• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SquidGuard redirect page and https traffic

Scheduled Pinned Locked Moved pfSense Packages
6 Posts 2 Posters 3.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bjm3805
    last edited by Jun 25, 2014, 2:56 AM

    Couple of questions:

    1. I have a redirect info to an internal URL, but the images and background are not being downloaded. The page is coming in lacking images. Any ideas on what I need to do to ensure the images are downloaded? Same thing happens with external pages as well.

    2. I have set the default access to blocked and have only enabled a few pages, thus locking down everything. However, https traffic is being blocked, but not redirecting to the redirect page I have defined. What am I missing with this?

    Thanks!

    1 Reply Last reply Reply Quote 0
    • K
      KOM
      last edited by Jun 25, 2014, 2:10 PM

      1. Can you view the error web page normally via its URL?  Is your redirect the general one or linked to a Target category or Group ACL?

      2. How are you doing this, similar to #1 above?  Maybe some screens of your config would help.  Do you have logging enabled under General - Logging options?

      1 Reply Last reply Reply Quote 0
      • B
        bjm3805
        last edited by Jun 25, 2014, 3:09 PM

        1. Yes, I can view it normally. The redirect is the general one (see screenshots)

        1. See attached screenshots

        Thanks!

        CommonACL.jpg
        CommonACL.jpg_thumb
        GeneralSettings.jpg
        GeneralSettings.jpg_thumb
        TargetCategories.jpg
        TargetCategories.jpg_thumb
        TargetCategoryBTL.jpg
        TargetCategoryBTL.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • K
          KOM
          last edited by Jun 25, 2014, 6:36 PM

          1.  A quick forum & Google search shows that others have had this same issue before, and nobody has managed to pin it down.  I just created a simple err.html page on my pfsense box and threw an image in the mix.  Then I set my redirect mode to point to ext url redirect but I did it on the Target category for the thing I was blocking instead of making it common.  It worked fine for me.  Add me to the list of people who don't know why it works for some and not others.  Have you tried playing with the various redirect modes?

          2.  How are you doing your https blocking?

          1 Reply Last reply Reply Quote 0
          • B
            bjm3805
            last edited by Jun 25, 2014, 8:07 PM

            I will try moving and playing around with the redirect page.

            I don't think I am handling https blocking. I assumed that blocking default would also block https traffic. Is that configured somewhere else?

            Thanks for your help!

            1 Reply Last reply Reply Quote 0
            • K
              KOM
              last edited by Jun 25, 2014, 8:27 PM

              From what I understand, HTTPS filtering is tricky because the proxy only sees the IP addresses at the two ends of the tunnel and not the actual URL.  For SquidGuard to see the content of the traffic, it would have to have a trusted cert installed on the user's PC, and this would make pfSense the "man" in what's essentially a Man-in-the-Middle attack.  Modern browsers can detect this to a degree and may warn the user.

              You can block all of HTTPS through the firewall of course, but if you need to selectively block some HTTPS sites and not others, you will have to use IP addresses.

              I've seen some stuff on the latest releases of Squid/SquidGuard that supposedly support filtering HTTPS, but I haven't tried it or really paid it much attention as I use Squid2.

              1 Reply Last reply Reply Quote 0
              2 out of 6
              • First post
                2/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received