Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    The following error was encountered while trying to retrieve https://http/*

    Scheduled Pinned Locked Moved Cache/Proxy
    20 Posts 16 Posters 17.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Voxnod
      last edited by

      It worked for me. PfSense 2.4.4 (amd64) Squid + Squidguard.

      K 1 Reply Last reply Reply Quote 0
      • K
        kopraasbotha @Voxnod
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • bluegrass-168B
          bluegrass-168
          last edited by

          I have the same error with Default access [all] to allow already.

          Anyone knows and helps the solution? Plz.

          1 Reply Last reply Reply Quote 0
          • C
            cavaco
            last edited by

            this is happening to me ... squid with active squid guard , and the comon acl with the settings that are said in the first post ,but its not working ... did u guys get it working ???

            1 Reply Last reply Reply Quote 0
            • C
              coffeelover
              last edited by

              You have to append

              url_rewrite_access deny CONNECT
              url_rewrite_access allow all

              to your squid custom options to make the redirect page work in SSL MITM mode.

              S 1 Reply Last reply Reply Quote 1
              • S
                sonerzin @coffeelover
                last edited by

                @coffeelover said in The following error was encountered while trying to retrieve https://http/*:

                You have to append

                url_rewrite_access deny CONNECT
                url_rewrite_access allow all

                to your squid custom options to make the redirect page work in SSL MITM mode.

                Where exactly do you put those options? Custom Options (Before Auth) / Custom Options (After Auth) / Custom Options (SSL/MITM)?

                SSL/MITM Mode: Splice All, Splice Whitelist, bump otherwise or Custom?

                Thanks!

                1 Reply Last reply Reply Quote 1
                • C
                  coffeelover
                  last edited by

                  I put these in "Custom options (before auth)"

                  And for complete filtering (URLs instead of domains) of SSL-Traffic via squidguard you have to set the mode to "Splice whitelist, bump otherwise".

                  Splice: Do not break the SSL Connection
                  Bump: Break the SSL Connection (Proxy CA on Clients needed)

                  M 1 Reply Last reply Reply Quote 2
                  • D
                    Dacosta
                    last edited by

                    Hi Coffee Lover,

                    I got this error after I added as your suggest:

                    Fastly error: unknown domain: yahoo.com. Please check that this domain has been added to a service.

                    Details: cache-sin18030-SIN

                    Please help.

                    1 Reply Last reply Reply Quote 0
                    • M
                      Michele Trotta @coffeelover
                      last edited by

                      @coffeelover Thanks I have solved it

                      1 Reply Last reply Reply Quote 0
                      • J
                        jpattard
                        last edited by

                        I cannot make this work with the latest version of PF sense. Anything else i should check?

                        1 Reply Last reply Reply Quote 1
                        • R
                          robirf
                          last edited by

                          I have the same problem, when I´m not using ssl interceptation the page showed is on picture bellow.
                          e16eb2c1-5485-478f-8bbd-2e9a85d24e2f-image.png

                          But when I actived ssl interception the page showed is bellow.
                          So I´ve tried to put these lines that you mentioned before , but for me not solved.

                          36df853f-5550-45a6-9508-c2254c9d519f-image.png

                          N 1 Reply Last reply Reply Quote 1
                          • N
                            nilux17 @robirf
                            last edited by

                            same issue

                            1 Reply Last reply Reply Quote 0
                            • A
                              aGeekhere
                              last edited by aGeekhere

                              Try
                              https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

                              WPAD as your main setup
                              and transparent proxy to catch the rest.

                              Never Fear, A Geek is Here!

                              N 1 Reply Last reply Reply Quote 0
                              • N
                                nilux17 @aGeekhere
                                last edited by nilux17

                                Thx,
                                actually, i've already setup a wpad but i put a "return direct"
                                changing for a "return proxy ..." seems to do the trick

                                I don't investigate "more than that" but a windows 10 laptop, even with a proxy configuration try to connect on 443 for a lot of things.
                                Android apps too...

                                A 1 Reply Last reply Reply Quote 0
                                • A
                                  aGeekhere @nilux17
                                  last edited by

                                  @nilux17 In Internet properties lan settings
                                  Is Automatically detect settings checked?

                                  Sounds like you are going through the transparent proxy rather than the WPAD

                                  Never Fear, A Geek is Here!

                                  N 1 Reply Last reply Reply Quote 0
                                  • N
                                    nilux17 @aGeekhere
                                    last edited by

                                    @ageekhere
                                    Yeap, of course !

                                    1 Reply Last reply Reply Quote 0
                                    • JonathanLeeJ JonathanLee referenced this topic on
                                    • JonathanLeeJ JonathanLee referenced this topic on
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.