• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SquidGuard HTTPS filtering without ssl?

Scheduled Pinned Locked Moved Cache/Proxy
9 Posts 6 Posters 5.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kontras20
    last edited by May 2, 2017, 7:17 PM

    Hi Everyone,
    I'm new in the forum and with pfsense also :)
    My goal is to setup web filtering at a Wifi hotspot.
    I have a set up with transparent proxy and SquidGuard configured.
    HTTP filtering is working well but I would like to filter HTTPS sites also. I searched on forum and found that if I want to do that, I have to enable SSL filtering, create a cert and import it to all client PCs. Am I right?
    My problem is that I don't want to use SSL filtering because this is about a HotSpot installation, so I cannot just send certificates to everyone. As far as Ι know they did that in the past with another Pfsense Installation so I assume that I am just searching for it wrong :P.
    Any ideas how can I do that?

    Thanks in advance
    Regards,
    Michael

    1 Reply Last reply Reply Quote 0
    • P
      pfsensation
      last edited by May 2, 2017, 9:41 PM

      Use the splice all feature in Squid, then you can block HTTPS sites without any certificates being handed over to clients.

      1 Reply Last reply Reply Quote 0
      • K
        kontras20
        last edited by May 3, 2017, 8:22 PM

        Hi.
        Thank you for your response.
        Unfortunatelly spice all feature is enabled but still https sites are not blocking.

        1 Reply Last reply Reply Quote 0
        • P
          pfsensation
          last edited by May 3, 2017, 8:53 PM

          @kontras20:

          Hi.
          Thank you for your response.
          Unfortunatelly spice all feature is enabled but still https sites are not blocking.

          Have you tried manually setting the proxy up on a client and trying? My guess is that your clients are bypassing the proxy. Setup WPAD, and block port 443/80 to disallow access without going through your proxy.

          1 Reply Last reply Reply Quote 0
          • J
            JSONSec
            last edited by May 6, 2017, 7:22 PM

            I have a similar issue. Splice All enabled, yet when I enable it all HTTPS fail. It's driving me nuts.

            1 Reply Last reply Reply Quote 0
            • G
              gersonofstone
              last edited by May 10, 2017, 9:57 PM

              @JSONSec:

              I have a similar issue. Splice All enabled, yet when I enable it all HTTPS fail. It's driving me nuts.

              all memory used?

              Papu!! :V

              1 Reply Last reply Reply Quote 0
              • K
                kontras20
                last edited by May 12, 2017, 8:58 PM

                Hi. Sorry for the delay. I have configure it with wpad and working. But I have some questions again. It seems that android phones could not connect to the access point. After checking I realize that android phones does not get automatically the proxy settings through the router. Is it possible to force all traffic go through my proxy without setting the proxy server in the android phone ?
                Thanks in advance

                1 Reply Last reply Reply Quote 0
                • K
                  KOM
                  last edited by May 15, 2017, 5:25 PM

                  Android is the only one that does not support WPAD.  Better to have manual instructions for those users instead of reworking your entire solution.

                  1 Reply Last reply Reply Quote 0
                  • T
                    technicalcsti
                    last edited by May 16, 2017, 1:29 PM

                    @JSONSec:

                    I have a similar issue. Splice All enabled, yet when I enable it all HTTPS fail. It's driving me nuts.

                    Same problem here.

                    If I Use explicit proxy in the config all is ok, but in transparent mode with Splice All enabled, HTTPS fails.

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received