SquidGuard doesn't filter https request

trendchiller

you cannot tell ie or FF th use HHTP proxy for HTTPS traffic…
until now squid does not work as a HTTPS proxy, so it cannot filter any requests regarding HTTPS...
that's it... perhaps this will be possible at any time, but not now...

gpires

I am not running squid in transparent mode.

Squid isn't passing https request to squidguard to analyze.

He is passing only http and ftp.

then

ftp://playboy.com    is blocking

http://playboy.com  is blocking

HTTPS://playboy.com    IS NOT BLOCKING

When I use  - Proxy Server -> Access Control  – Blacklist  ---it works

[]s

trendchiller

but does squid block this when you add your URL to the access control blacklist ?

gpires

Yes!

Only this way.

I would like squid use the squidguard to filter  https too. And not only http and ftp.

Tks

trendchiller

ok, then it seems to be related to squidquard…

try to contac dvserg and tell him  :)

Guest

@trendchiller:

you cannot tell ie or FF th use HHTP proxy for HTTPS traffic…
until now squid does not work as a HTTPS proxy, so it cannot filter any requests regarding HTTPS...
that's it... perhaps this will be possible at any time, but not now...

This is incorrect.  Squid can proxy HTTPS connections, if you set proxy settings into your browser.  This is the recommended solution for this issue if you want to filter all http and https connections.

dvserg

@gpires:

I am not running squid in transparent mode.

Squid isn't passing https request to squidguard to analyze.

He is passing only http and ftp.
then
ftp://playboy.com     is blocking
http://playboy.com   is blocking
HTTPS://playboy.com     IS NOT BLOCKING
When I use  - Proxy Server -> Access Control  – Blacklist  ---it works

Possible view you settings? How you blocking?

roy2098

@submicron:

@trendchiller:

you cannot tell ie or FF th use HHTP proxy for HTTPS traffic…
until now squid does not work as a HTTPS proxy, so it cannot filter any requests regarding HTTPS...
that's it... perhaps this will be possible at any time, but not now...

This is incorrect.  Squid can proxy HTTPS connections, if you set proxy settings into your browser.  This is the recommended solution for this issue if you want to filter all http and https connections.

I just replaced an ipcop box with pfSense and also need to proxy https. On the ipcop box (with the advanced url filter add-on), we ran Squid non-transparently, and manually set all the browsers. Then we had to write a rule to force all port 443 traffic to the proxy. Not elegant, but it worked. Now, Squid is running in non-transparent mode on my pfSense box, but it seems SquidGuard when enabled, puts squid into a transparent mode. Then all my browser clients, which have already been manually set to look for the proxy become inoperable and cannot browse anywhere. Can you help? Thanks much in advance!

dvserg

but it seems SquidGuard when enabled, puts squid into a transparent mode. Then all my browser clients, which have already been manually set to look for the proxy become inoperable and cannot browse anywhere. Can you help? Thanks much in advance!

SquidGuard can't modify squid mode (transparent - not transparent or other..), this is only URL analyser(filter) and no more. If you have problem with access to sites with enable squidGuard - this is filter settings question. Pls put here you problem with more detailed information.

gpires

Possible view you settings? How you blocking?

Can I  show you?

I have been worked for 8 years with linux/squid, but pfsense is my first time.

tks

dvserg

@gpires:

Possible view you settings? How you blocking?
Can I  show you?
I have been worked for 8 years with linux/squid, but pfsense is my first time.
tks

Look here pls
http://diskatel.narod.ru/sgquick.htm