Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard url_rewrite issue with Squid 3.5

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 6 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moley2016
      last edited by

      Hi all,

      I've installed pfSense 2.2.6 64bit and have been using it as a web filter with Squid and SquidGuard.  Everything was working fine except the rewritten cert on HTTPS connections was being picked up by Firefox and Chrome as a weak certificate (SHA1).

      I updated squid using this guide https://forum.pfsense.org/index.php?topic=99141.0 which has upgraded squid to 3.5.3.  Now squidguard is working on HTTP but not HTTPS.

      I'm thinking the url_rewrite is the problem.  When i go to an https page i get a messsage that the cert if for the domain "http" and doesn't match the actual site (e.g. www.google.co.uk).  In IE i can bypass this and get the attached screen.

      I can't see anything in the logs that says much other than this in cache.log:

      2016/04/03 16:51:48 kid1| UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.212.106/192.168.212.106 - CONNECT'. Future Squid will treat this as part of the URL.

      Can anyone help/point me in the right direction?

      Thanks in advance
      Untitled.png
      Untitled.png_thumb

      1 Reply Last reply Reply Quote 0
      • H
        Hanswerner
        last edited by

        Hello,

        i found out, that you can stop service in webgui and start squidGuard in emergency mode from command line to see debug info

        command: squidGuard

        my problem isnt solved but maybe it helps

        1 Reply Last reply Reply Quote 0
        • N
          Naughty
          last edited by

          would you please tell me how you make pfsense work with squid+squidguard  as webfilter only ?
          i mean are you able to make them work in non-transparent mode and block both http and https ?

          1 Reply Last reply Reply Quote 0
          • H
            hbarnhart
            last edited by

            @moley2016:

            Hi all,

            I've installed pfSense 2.2.6 64bit and have been using it as a web filter with Squid and SquidGuard.  Everything was working fine except the rewritten cert on HTTPS connections was being picked up by Firefox and Chrome as a weak certificate (SHA1).

            I updated squid using this guide https://forum.pfsense.org/index.php?topic=99141.0 which has upgraded squid to 3.5.3.  Now squidguard is working on HTTP but not HTTPS.

            I'm thinking the url_rewrite is the problem.  When i go to an https page i get a messsage that the cert if for the domain "http" and doesn't match the actual site (e.g. www.google.co.uk).  In IE i can bypass this and get the attached screen.

            I can't see anything in the logs that says much other than this in cache.log:

            2016/04/03 16:51:48 kid1| UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.212.106/192.168.212.106 - CONNECT'. Future Squid will treat this as part of the URL.

            Can anyone help/point me in the right direction?

            Thanks in advance

            Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard, but Rewrite set to none? I had the same problem. There should be a safesearch option in the Rewrite drop down box. Select it, save and click the Apply button on the General Settings page. I believe that's what fixed my problem.

            1 Reply Last reply Reply Quote 0
            • M
              menezes
              last edited by

              I have same problem with pfsense 2.3

              I made the safesearch configuration but did not work

              Any other idea?

              1 Reply Last reply Reply Quote 0
              • A
                aGeekhere
                last edited by

                Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard

                that has not worked for quite a while,

                before 2.3 I used DNS Resolver and created a Host Overrides

                Host      Domain        IP
                www     google.com 216.239.38.120

                However this stoped working in 2.3

                Never Fear, A Geek is Here!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.