SSL Man In the Middle Filtering : Bug or not

  • Hello,

    I installed the latest version -2.3.2-RELEASE-p1 (amd64) built on Tue Sep 27 12:13:07 CDT 2016 FreeBSD 10.3-RELEASE-p9- of pfSense CE to block especially social networks. It took some time to activate SSL Man In the Middle Filtering functionality because of some errors. Finally it worked fine except one thing: Do not allow IP-Addresses in URL. This option is on Services -> SquidGuard Proxy Filter -> Common ACL page.

    If I enable it clients receive this message for every https request including google[.]com:

    _The following error was encountered while trying to retrieve the URL: https://http/*

    Unable to determine IP address from host name “http”

    The DNS server returned:
    Server Failure: The name server was unable to process this query.
    This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.

    Your cache administrator is john@doe.com_

    If I disable it everything is good.

    This option is not mandatory for this environment so it is good to go without enabling it but I am wondering whether it is a bug or not. If it is not a bug, what could be the reason for this error?

Log in to reply