Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense randomly blocking web sites

    Cache/Proxy
    4
    5
    1441
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TomS last edited by

      Hi there,

      I'm using a pfSense firewall together with approx. 50 WiFi access points to provide internet connectivity for my customers. In order to be able to block sites (e. g. if legally forced), I also installed the squid plugin and the squidGuard plugin. I've set the local cache size to 0 MB and the cache system to "null", so I guess that the proxy is not doing any caching. In squidGuard, I created a "Target Category" named blocks, where I can enter all the sites which have to be blocked. Currently, this list is empty.

      I'm also using a Captive Portal for the users to acknowledge the usage terms. I've configured Squid that all Captive Portal users can use the proxy server.

      Now, everything seems to run pretty fine. The proxy is logging all the requests and the users can open web sites. - At least some web sites. There are some web sites which cannot be opened anymore. For example, when opening the page https://www.google.com/, the browser does not show the Google web site. Strangely many other Google services (like maps or youtube) cannot be opened, either. When checking the logs, there is no log entry and no information that a site would have been blocked. As soon as I disable Squid, all the sites are working fine again.

      I'm quite sure that I'm missing some very easy point, but I've spent many hours searching for the cause of this weird behaviour and did not find anything.

      Maybe one of you guys could help here…

      I'm using pfSense Version: 2.3.3-RELEASE I have the following packages installed: ntopng Version 0.8.6_1 squid Version 0.4.36_3 squidGuard Version 1.16.2

      Best, Tom

      1 Reply Last reply Reply Quote 0
      • P
        pfsensation last edited by

        @TomS:

        Hi there,

        I'm using a pfSense firewall together with approx. 50 WiFi access points to provide internet connectivity for my customers. In order to be able to block sites (e. g. if legally forced), I also installed the squid plugin and the squidGuard plugin. I've set the local cache size to 0 MB and the cache system to "null", so I guess that the proxy is not doing any caching. In squidGuard, I created a "Target Category" named blocks, where I can enter all the sites which have to be blocked. Currently, this list is empty.

        I'm also using a Captive Portal for the users to acknowledge the usage terms. I've configured Squid that all Captive Portal users can use the proxy server.

        Now, everything seems to run pretty fine. The proxy is logging all the requests and the users can open web sites. - At least some web sites. There are some web sites which cannot be opened anymore. For example, when opening the page https://www.google.com/, the browser does not show the Google web site. Strangely many other Google services (like maps or youtube) cannot be opened, either. When checking the logs, there is no log entry and no information that a site would have been blocked. As soon as I disable Squid, all the sites are working fine again.

        I'm quite sure that I'm missing some very easy point, but I've spent many hours searching for the cause of this weird behaviour and did not find anything.

        Maybe one of you guys could help here…

        I'm using pfSense Version: 2.3.3-RELEASE I have the following packages installed: ntopng Version 0.8.6_1 squid Version 0.4.36_3 squidGuard Version 1.16.2

        Best, Tom

        Have you got Squid set to splice all? You aren't trying to intercept https traffic right? Check if you have that checkbox ticked in the squid settings.

        1 Reply Last reply Reply Quote 0
        • T
          TomS last edited by

          Yes, I've set to splice all.
          Many other HTTPS sites are working fine.

          1 Reply Last reply Reply Quote 0
          • H
            he-jimenez last edited by

            Hey Toms

            I'm fighting witht the same issue. Wondering know if you fixed this. My workaround was to close the web browser (firefox) and also clean the cache data on that one.

            Any suggestion?

            Really appreciate it

            1 Reply Last reply Reply Quote 0
            • G
              genesislubrigas last edited by

              All i can say, most possibly its your configuration.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy