PfBNG DNSBL + HTTPS


  • Banned

    Recently, I'm seeing pretty much nothing logged any more when it comes to blocked HTTPS requests… Apparently, with newer browsers' versions, the lighttpd debug trick no longer works. So, here's a bunch of ideas:

    • the self-signed cert should definitely be SHA2, not SHA1
    • it'd probably help to let people select their own cert from those installed on pfSense

  • Moderator

    The self-signed cert will never match the request Domain name anyways… Its only used to allow the browser to terminate the connection and lighttpd to try query the error.log for the https details if available...

    Not sure what else can be done with the existing methodology... The best would be to add the Unbound python feature support and collect the details that way without requiring Lighttpd at all..

    Which pfSense OS and Browser?


  • Banned

    2.3.3 snapshots, browser being mostly Chrome. Why's unbound compiled without python, no idea.