The following error was encountered while trying to retrieve https://http/*

loboferoz · Nov 27, 2017, 4:47 AM

Nope, this does not work, tested several times on pfsense 2.4.2

rmr85 · Dec 6, 2017, 4:50 PM

Im having same problem here on PfSense 2.4.2 (amd64)Transparent Proxy HTTP/HTTPS + Squidguard
If i disable Squidguard all works well.

Any help?

Impatient · Dec 6, 2017, 5:30 PM

It is not supposed to work with Default access [all] to deny.

Voxnod · Nov 1, 2018, 4:10 AM

It worked for me. PfSense 2.4.4 (amd64) Squid + Squidguard.

kopraasbotha · Feb 18, 2019, 7:33 AM

This post is deleted!

bluegrass-168 · Jan 6, 2020, 9:48 AM

I have the same error with Default access [all] to allow already.

Anyone knows and helps the solution? Plz.

cavaco · May 23, 2020, 10:20 PM

this is happening to me ... squid with active squid guard , and the comon acl with the settings that are said in the first post ,but its not working ... did u guys get it working ???

coffeelover · Jul 29, 2020, 1:11 PM

You have to append

url_rewrite_access deny CONNECT
url_rewrite_access allow all

to your squid custom options to make the redirect page work in SSL MITM mode.

sonerzin · Jul 30, 2020, 8:31 AM

@coffeelover said in The following error was encountered while trying to retrieve https://http/*:

You have to append

url_rewrite_access deny CONNECT
url_rewrite_access allow all

to your squid custom options to make the redirect page work in SSL MITM mode.

Where exactly do you put those options? Custom Options (Before Auth) / Custom Options (After Auth) / Custom Options (SSL/MITM)?

SSL/MITM Mode: Splice All, Splice Whitelist, bump otherwise or Custom?

Thanks!

coffeelover · Jul 30, 2020, 2:15 PM

I put these in "Custom options (before auth)"

And for complete filtering (URLs instead of domains) of SSL-Traffic via squidguard you have to set the mode to "Splice whitelist, bump otherwise".

Splice: Do not break the SSL Connection
Bump: Break the SSL Connection (Proxy CA on Clients needed)

Dacosta · Dec 2, 2020, 1:48 AM

Hi Coffee Lover,

I got this error after I added as your suggest:

Fastly error: unknown domain: yahoo.com. Please check that this domain has been added to a service.

Details: cache-sin18030-SIN

Please help.

Michele Trotta · Jul 22, 2021, 9:39 AM

@coffeelover Thanks I have solved it

jpattard · Aug 26, 2021, 6:30 AM

I cannot make this work with the latest version of PF sense. Anything else i should check?

robirf · Sep 4, 2021, 2:13 PM

I have the same problem, when I´m not using ssl interceptation the page showed is on picture bellow.

But when I actived ssl interception the page showed is bellow.
So I´ve tried to put these lines that you mentioned before , but for me not solved.

nilux17 · Sep 24, 2021, 11:32 AM

same issue

aGeekhere · Sep 25, 2021, 2:11 AM

Try
https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

WPAD as your main setup
and transparent proxy to catch the rest.

nilux17 · Sep 28, 2021, 8:16 AM

Thx,
actually, i've already setup a wpad but i put a "return direct"
changing for a "return proxy ..." seems to do the trick

I don't investigate "more than that" but a windows 10 laptop, even with a proxy configuration try to connect on 443 for a lot of things.
Android apps too...

aGeekhere · Sep 28, 2021, 8:28 AM

@nilux17 In Internet properties lan settings
Is Automatically detect settings checked?

Sounds like you are going through the transparent proxy rather than the WPAD

nilux17 · Sep 28, 2021, 10:22 AM

@ageekhere
Yeap, of course !