Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [squidguard] safesearch rewrite redirects http but not https

    Scheduled Pinned Locked Moved Cache/Proxy
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kpoman
      last edited by

      Hi all,
      I configured squid which works well for intercepting http + https (splice all).
      I configured squidguard blacklists, etc. and it works fine.
      I tried to set up safesearch squidguard-based on url rewrites, and it seems to work with http (redirects appending safe=on at the end of the url), but not for https.

      example:
      good: http://www.google.com.br/search?q=blabla => https://www.google.com.br/search?q=blabla&gws_rd=ssl&safe=on
      bad: https://www.google.com.br/search?q=blabla => https://www.google.com.br/search?q=blabla

      My rule is as follows:
      target url: (google..*/search?.q=.)
      replace to url: \1&safe=on
      opt: no case

      Help much appreciated.

      1 Reply Last reply Reply Quote 0
      • S
        sichent Banned
        last edited by

        "Splice all" means do not decrypt. In this case your redirector will only see google.com (from SNI) - not the whole URL you try to rewrite.

        1 Reply Last reply Reply Quote 0
        • K
          kpoman
          last edited by

          The problem is that bumping give an error: "This site uses HTTP Strict Transport Security (HSTS)".

          1 Reply Last reply Reply Quote 0
          • S
            sichent Banned
            last edited by

            You cannot just redirect HTTPS unfortunately. Might have more luck with actually changing contents - like https://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html (not verified with transparent intercept option like you desire).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.