PfSense randomly blocking web sites

TomS

Hi there,

I'm using a pfSense firewall together with approx. 50 WiFi access points to provide internet connectivity for my customers. In order to be able to block sites (e. g. if legally forced), I also installed the squid plugin and the squidGuard plugin. I've set the local cache size to 0 MB and the cache system to "null", so I guess that the proxy is not doing any caching. In squidGuard, I created a "Target Category" named blocks, where I can enter all the sites which have to be blocked. Currently, this list is empty.

I'm also using a Captive Portal for the users to acknowledge the usage terms. I've configured Squid that all Captive Portal users can use the proxy server.

Now, everything seems to run pretty fine. The proxy is logging all the requests and the users can open web sites. - At least some web sites. There are some web sites which cannot be opened anymore. For example, when opening the page https://www.google.com/, the browser does not show the Google web site. Strangely many other Google services (like maps or youtube) cannot be opened, either. When checking the logs, there is no log entry and no information that a site would have been blocked. As soon as I disable Squid, all the sites are working fine again.

I'm quite sure that I'm missing some very easy point, but I've spent many hours searching for the cause of this weird behaviour and did not find anything.

Maybe one of you guys could help here…

I'm using pfSense Version: 2.3.3-RELEASE I have the following packages installed: ntopng Version 0.8.6_1 squid Version 0.4.36_3 squidGuard Version 1.16.2

Best, Tom

pfsensation

@TomS:

Hi there,

I'm using a pfSense firewall together with approx. 50 WiFi access points to provide internet connectivity for my customers. In order to be able to block sites (e. g. if legally forced), I also installed the squid plugin and the squidGuard plugin. I've set the local cache size to 0 MB and the cache system to "null", so I guess that the proxy is not doing any caching. In squidGuard, I created a "Target Category" named blocks, where I can enter all the sites which have to be blocked. Currently, this list is empty.

I'm also using a Captive Portal for the users to acknowledge the usage terms. I've configured Squid that all Captive Portal users can use the proxy server.

Now, everything seems to run pretty fine. The proxy is logging all the requests and the users can open web sites. - At least some web sites. There are some web sites which cannot be opened anymore. For example, when opening the page https://www.google.com/, the browser does not show the Google web site. Strangely many other Google services (like maps or youtube) cannot be opened, either. When checking the logs, there is no log entry and no information that a site would have been blocked. As soon as I disable Squid, all the sites are working fine again.

I'm quite sure that I'm missing some very easy point, but I've spent many hours searching for the cause of this weird behaviour and did not find anything.

Maybe one of you guys could help here…

I'm using pfSense Version: 2.3.3-RELEASE I have the following packages installed: ntopng Version 0.8.6_1 squid Version 0.4.36_3 squidGuard Version 1.16.2

Best, Tom

Have you got Squid set to splice all? You aren't trying to intercept https traffic right? Check if you have that checkbox ticked in the squid settings.

TomS

Yes, I've set to splice all.
Many other HTTPS sites are working fine.

he-jimenez

Hey Toms

I'm fighting witht the same issue. Wondering know if you fixed this. My workaround was to close the web browser (firefox) and also clean the cache data on that one.

Any suggestion?

Really appreciate it

genesislubrigas

All i can say, most possibly its your configuration.