Squid makes false certificates on some pages

Rau

Hello everybody,
I use Pfsense 2.3.2-p1 with Squid 0.4.23_1. I have activated SSL filtering, because I want to prevent downloads and lock web sites.

Now to my Problem
In most cases everything runs as it should I get on HTTPS pages valid certificates from PFSENSECA-> website. In some cases, however, the whole thing does not work, because instead of PFSENSECA-> website is an IP ADDRESS issued with an expired date. As an example I took https://emby.media

See pictures
Without Squid

With Squid

I think it is a setting problem of my side, but could not yet determine which is.

Hope you can help me.

Thanks and regards

Rau

I have just found out if I disable transparent-proxy and make the proxy settings manually, it runs perfectly.
But this is not a good solution for me

KOM

Using squid in explicit mode along with WPAD is almost as seamless as transparent mode.

Rau

Thanks for the answer.
I have now switched to WPAD and switched off the SSL Filtering. Works so far quite well, but I get on locked websites now an HTTP 404 instead of my Costum Page. Can do something about it?

Thanks and regards

Rau

I just noticed that I can not block downloads in this configuration. Is that right?

KOM

but I get on locked websites now an HTTP 404 instead of my Costum Page. Can do something about it?

I don't understand what you mean here.

I just noticed that I can not block downloads in this configuration. Is that right?

You can with squidguard.  squid by itself is just a cache.

Rau

Hi,
I used Squidguard, I have a rule under Target Categories with the content "(.\ /..(Exe|msi)) under Regular Expression. If I have enabled SSL filtering, downloads are blocked, now with WPAD I disable the SSL filtering and the rule does not work anymore.

In Squidguard, I have the redirect mode "ext url err page (enter URl )" Redirect Info "http://domain/blocked.php?Clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u" The clients get then displayed a Custom Error Page.
If SSL filtering is deactivated, it only shows "Make sure the web address … is correct"

Regards

KOM

Ah OK.  This is normal behaviour with HTTPS, squidguard and explicit proxy I believe.

Rau

Is there a way to change that? Or is there a way to get the transparency mode running properly?

Regards

KOM

I don't know for sure, but I do know that transparent mode is more trouble than its worth.