Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need white list our https site

    Scheduled Pinned Locked Moved pfBlockerNG
    7 Posts 4 Posters 943 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AndrewD
      last edited by

      Our company website which is https is being blocked by PFSense somehow. While on our LAN any browser will give:

      This site can’t provide a secure connection
      www.companywebsite.com sent an invalid response.
      Try running Windows Network Diagnostics.
      ERR_SSL_PROTOCOL_ERROR

      I have turned off my laptop firewall and turned off malware/virus software. Checked the time. Went through all browser settings to troubleshoot what websites recommended to fix ERR_SSL_PROTOCOL_ERROR
      No luck

      The site can be accessed away from our office, but not while in it.

      I looked at the PFSense firewall logs and don't see a block for the website, it's URL, etc.

      I will need to create a white list to allow the company website. Would I create the white list in pfBlockerNG?
      Or create the whitelist in Firewall/Aliases ?
      Then create a rule in Firewall > Rules ?

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • provelsP
        provels
        last edited by provels

        I believe it's the self-signed pfB certificate that it's complaining about. I think you can create a rule on the LAN tab below the anti-lockout rule and above the first pfB rule to allow LAN Net to Server, any/any.

        Peder

        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire
          last edited by

          pfBlocker blocks via IP address, most often by geography. You shouldn't be getting any sort of error if blocked via firewall. So I don't see how pfBlocker could be related.

          What IP does your web site hostname resolve to on the LAN? Your router's WAN IP? If so then you need to enable NAT reflection to use that IP from inside the network.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • NollipfSenseN
            NollipfSense @AndrewD
            last edited by

            @AndrewD You can create a DNSBL safe list like this screen shot below...be sure to set group to PRIMARY and logging to DISABLE...put your site in DNSBL Custom_list at the bottom of the page, then save and force update.

            Screen Shot 2019-11-13 at 6.48.42 PM.png

            Screen Shot 2019-11-13 at 6.48.56 PM.png

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            A 2 Replies Last reply Reply Quote 0
            • A
              AndrewD @NollipfSense
              last edited by AndrewD

              @NollipfSense Thank you. I created the DNSBL safe list for the site and saved it. I let Crone do the update. But our site is still not accessible because of the error:
              "This site can’t provide a secure connection . www.companyname.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR".

              NollipfSenseN 1 Reply Last reply Reply Quote 0
              • A
                AndrewD @NollipfSense
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • NollipfSenseN
                  NollipfSense @AndrewD
                  last edited by

                  @AndrewD I would try clearing your browser cache and may be reboot your pfSense box too. When I did, it took a full day before I could visit the site because I didn't do a force update/reload nor set group to primary.

                  pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                  pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.