• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Squidguard HTTPS

Scheduled Pinned Locked Moved Cache/Proxy
6 Posts 3 Posters 942 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    alear
    last edited by Dec 19, 2017, 12:22 AM

    Ok I am getting frustrated with this. I love pfsense but this is something that Sophos has gotten done well. Https filtering is so finicky on pfsense. I'm using splice all. I've set it up so many ways. Tried all different kinds of dns setups. And still https blocks sites not supposed to be blocked no record of the block in the log so I can't see what is going on. I'm out of ideas. Can someone please tell me how to set this up properly to prevent these headaches. I would really appreciate it. Thank you.

    1 Reply Last reply Reply Quote 0
    • G
      GL
      last edited by Dec 20, 2017, 11:14 PM

      have a look at my post, I guess it is the same problem.
      we found the solution.
      it is two days it is implemented and it is working well up to today.

      1 Reply Last reply Reply Quote 0
      • A
        alear
        last edited by Dec 21, 2017, 1:07 AM

        Thanks for the input but your solution did not resolve my issue. I am done trying to make this work. I love pfsense but this is just not worth the headache. Filtering should be built into the system in my opinion. Doing so and building in IPS could make PFSense one of the elite firewalls I think.

        1 Reply Last reply Reply Quote 0
        • K
          KOM
          last edited by Dec 21, 2017, 1:58 PM

          1.  Having that stuff installed by default is a terrible idea.  Most people do not use squid or squidguard with pfSense from what I've seen over the years here.  It adds extra complexity, and expands the attack surface.  Plus, the nature of the dynamic web these days makes caching difficult, and you can use other tools for URL filtering like pfBlocker.

          2.  It's impossible to help you since you haven't shown any of your config, nor the exact nature of the problem you're having.  Start with just Squid in explicit mode.  Does it work?  Then make it transparent.  Does it work?  Then add squidguard.  Does it work? etc etc.  I use squid/squidguard explicit with WPAD.  Works fine for me.

          1 Reply Last reply Reply Quote 0
          • A
            alear
            last edited by Dec 22, 2017, 9:33 PM

            Thanks KOM for the response. I have tried PFBlocker in the past but didn't like it. I have narrowed it down a little. The SSL just blocks sites like Google or Outlook at random but if I wait a few minutes then the sites are accessible. HTTP filtering works flawlessly it's just the SSL filtering that is having this issue. I'm running Squid transparently and SSL filtering is set to splice all. Unfortunately I have no experience with WPAD but will look at this option. If you know of a good resource for config I would appreciate it.

            1 Reply Last reply Reply Quote 0
            • K
              KOM
              last edited by Dec 22, 2017, 9:48 PM

              https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received