SquidGuard redirect page and https traffic

bjm3805 · Jun 25, 2014, 2:56 AM

Couple of questions:

I have a redirect info to an internal URL, but the images and background are not being downloaded. The page is coming in lacking images. Any ideas on what I need to do to ensure the images are downloaded? Same thing happens with external pages as well.
I have set the default access to blocked and have only enabled a few pages, thus locking down everything. However, https traffic is being blocked, but not redirecting to the redirect page I have defined. What am I missing with this?

Thanks!

KOM · Jun 25, 2014, 2:10 PM

1. Can you view the error web page normally via its URL? Is your redirect the general one or linked to a Target category or Group ACL?

2. How are you doing this, similar to #1 above? Maybe some screens of your config would help. Do you have logging enabled under General - Logging options?

bjm3805 · Jun 25, 2014, 3:09 PM

1. Yes, I can view it normally. The redirect is the general one (see screenshots)

See attached screenshots

Thanks!

KOM · Jun 25, 2014, 6:36 PM

1. A quick forum & Google search shows that others have had this same issue before, and nobody has managed to pin it down. I just created a simple err.html page on my pfsense box and threw an image in the mix. Then I set my redirect mode to point to ext url redirect but I did it on the Target category for the thing I was blocking instead of making it common. It worked fine for me. Add me to the list of people who don't know why it works for some and not others. Have you tried playing with the various redirect modes?

2. How are you doing your https blocking?

bjm3805 · Jun 25, 2014, 8:07 PM

I will try moving and playing around with the redirect page.

I don't think I am handling https blocking. I assumed that blocking default would also block https traffic. Is that configured somewhere else?

Thanks for your help!

KOM · Jun 25, 2014, 8:27 PM

From what I understand, HTTPS filtering is tricky because the proxy only sees the IP addresses at the two ends of the tunnel and not the actual URL. For SquidGuard to see the content of the traffic, it would have to have a trusted cert installed on the user's PC, and this would make pfSense the "man" in what's essentially a Man-in-the-Middle attack. Modern browsers can detect this to a degree and may warn the user.

You can block all of HTTPS through the firewall of course, but if you need to selectively block some HTTPS sites and not others, you will have to use IP addresses.

I've seen some stuff on the latest releases of Squid/SquidGuard that supposedly support filtering HTTPS, but I haven't tried it or really paid it much attention as I use Squid2.