SSL filtering

  • Hello,

    I configured man in the middle ssl filtering as follows:

    ssl mode: splice all
    interface: 2 internal networks
    default port
    ssl compatibility: modern
    DHT: 2048
    remote check: accept
    adapt: not before

    This config was working perfectly. Now all of a sudden I have two websites google and facebook that cannot be accessed. I get the cannot connect securely error which is what is received when squidguard blocks the https page. Checked the squidguard logs and there are no blocks logged for these two sites. I have tested other https sites and they work perfectly. I tested other sites in blocked categories and they are blocked and I receive the cannot connect securely error as I should. I tested the exact same setup on another box and I am not having any issues. Everything I set to block gets blocked and all other https sites including google and facebook are accessible without issue. What am I missing?

    Other info:

    I do have an internal webserver that requires port 80-82 to be forwarded. I disabled those rules but it did not resolve the issue. Port 443 is not forwarded. I have 3 VPN servers configured in pfsense but all with unique ports configured. If I disabled ssl filtering then everything works properly but https sites ex: do not get blocked anymore.

    Thanks in advance.

  • Banned

    Seems this from your description - (it is not sg but it does not matter - the error is shown only for squid denied page, right?)

  • I don't believe that's it. I'm getting "cannot connect securely" which is what I should get using splice all. I'm blocking porn category. All http sites are blocked without issue. If I visit https I get "cannot connect securely" and SG logs show the block. Now I'm not blocking google or facebook but when visiting those sites I get either cannot connect securely or tls error in IE. In chrome I can connect to google fine but get cannot connect securely to Facebook. Check SG logs and no blocks are recorded. This was working well at first but now it is not. It only seems to be these two sites.

    I have tried ACL list to allow but that did not work either. I know I'm missing something simple but I just can't put my finger on it.

    ![What I should be getting.png](/public/imported_attachments/1/What I should be getting.png)
    ![What I should be getting.png_thumb](/public/imported_attachments/1/What I should be getting.png_thumb)
    ![What I am getting (incorrect).png](/public/imported_attachments/1/What I am getting (incorrect).png)
    ![What I am getting (incorrect).png_thumb](/public/imported_attachments/1/What I am getting (incorrect).png_thumb)
    ![What I am getting (incorrect) also.png](/public/imported_attachments/1/What I am getting (incorrect) also.png)
    ![What I am getting (incorrect) also.png_thumb](/public/imported_attachments/1/What I am getting (incorrect) also.png_thumb)

  • I have resolved the issue. I set the DHCP Server to use the interface as the DNS Server. I then applied the same server addresses into squid "use alternate DNS servers"

    IP addresses vary depending on your network scope.

    ex: LAN= use this as the DNS server applied to DHCP clients. Configure in DHCP Server>Servers>DNS Servers.

    Then enter the same DNS server(s) IP in Squid Proxy Server>General>Use Alternate DNS Servers for the Proxy Server.

    HTTPS filtering should work flawlessly using Splice All. And block only the sites set in Squidguard rules.

Log in to reply