Unable to block a particular HTTPS site.

  • Hi there, I am using pfSense 2.3.1 to block https://youtube.com and https://facebook.com. I tried every possible way to block these two HTTPS sites but in return squid with squidGuard is blocking every site on HTTPS.

    I created self-signed internal certificate and imported it in my Redhat Client machine to a location /etc/pki/tls/certs and key to /etc/pki/tls/private. Then I restarted httpd.service.

    Next I configured squid and enabled transparent proxy on LAN and also enabled SSL filtering on LAN. Then I added always_direct allow all and ssl_bump server-first all to custom [acl(before auth)](http://acl(before).

    Then I went into the ACLs and added youtube and facebook to the blacklist.

    Next I went into the SquidGuard Proxy Filtering and enabled blacklist there as well.  Then in blacklist URL I added the shalla's backlist's path that I downloaded from squidGuards website.

    then in the blacklist tab I updated that shalla's file and then in Common ACL I set the rules to block porn as well.

    Now the situation is downloading and porn sites are blocked but HTTPS sites are showing that there is a certificate error. I am unable to access any HTTPS site. I dont know why. I have only disallowed HTTPS facebook and youtube.
    ![Screenshot from 2016-07-20 17:28:34.png](/public/imported_attachments/1/Screenshot from 2016-07-20 17:28:34.png)
    ![Screenshot from 2016-07-20 17:28:34.png_thumb](/public/imported_attachments/1/Screenshot from 2016-07-20 17:28:34.png_thumb)

  • Hi bro

    Try disable the squidguard, and verifice if you broswer can acces to internet

    what is port acces to webconfig? is diferent to 443?

  • Please dont try MITM, Please use WPAD its much better sometimes MITM some pages wont load even with WPAD but in WPAD files You can bypass certain sites that wont load

Log in to reply