HOW TO BLOCK HTTPS sites
-
Two options,
Option 1
Download squid and squidguard and use Transparent Proxy with SSL man in the middle Filtering.Option 2
Download squid and squidguard and Setup a wpad. -
Option 3: Do not be evil and stop breaking security for users.
https://forum.pfsense.org/index.php?topic=93188.0
-
so you want to block users going to https? But allow http? That would break a lot of the internet for your users for sure.
But you don't need a proxy to block that - just block outbound tcp 443..
-
Sorry, do you want to block or filter https sites?
-
sorry guys… i want to filter https
-
Ok, so going back to post 2 you have two options.
Transparent Proxy or wpad.
Which would you prefer?
-
how to use wpad
-
The wiki
https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_SquidMy process of setting it up
https://forum.pfsense.org/index.php?topic=93060.0 -
The wiki
https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_SquidMy process of setting it up
https://forum.pfsense.org/index.php?topic=93060.0thank you aGeekHere i'll try it and informed it work or not
-
Use WPAD
This is a short-cut. ;)
You have to notice that WPAD has no impact on HTTPS filtering.What makes difference here is use of explicit proxy instead of transparent proxy.
Purpose, with WPAD, is to ease proxy discovery (WPAD stands for Web Proxy Auto Discovery) in order to use explicit proxy because manual configuration can be painful in case you have a lot of clients (or in case your proxy moves or… whatever that would require to change such setting).
For reasonably small group of clients, configuring manually proxy at browser level can be the easiest solution.
