Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squidguard HTTPS

    Cache/Proxy
    3
    6
    697
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alear
      last edited by

      Ok I am getting frustrated with this. I love pfsense but this is something that Sophos has gotten done well. Https filtering is so finicky on pfsense. I'm using splice all. I've set it up so many ways. Tried all different kinds of dns setups. And still https blocks sites not supposed to be blocked no record of the block in the log so I can't see what is going on. I'm out of ideas. Can someone please tell me how to set this up properly to prevent these headaches. I would really appreciate it. Thank you.

      1 Reply Last reply Reply Quote 0
      • G
        GL
        last edited by

        have a look at my post, I guess it is the same problem.
        we found the solution.
        it is two days it is implemented and it is working well up to today.

        1 Reply Last reply Reply Quote 0
        • A
          alear
          last edited by

          Thanks for the input but your solution did not resolve my issue. I am done trying to make this work. I love pfsense but this is just not worth the headache. Filtering should be built into the system in my opinion. Doing so and building in IPS could make PFSense one of the elite firewalls I think.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            1.  Having that stuff installed by default is a terrible idea.  Most people do not use squid or squidguard with pfSense from what I've seen over the years here.  It adds extra complexity, and expands the attack surface.  Plus, the nature of the dynamic web these days makes caching difficult, and you can use other tools for URL filtering like pfBlocker.

            2.  It's impossible to help you since you haven't shown any of your config, nor the exact nature of the problem you're having.  Start with just Squid in explicit mode.  Does it work?  Then make it transparent.  Does it work?  Then add squidguard.  Does it work? etc etc.  I use squid/squidguard explicit with WPAD.  Works fine for me.

            1 Reply Last reply Reply Quote 0
            • A
              alear
              last edited by

              Thanks KOM for the response. I have tried PFBlocker in the past but didn't like it. I have narrowed it down a little. The SSL just blocks sites like Google or Outlook at random but if I wait a few minutes then the sites are accessible. HTTP filtering works flawlessly it's just the SSL filtering that is having this issue. I'm running Squid transparently and SSL filtering is set to splice all. Unfortunately I have no experience with WPAD but will look at this option. If you know of a good resource for config I would appreciate it.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post