Squidguard HTTPS

  • Ok I am getting frustrated with this. I love pfsense but this is something that Sophos has gotten done well. Https filtering is so finicky on pfsense. I'm using splice all. I've set it up so many ways. Tried all different kinds of dns setups. And still https blocks sites not supposed to be blocked no record of the block in the log so I can't see what is going on. I'm out of ideas. Can someone please tell me how to set this up properly to prevent these headaches. I would really appreciate it. Thank you.

  • have a look at my post, I guess it is the same problem.
    we found the solution.
    it is two days it is implemented and it is working well up to today.

  • Thanks for the input but your solution did not resolve my issue. I am done trying to make this work. I love pfsense but this is just not worth the headache. Filtering should be built into the system in my opinion. Doing so and building in IPS could make PFSense one of the elite firewalls I think.

  • 1.  Having that stuff installed by default is a terrible idea.  Most people do not use squid or squidguard with pfSense from what I've seen over the years here.  It adds extra complexity, and expands the attack surface.  Plus, the nature of the dynamic web these days makes caching difficult, and you can use other tools for URL filtering like pfBlocker.

    2.  It's impossible to help you since you haven't shown any of your config, nor the exact nature of the problem you're having.  Start with just Squid in explicit mode.  Does it work?  Then make it transparent.  Does it work?  Then add squidguard.  Does it work? etc etc.  I use squid/squidguard explicit with WPAD.  Works fine for me.

  • Thanks KOM for the response. I have tried PFBlocker in the past but didn't like it. I have narrowed it down a little. The SSL just blocks sites like Google or Outlook at random but if I wait a few minutes then the sites are accessible. HTTP filtering works flawlessly it's just the SSL filtering that is having this issue. I'm running Squid transparently and SSL filtering is set to splice all. Unfortunately I have no experience with WPAD but will look at this option. If you know of a good resource for config I would appreciate it.

Log in to reply