Domain blocking through squid
-
Hello..
I am in a trouble with domain blocking.
I configured the domain blocking through the squid package and its working fine but there is one issue with that.
In the squid proxy server I have to enable the SSL interception and for ssl I have to select the certificate (which is created by me in cert. manager).
Now here the problem comes, that first I have to download that certificate and have to upload in the browser, without that the cert. error is coming on browser but after upload the domain blocking is working fine.issue:- If i have to block the domain for 20-30 systems then it will create headache for me to upload certificate in each systems ..is there any way so that i can resolve this issue??
-
Yup, you can use Peed&Splice for just domain blocking. You see only the FQDN not the full URL but you don't need certs on everything. See: https://www.youtube.com/watch?v=xm_wEezrWf4&t=985s
Steve
-
thanks ...I gone through with that video but still i have problem .
I selected spice all in ssl interception filed (In which I dont have to upload the CA in browser) but still it is not working . As I deleted the cert from the browser and after that again the cert. issue is showing on browser whenever I am opening any site.Can you please guide me step by step. thanks
-
That video is about as step-by-step as it gets.
Id the client still using the proxy specifically? This is intended to be transparent.
Steve
-
I already enable the transparent proxy .
My problems occurs whenever i m setting spice all in ssl interception field .
few sites get opened like fb ad youtube but twitter showing the CA error.
Moreover i followed tutorial . -
Could be 409 errors, check the Squid real-tome logs:
https://docs.netgate.com/pfsense/en/latest/cache-proxy/squid-troubleshooting.html#sites-not-loading-with-splice-error-409-in-access-logSteve
