SSL Man In the Middle Filtering not working - Please help.



  • This post is deleted!

  • Banned

    Unless Squid is set up as transparent above, this won't do anything until you configure the clients.



  • Squid is setup as transparent and has been working for years blocking regular http with squiguard. I created a cert and enabled ssl filtering but it does not work.


  • Banned

    Perhaps look at the logs and post relevant info. Not using Squidguard, won't be of any assistence there. It works just fine without SG.



  • which log would help? does squid have a log somewhere?


  • Banned

    Kindly click the Real Time tab in Squid GUI configuration.



  • Thanks for trying to help me with this. It is working now.



  • @doktornotor:

    Perhaps look at the logs and post relevant info. Not using Squidguard, won't be of any assistence there. It works just fine without SG.

    Sorry Dok, Maybe I missed something… although i read every squid manual in this forum... but... I do not understand, how can I filter sites without SG? Could you exlpain briefly please?



  • @venom3:

    Thanks for trying to help me with this. It is working now.

    Sorry, could you please explain what you mean by "It is working now."

    I mean:
    Which method do you use? "Splice All"?
    SSL Proxy Compatibility Mode?
    REmote cert Cheeks?
    Certificate Adapt?
    Are you still using squidguard?

    I'd like to get https filtering in transparent mode work finally… by now I had many problems... 
    Thanks in advance
    FV


  • Banned

    @vielfede:

    Sorry Dok, Maybe I missed something… although i read every squid manual in this forum... but... I do not understand, how can I filter sites without SG? Could you exlpain briefly please?

    Well, it's briefly explained in the Squid GUI when you click the i next to SSL/MITM Mode.



  • @doktornotor:

    @vielfede:

    Sorry Dok, Maybe I missed something… although i read every squid manual in this forum... but... I do not understand, how can I filter sites without SG? Could you exlpain briefly please?

    Well, it's briefly explained in the Squid GUI when you click the i next to SSL/MITM Mode.

    Sorry again… I'm quite confused... but I understand SG is needed in Splice All…

    Splice All: 
    This configuration is suitable if you want to use the SquidGuard package for web filtering.
    All destinations will be spliced. SquidGuard can do its job of denying or allowing destinations according its rules, as it does with HTTP.
    You do not need to install the CA certificate configured below on clients.
    Content filtering (such as Antivirus) will not be available for SSL sites. 
    

Log in to reply