Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid/Squidguard blacklist nginx bug

    Cache/Proxy
    2
    2
    378
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giacomo last edited by

      Hi All!

      News about this?

      I am new to pfsense and could not find a satisfactory solution to the following problem. I installed the squid and squidguard packages. When I try to go to a blacklisted page, I get the web error "400 Bad request The plain HTTP request was sent to HTTPS port nginx".
      This was previously noted in post https://forum.pfsense.org/index.php?topic=115115.0. The work around is no move the web GUI from https to http.
      I have tested this solution and it works. The workaround is not entirely satisfying because security is compromised using unencrypted http access to the web GUI.

      Thak you!

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        What news are you expecting?  WPAD requires an HTTP server, not HTTPS.

        https://technet.microsoft.com/en-us/library/cc995261.aspx?f=255&MSPPError=-2147217396

        Implementing DNS or DHCP

        Consider the following criteria when deciding whether to use a DHCP WPAD entry, a DNS entry, or both:

        • WPAD entries in DNS can only be used by client computers that belong to a domain, and clients must be configured to resolve DNS names.
        • When implementing WPAD with a DNS server, entries must be configured for every domain containing clients enabled for automatic discovery.
        • A valid DHCP server must be installed.
        • When using DNS to publish WPAD, automatic discovery must be configured to use port 80. Alternatively, the outgoing Web requests must be configured to listen on port 80.
        • WPAD in DHCP is limited to specific user groups on some client computer operating systems. For more information, see the Microsoft Knowledge Base article 312864, "Automatic Proxy Discovery in Internet Explorer with DHCP requires specific permissions."
        • Generally, using DHCP servers with automatic detection works best for local area network (LAN)-based clients, while DNS servers enable automatic detection on computers with both LAN-based and dial-up connections. Although DNS servers can handle network and dial-up connections, DHCP servers provide faster access to LAN users and greater flexibility. If you configure both DHCP and DNS, clients will attempt to query DHCP for automatic discovery information first and then query DNS.
        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy