Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid SSL Filtering - Webconfigurator Lockout?

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 585 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cardnyl
      last edited by

      I am running Squid on pfsense 2.4.1 in transparent mode in conjunction with WPAD. I've been able to verify that both DHCP and DNS WPAD entries are working and would eventually like to switch to non-transparent mode. I am trying to turn on the SSL filtering option ( Splice Whitelist, Bump Otherwise) - currently it is set to "Splice All". I have a CA created and exported the certificate to my PC. I already went ahead and imported the CRT file into my Windows 10 client and manually imported it into Firefox. I am keeping an eye on Squid (tail -f /var/squid/logs/access.log) and can see that its generating output for HTTP and HTTPS sites using the settings shown in the attachments. I am not getting any sort of browser warnings or errors when surfing the net. The problem comes when I attempt to get back in to manage the firewall using the webconfigurator.

      Normally when there is a certificate mismatch it would be firefox pitching a fit - which can be circumvented temporarily with an exception. If I set the SSL filtering mode from "Splice All" to "Splice Whitelist, Bump Otherwise" I will get locked out of the webconfigurator by Squid (I can tell its Squid because the error page is the one defined in the Squid options). There's no opportunity to add an exception. I'm extremely new to pfsense so all I've been able to do when this occurs is to use option 15 from the console and roll the configuration back.

      I've tried switching the webconfigurator to use a cert that was signed by the CA I setup within pfsense but no luck. I also tried specifying alternate names (first screenshot) but something Firefox still isn't happy with it. The blacked out info is what I think is the FQDN of my pfsense box (web login > System Information > "Name"). I'm really at a loss here and any help is appreciated.

      Thanks in advance

      Error.PNG
      Error.PNG_thumb
      Squid1.JPG
      Squid1.JPG_thumb
      SquidCA2.JPG_thumb
      SquidCA2.JPG
      Squid3.JPG
      Squid3.JPG_thumb
      SquidCA.JPG
      SquidCA.JPG_thumb
      Squid2.JPG
      Squid2.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • C
        Cardnyl
        last edited by

        Would it be possible for someone to move this into the Packages > Cache/Proxy section of the forums - I should have looked around more before I posted it here. Sorry.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.