Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerng-devel Certificate Error

    Scheduled Pinned Locked Moved pfBlockerNG
    2 Posts 2 Posters 840 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Scop
      last edited by Scop

      Hello,

      I am new here and I will try my best to explain correctly my problem, sorry for my english in advance.

      I am using pfBlockerNG-devel 3.1.0 on pfSense, I would like to block some websites which are in my blacklist by showing a message like "yahoo is blocked", It works perfectly with HTTP but not with HTTPS (ERR_SSL_PROTOCOL_ERROR)

      I would like to know if it is possible to redirect to another website like google (if the link is in HTTPS) or just show a message that he can't access to this web site instead of certificate error like in HTTP ?

      This is what I want to show if the website is in the blacklist if the user try to access in HTTPS :
      45c88a5e-39ef-4331-b84e-519ec3403dc8-image.png

      I already try to search everywhere but I didn't find a solution to my problem,

      It's really important for me.

      Thank you for your help,

      D 1 Reply Last reply Reply Quote 0
      • D
        dma_pf @Scop
        last edited by

        @scop said in pfBlockerng-devel Certificate Error:

        I would like to know if it is possible to redirect to another website like google (if the link is in HTTPS) or just show a message that he can't access to this web site instead of certificate error like in HTTP ?

        There is not a way to do this. When a browser goes to an encrypted HTTPS site the first thing the browser is doing is verifying that the response is coming back from the server it intended to communicate with. It does this by verifying the security certificate of the server it communicates with. If the certificate matches the server it loads the page, if not, it will not load the page and will display the HTTPS (ERR_SSL_PROTOCOL_ERROR).

        Because of that, if pfblocker attempts to serve up a an error page (classic MITM) the browser will not be able to verify the the page from pfblocker matches the security certificate of the intended server and the browser will block it.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.