Ssl filtering seems impossible

nvdstruis

Btw, I have also tested with Avast scanner turned off. That doesn't seem to be the culprit.

KOM

Transparent mode is a pain in the ass.  Explicit mode is best, and you don't need to screw around with certificates at all.  I suspect your config is a borked mishmash of transparent and explicit settings. For example, in explicit mode, you do not need to worry about SSL MitM Filtering, so uncheck all of that stuff.  From there, either set your proxy in your OS manually or configure WPAD for auto-discover of the proxy.

nvdstruis

@KOM:

Transparent mode is a pain in the ass.  Explicit mode is best, and you don't need to screw around with certificates at all.  I suspect your config is a borked mishmash of transparent and explicit settings. For example, in explicit mode, you do not need to worry about SSL MitM Filtering, so uncheck all of that stuff.  From there, either set your proxy in your OS manually or configure WPAD for auto-discover of the proxy.

Hi KOM,

Thx for your answer.
The checkbox at "Transparent HTTP Proxy" is unchecked, "Enable SSL filtering" is checked, and I set the proxy explicitly in Firefox.
Is that what you mean with "explicit"? What could possibly be wrong otherwise?

Thx

KOM

Uncheck Enable SSL filtering as well.  Explicit means your PC is either told where the proxy is, or it can find it itself.  With transparent mode, your PC is never ever aware that it's being proxied.

nvdstruis

Well, for some reason it still doesn´t work.
I expect to be able to block e.g. https://www.google.com. As this URL is in the target rules of [blk_BL_searchengines], which is set to DENY, that should work, right?
I unchecked "Enable SSL filtering" and rebooted pfsense. I configured Firefox to use the same proxy on port 3128 for all protocols. I verified that some pages with ads have their ads now blocked, so the proxy IS working for http. Now firefox states "Unable to connect"…. when searching on https://www.google.com  >:(

nvdstruis

@KOM:

Uncheck Enable SSL filtering as well.  Explicit means your PC is either told where the proxy is, or it can find it itself.  With transparent mode, your PC is never ever aware that it's being proxied.

Right… now my PC knows where the proxy is(I told it). But because SSL filtering is turned off, it doesn't accept ssl connections...

KOM

It's working.  That's what you get with a blocked HTTPS connection.  Can I assume other HTTPS sites work just fine?

nvdstruis

You're kidding me…  ;)

nvdstruis

No it doesn't, and I have no clue

nvdstruis

Not sure, need more testing. Give me 5 minutes

nvdstruis

OMG, it IS working …
Sorry I was rude.
Still need to let this sink in.

Thanks again

KOM

No problem.  Services - Squidguard also has a Log tab where you can see it blocking stuff.

sichent

You seem to be using Firefox to test HTTPS filtering; please not FF does not use the system certificate storage as you indicated in your screenshot - you need to add trusted root certificate to FF own storage. See https://docs.diladele.com/administrator_guide_4_8/https_filtering/install_certificates/win_ff.html