4. Squid makes false certificates on some pages

Squid makes false certificates on some pages

  • R

    Hello everybody,
    I use Pfsense 2.3.2-p1 with Squid 0.4.23_1. I have activated SSL filtering, because I want to prevent downloads and lock web sites.

    Now to my Problem
    In most cases everything runs as it should I get on HTTPS pages valid certificates from PFSENSECA-> website. In some cases, however, the whole thing does not work, because instead of PFSENSECA-> website is an IP ADDRESS issued with an expired date. As an example I took https://emby.media

    See pictures
    Without Squid

    With Squid

    I think it is a setting problem of my side, but could not yet determine which is.

    Hope you can help me.

    Thanks and regards

    0
  • R

    I have just found out if I disable transparent-proxy and make the proxy settings manually, it runs perfectly.
    But this is not a good solution for me

    0

  • Using squid in explicit mode along with WPAD is almost as seamless as transparent mode.

    0
  • R

    Thanks for the answer.
    I have now switched to WPAD and switched off the SSL Filtering. Works so far quite well, but I get on locked websites now an HTTP 404 instead of my Costum Page. Can do something about it?

    Thanks and regards

    0
  • R

    I just noticed that I can not block downloads in this configuration. Is that right?

    0

  • but I get on locked websites now an HTTP 404 instead of my Costum Page. Can do something about it?

    I don't understand what you mean here.

    I just noticed that I can not block downloads in this configuration. Is that right?

    You can with squidguard.  squid by itself is just a cache.

    0
  • R

    Hi,
    I used Squidguard, I have a rule under Target Categories with the content "(.\ /..(Exe|msi)) under Regular Expression. If I have enabled SSL filtering, downloads are blocked, now with WPAD I disable the SSL filtering and the rule does not work anymore.

    In Squidguard, I have the redirect mode "ext url err page (enter URl )" Redirect Info "http://domain/blocked.php?Clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u" The clients get then displayed a Custom Error Page.
    If SSL filtering is deactivated, it only shows "Make sure the web address … is correct"

    Regards

    0

  • Ah OK.  This is normal behaviour with HTTPS, squidguard and explicit proxy I believe.

    0
  • R

    Is there a way to change that? Or is there a way to get the transparency mode running properly?

    Regards

    0

  • I don't know for sure, but I do know that transparent mode is more trouble than its worth.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy