Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid, blocking https except legitimate sites

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 4 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jigpe
      last edited by

      Hello Good afternoon All!

      How to block HTTPS sites and how to whitelist HTTPS legitimate sites?

      Another related question:

      How to block site like this (0.games32.domain.net)?  I tried adding on blacklist squid 0.games32.domain.net but still i can access the site.

      Tnx

      jigp
      1.2.2

      1 Reply Last reply Reply Quote 0
      • J
        jigpe
        last edited by

        Also not removing the 443 coz we have some legitimate sites…like gmail uses https....

        1 Reply Last reply Reply Quote 0
        • M
          mhab12
          last edited by

          Try adding 'domain.net' to the blacklist as this seems like some kind of server pool which likely employees load balancing across different servers each with a different name.

          1 Reply Last reply Reply Quote 0
          • J
            jigpe
            last edited by

            thanks mhabs but i can still access https://www.facebook.com..

            1 Reply Last reply Reply Quote 0
            • J
              jigpe
              last edited by

              Anyone?

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                You cannot transparently block HTTPS sites; Due to the security involved in HTTPS, this will never work properly.

                You would have to manually assign the proxy settings (Or use something like WPAD) in order to filter HTTPS. Once you have the proxy assigned to the client, you filter it just like HTTP traffic. SquidGuard is the easiest way.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • K
                  Koti
                  last edited by

                  Add facebook as regular expression or domain name in squid Access Control or SquidGuard Custom BlackList. http or https it will get blocked.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.