https

ik2189

Hi,

Sorry for my English.
I installed pfBockerNG-devel 3.0.0_16 and it blocks all porn sites It's good !
When the site is in http I see the pfBlockerNG page but when the site is in https I see an error page with code erreur : SSL_ERROR_INTERNAL_ERROR_ALERT.
Why ?

Thanks for your help

Gertjan

@ik2189 said in https:

Why ?

The short answer : because no one** can break https = TLS.
If a web server want to connect to some 'p0rn-site-here.tld' and a web server, the one used by pfBlockerNG answers (because the DNS record matches a list) then the web browser tells you that that pfB web server, on your pfSense, does not have 'p0rn-site-here.tld' in it's certificate.
Which is understandable.
So, your web browser does not show the 'this site is blocked' page at all.

You might think : because 99,99 % of all traffic is https these days, is it useful to have this page 'this site is blocked' page being shown ?
Answer : of course not. It's something of the past. We see our browser telling us that 'there was an (cert !) issue'.

This is a TLS issue, not a pfBlockerNG issue ;)

** and the day some one breaks it, is the day that 'Internet' dies.

ik2189

@gertjan

So if i understand it's not possible to display a web page displaying that the site is not allowed ?

fireodo

@ik2189 said in https:

So if i understand it's not possible to display a web page displaying that the site is not allowed ?

Thats correct. Gertjan has explained you the reason why thats so.