Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid + SSL filtering iOS Linux

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RickTosch
      last edited by

      Hi there,

      I realize the following post can be asked in relevant communities (Linux, iOS) but I thought it had relevance here too since I run a pfSense.
      It would be great benefit to see people with similar setup as me that have it working in their environment.

      I have installed Squid in transparent mode + SSL + c-icap Antivirus.
      I then Installed CA certificates on clients (Windows, Linux, iOS, Android). Good for the most part.
      Good until iOS devices/Linux desktop/servers attempt to access CERTAIN content via HTTPS and disregard the certificate I added in their store.  By certain, i am referring to Facebook, Signal apps on iPhone, certain 3rd party repos in CentOS.
      Now, I realize, after a bit of reading, that is how iOS apps and Linux programs work: apps/programs relying on specific CA stores. (hello Firefox!)

      How did you work around this issue? explicit mode? ACL white listing? entire host IP whitelisting?

      PS After some searching on this forum, I realize that squid caching may not do much benefit in my environment. If I wanted to retain the antivirus feature, is there something else? HAVP does not appear to be listed in the package manager anymore.
      PSS Seems like Antivirus support is only available via Squid. HAVP is no longer maintained. as per https://doc.pfsense.org/index.php/2.3_Removed_Packages

      Thank you,

      1 Reply Last reply Reply Quote 0
      • R
        RickTosch
        last edited by

        Another post relevant question.
        Is there a way to white list a domain? Perhaps this will circumvent the above issue.
        I tried : Services -> SquidProxy ->  ACL -> Whitelist: *facebook.com but that does nothing. perhaps the syntax is wrong or this is not what it's for?

        Thanks,

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.