Squid + SSL filtering iOS Linux

  • Hi there,

    I realize the following post can be asked in relevant communities (Linux, iOS) but I thought it had relevance here too since I run a pfSense.
    It would be great benefit to see people with similar setup as me that have it working in their environment.

    I have installed Squid in transparent mode + SSL + c-icap Antivirus.
    I then Installed CA certificates on clients (Windows, Linux, iOS, Android). Good for the most part.
    Good until iOS devices/Linux desktop/servers attempt to access CERTAIN content via HTTPS and disregard the certificate I added in their store.  By certain, i am referring to Facebook, Signal apps on iPhone, certain 3rd party repos in CentOS.
    Now, I realize, after a bit of reading, that is how iOS apps and Linux programs work: apps/programs relying on specific CA stores. (hello Firefox!)

    How did you work around this issue? explicit mode? ACL white listing? entire host IP whitelisting?

    PS After some searching on this forum, I realize that squid caching may not do much benefit in my environment. If I wanted to retain the antivirus feature, is there something else? HAVP does not appear to be listed in the package manager anymore.
    PSS Seems like Antivirus support is only available via Squid. HAVP is no longer maintained. as per https://doc.pfsense.org/index.php/2.3_Removed_Packages

    Thank you,

  • Another post relevant question.
    Is there a way to white list a domain? Perhaps this will circumvent the above issue.
    I tried : Services -> SquidProxy ->  ACL -> Whitelist: *facebook.com but that does nothing. perhaps the syntax is wrong or this is not what it's for?