Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SSL Man In the Middle Filtering : Bug or not

    Firewalling
    1
    1
    930
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kizanlik last edited by

      Hello,

      I installed the latest version -2.3.2-RELEASE-p1 (amd64) built on Tue Sep 27 12:13:07 CDT 2016 FreeBSD 10.3-RELEASE-p9- of pfSense CE to block especially social networks. It took some time to activate SSL Man In the Middle Filtering functionality because of some errors. Finally it worked fine except one thing: Do not allow IP-Addresses in URL. This option is on Services -> SquidGuard Proxy Filter -> Common ACL page.

      If I enable it clients receive this message for every https request including google[.]com:

      _The following error was encountered while trying to retrieve the URL: https://http/*

      Unable to determine IP address from host name “http”

      The DNS server returned:
      Server Failure: The name server was unable to process this query.
      This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.

      Your cache administrator is john@doe.com_

      If I disable it everything is good.

      This option is not mandatory for this environment so it is good to go without enabling it but I am wondering whether it is a bug or not. If it is not a bug, what could be the reason for this error?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post