Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SSL Man In the Middle Filtering : Bug or not

    Firewalling
    1
    1
    925
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kizanlik last edited by

      Hello,

      I installed the latest version -2.3.2-RELEASE-p1 (amd64) built on Tue Sep 27 12:13:07 CDT 2016 FreeBSD 10.3-RELEASE-p9- of pfSense CE to block especially social networks. It took some time to activate SSL Man In the Middle Filtering functionality because of some errors. Finally it worked fine except one thing: Do not allow IP-Addresses in URL. This option is on Services -> SquidGuard Proxy Filter -> Common ACL page.

      If I enable it clients receive this message for every https request including google[.]com:

      _The following error was encountered while trying to retrieve the URL: https://http/*

      Unable to determine IP address from host name “http”

      The DNS server returned:
      Server Failure: The name server was unable to process this query.
      This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.

      Your cache administrator is john@doe.com_

      If I disable it everything is good.

      This option is not mandatory for this environment so it is good to go without enabling it but I am wondering whether it is a bug or not. If it is not a bug, what could be the reason for this error?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy