I'm running into an odd issue. I want to use SquidGuard for web filtering (http & https), but as Squid is required to run Squidguard I need to run Squid as a proxy as well. I am not interested in using the proxy/caching info, so I have set up squid to be a transparent proxy with Cache size of 0, and HD Cache system set to Null. I turned SSL filtering on, but set to "Splice-All Destinations". I setup a specific Cert CA for this use (as it is required), but it says this does not need to be set in client machines.
Once I had this setup, I went to squidguard and set "netflix.com" as my test domain. Once saved and applied, netflix gets blocked (when navigating to http://netflix.com I get a redirect to an error page, and when going to https://netflix.com I get a "Thie site cant provide a secure connection" error page) and it appears to work. However, shortly after other sites (ie mail.google.com) begin intermittently showing the same error. By intermittent I mean, one user may get the error when another does not, or one user may get the error, refresh his webpage a number of times, then is able to get to mail.google.com without the error.
I'm trying to figure out why if Splice-All is set when a transparent proxy, why are these sites being interfered with if not on the blocklist? All I want is to use SquidGuard to blacklist webpages. I want to set Squid to do the absolute minimum, just so SquidGuard can run. Anyone have this working this way?
Device: Netgate XG-2758 Version 2.3.5-RELEASE-p1
Thanks for any advise.
try to upgrade your squid version
I've found the same type of behavior running Squid on a medium sized network (800+ clients).
I've found the behavior is most often related to the number of SSL daemon children and certificate verification. The cache doesn't really go to zero unless you edit the config files….lots of forum posts on that.
If you set the firewall to not perform remote certificate checks I've found that this error is seen less often, but not eradicated.
Would love to see if anyone else has the same issue / fixes.
On Proxy Server>General Settings> SSL Man In the Middle Filtering> enable HTTPS/SSL Interception and SSL/MITM Mode Splice All and SSL Intercept Interfaces "LAN" and CA choose what you make it on your CERT Manager rest is should remain by default. When I did it, it worked fine
rodrigoinfocasper.com.br last edited by
good morning people,
I'm running exactly the same versions, and going through the same difficulty as my friend RPX_D, did anyone ever figure out the problem.
Active squidguard on the hour I have problem with https sites, and I am forced to disable ….