The following error was encountered while trying to retrieve https://http/*

bluegrass-168

I have the same error with Default access [all] to allow already.

Anyone knows and helps the solution? Plz.

cavaco

this is happening to me ... squid with active squid guard , and the comon acl with the settings that are said in the first post ,but its not working ... did u guys get it working ???

coffeelover

You have to append

url_rewrite_access deny CONNECT
url_rewrite_access allow all

to your squid custom options to make the redirect page work in SSL MITM mode.

sonerzin

@coffeelover said in The following error was encountered while trying to retrieve https://http/*:

You have to append

url_rewrite_access deny CONNECT
url_rewrite_access allow all

to your squid custom options to make the redirect page work in SSL MITM mode.

Where exactly do you put those options? Custom Options (Before Auth) / Custom Options (After Auth) / Custom Options (SSL/MITM)?

SSL/MITM Mode: Splice All, Splice Whitelist, bump otherwise or Custom?

Thanks!

coffeelover

I put these in "Custom options (before auth)"

And for complete filtering (URLs instead of domains) of SSL-Traffic via squidguard you have to set the mode to "Splice whitelist, bump otherwise".

Splice: Do not break the SSL Connection
Bump: Break the SSL Connection (Proxy CA on Clients needed)

Dacosta

Hi Coffee Lover,

I got this error after I added as your suggest:

Fastly error: unknown domain: yahoo.com. Please check that this domain has been added to a service.

Details: cache-sin18030-SIN

Please help.

Michele Trotta

@coffeelover Thanks I have solved it

jpattard

I cannot make this work with the latest version of PF sense. Anything else i should check?

robirf

I have the same problem, when I´m not using ssl interceptation the page showed is on picture bellow.

But when I actived ssl interception the page showed is bellow.
So I´ve tried to put these lines that you mentioned before , but for me not solved.

nilux17

same issue

aGeekhere

Try
https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

WPAD as your main setup
and transparent proxy to catch the rest.

nilux17

Thx,
actually, i've already setup a wpad but i put a "return direct"
changing for a "return proxy ..." seems to do the trick

I don't investigate "more than that" but a windows 10 laptop, even with a proxy configuration try to connect on 443 for a lot of things.
Android apps too...

aGeekhere

@nilux17 In Internet properties lan settings
Is Automatically detect settings checked?

Sounds like you are going through the transparent proxy rather than the WPAD

nilux17

@ageekhere
Yeap, of course !