PfBNG DNSBL + HTTPS

doktornotor · Nov 28, 2016, 1:09 PM

Recently, I'm seeing pretty much nothing logged any more when it comes to blocked HTTPS requests… Apparently, with newer browsers' versions, the lighttpd debug trick no longer works. So, here's a bunch of ideas:

the self-signed cert should definitely be SHA2, not SHA1
it'd probably help to let people select their own cert from those installed on pfSense

BBcan177 · Nov 29, 2016, 3:27 AM

The self-signed cert will never match the request Domain name anyways… Its only used to allow the browser to terminate the connection and lighttpd to try query the error.log for the https details if available...

Not sure what else can be done with the existing methodology... The best would be to add the Unbound python feature support and collect the details that way without requiring Lighttpd at all..

Which pfSense OS and Browser?

doktornotor · Nov 29, 2016, 3:59 AM

2.3.3 snapshots, browser being mostly Chrome. Why's unbound compiled without python, no idea.