Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    The following error was encountered while trying to retrieve https://http/*

    Scheduled Pinned Locked Moved Cache/Proxy
    20 Posts 16 Posters 17.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coffeelover
      last edited by

      You have to append

      url_rewrite_access deny CONNECT
      url_rewrite_access allow all

      to your squid custom options to make the redirect page work in SSL MITM mode.

      S 1 Reply Last reply Reply Quote 1
      • S
        sonerzin @coffeelover
        last edited by

        @coffeelover said in The following error was encountered while trying to retrieve https://http/*:

        You have to append

        url_rewrite_access deny CONNECT
        url_rewrite_access allow all

        to your squid custom options to make the redirect page work in SSL MITM mode.

        Where exactly do you put those options? Custom Options (Before Auth) / Custom Options (After Auth) / Custom Options (SSL/MITM)?

        SSL/MITM Mode: Splice All, Splice Whitelist, bump otherwise or Custom?

        Thanks!

        1 Reply Last reply Reply Quote 1
        • C
          coffeelover
          last edited by

          I put these in "Custom options (before auth)"

          And for complete filtering (URLs instead of domains) of SSL-Traffic via squidguard you have to set the mode to "Splice whitelist, bump otherwise".

          Splice: Do not break the SSL Connection
          Bump: Break the SSL Connection (Proxy CA on Clients needed)

          M 1 Reply Last reply Reply Quote 2
          • D
            Dacosta
            last edited by

            Hi Coffee Lover,

            I got this error after I added as your suggest:

            Fastly error: unknown domain: yahoo.com. Please check that this domain has been added to a service.

            Details: cache-sin18030-SIN

            Please help.

            1 Reply Last reply Reply Quote 0
            • M
              Michele Trotta @coffeelover
              last edited by

              @coffeelover Thanks I have solved it

              1 Reply Last reply Reply Quote 0
              • J
                jpattard
                last edited by

                I cannot make this work with the latest version of PF sense. Anything else i should check?

                1 Reply Last reply Reply Quote 1
                • R
                  robirf
                  last edited by

                  I have the same problem, when I´m not using ssl interceptation the page showed is on picture bellow.
                  e16eb2c1-5485-478f-8bbd-2e9a85d24e2f-image.png

                  But when I actived ssl interception the page showed is bellow.
                  So I´ve tried to put these lines that you mentioned before , but for me not solved.

                  36df853f-5550-45a6-9508-c2254c9d519f-image.png

                  N 1 Reply Last reply Reply Quote 1
                  • N
                    nilux17 @robirf
                    last edited by

                    same issue

                    1 Reply Last reply Reply Quote 0
                    • A
                      aGeekhere
                      last edited by aGeekhere

                      Try
                      https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

                      WPAD as your main setup
                      and transparent proxy to catch the rest.

                      Never Fear, A Geek is Here!

                      N 1 Reply Last reply Reply Quote 0
                      • N
                        nilux17 @aGeekhere
                        last edited by nilux17

                        Thx,
                        actually, i've already setup a wpad but i put a "return direct"
                        changing for a "return proxy ..." seems to do the trick

                        I don't investigate "more than that" but a windows 10 laptop, even with a proxy configuration try to connect on 443 for a lot of things.
                        Android apps too...

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          aGeekhere @nilux17
                          last edited by

                          @nilux17 In Internet properties lan settings
                          Is Automatically detect settings checked?

                          Sounds like you are going through the transparent proxy rather than the WPAD

                          Never Fear, A Geek is Here!

                          N 1 Reply Last reply Reply Quote 0
                          • N
                            nilux17 @aGeekhere
                            last edited by

                            @ageekhere
                            Yeap, of course !

                            1 Reply Last reply Reply Quote 0
                            • JonathanLeeJ JonathanLee referenced this topic on
                            • JonathanLeeJ JonathanLee referenced this topic on
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.