Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to redirect and serve http requests from local user with pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 711 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      ptg
      last edited by

      Hi,

      I would like to redirect and serve unencrypted http requests from local users (myself). For example, a request for yahoo.com/some_script.js should be redirected and the script served without contacting yahoo.com at all. This should work when I am offline as well.

      What I am looking for is a pointer in the right direction. I'm thinking that I need unbound or another DNS server to handle all traffic and redirect the requests that fit a regex pattern to a local webserver or proxy server. Looking at the DNS Resolver, there are Host Overrides and Domain Overrides, but I don't see how to redirect the request for a specific file.

      Then I suppose I need something like nginx or squid as a forward proxy (not a reverse proxy), but one that does not contact the site requested or store the scripts (this would be OK but better if avoidable), but instead uses files already downloaded and made available to the proxy/webserver, which provides this to the person/webbrowser making the request.

      That's a lot of words to describe something that in essence seems very simple: store and replace one file of a http request for another file. Any help or tips would be appreciated!

      1 Reply Last reply Reply Quote 0
      • P Offline
        ptg
        last edited by

        Any thoughts on this? Am I on the right path with unbound and squid?

        1 Reply Last reply Reply Quote 0
        • J Offline
          jpns
          last edited by

          You can probably do it with Squid, but the question is why?

          Also in your example I don't think it would even be successful as Yahoo (like many) force HTTPS by default, and if you try injecting non-HTTPS content into the request the end users' web browser will almost certainly block it and tell the user that they are experiencing a man-in-the-middle attack.

          The only way I could see this being successful (for HTTPS traffic) is if you man in the middle ALL of the traffic, but you'd need to have access to all of your clients devices to install your own root certificate into their trusted CA store, to avoid their browsers giving serious warnings or blocking the requests all together.

          1 Reply Last reply Reply Quote 0
          • P Offline
            ptg
            last edited by

            One of the motivations is blocking intrusive or unsafe scripts and datamining. Much of that can be blocked with conventional adblockers; where it gets difficult is when third-party scripts from advertising companies are used (e.g. jquery), which the website needs to work properly or at all.

            That's an interesting point about https connections, but it's not usually an issue in the above cases, mostly because a lot of sites still don't use https, but also because when connecting to a medium-sized website with say 20 different server connections, some might be encrypted, but not all, and especially not the scripts with known content.

            Anyway, back to the technical requirements: can squid handle the redirection and serve up pre-installed scripts, or would I need unbound/bind for the DNS or possibly a webserver like nginx as well?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.