_rewrite_access deny CONNECT
url_rewrite_access allow all

to your squid custom options to make the redirect page work in SSL MITM mode.

sonerzin · Jul 30, 2020, 8:31 AM

@coffeelover said in The following error was encountered while trying to retrieve https://http/*:

You have to append

url_rewrite_access deny CONNECT
url_rewrite_access allow all

to your squid custom options to make the redirect page work in SSL MITM mode.

Where exactly do you put those options? Custom Options (Before Auth) / Custom Options (After Auth) / Custom Options (SSL/MITM)?

SSL/MITM Mode: Splice All, Splice Whitelist, bump otherwise or Custom?

Thanks!

coffeelover · Jul 30, 2020, 2:15 PM

I put these in "Custom options (before auth)"

And for complete filtering (URLs instead of domains) of SSL-Traffic via squidguard you have to set the mode to "Splice whitelist, bump otherwise".

Splice: Do not break the SSL Connection
Bump: Break the SSL Connection (Proxy CA on Clients needed)

Dacosta · Dec 2, 2020, 1:48 AM

Hi Coffee Lover,

I got this error after I added as your suggest:

Fastly error: unknown domain: yahoo.com. Please check that this domain has been added to a service.

Details: cache-sin18030-SIN

Please help.

Michele Trotta · Jul 22, 2021, 9:39 AM

@coffeelover Thanks I have solved it

jpattard · Aug 26, 2021, 6:30 AM

I cannot make this work with the latest version of PF sense. Anything else i should check?

robirf · Sep 4, 2021, 2:13 PM

I have the same problem, when I´m not using ssl interceptation the page showed is on picture bellow.
🔒 Log in to view

But when I actived ssl interception the page showed is bellow.
So I´ve tried to put these lines that you mentioned before , but for me not solved.

🔒 Log in to view

nilux17 · Sep 24, 2021, 11:32 AM

same issue

aGeekhere · Sep 25, 2021, 2:11 AM

Try
https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

WPAD as your main setup
and transparent proxy to catch the rest.

nilux17 · Sep 28, 2021, 8:16 AM

Thx,
actually, i've already setup a wpad but i put a "return direct"
changing for a "return proxy ..." seems to do the trick

I don't investigate "more than that" but a windows 10 laptop, even with a proxy configuration try to connect on 443 for a lot of things.
Android apps too...

aGeekhere · Sep 28, 2021, 8:28 AM

@nilux17 In Internet properties lan settings
Is Automatically detect settings checked?

Sounds like you are going through the transparent proxy rather than the WPAD

nilux17 · Sep 28, 2021, 10:22 AM

@ageekhere
Yeap, of course !