Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid/Squidguard blacklist nginx bug

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 2 Posters 635 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giacomo
      last edited by

      Hi All!

      News about this?

      I am new to pfsense and could not find a satisfactory solution to the following problem. I installed the squid and squidguard packages. When I try to go to a blacklisted page, I get the web error "400 Bad request The plain HTTP request was sent to HTTPS port nginx".
      This was previously noted in post https://forum.pfsense.org/index.php?topic=115115.0. The work around is no move the web GUI from https to http.
      I have tested this solution and it works. The workaround is not entirely satisfying because security is compromised using unencrypted http access to the web GUI.

      Thak you!

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        What news are you expecting?  WPAD requires an HTTP server, not HTTPS.

        https://technet.microsoft.com/en-us/library/cc995261.aspx?f=255&MSPPError=-2147217396

        Implementing DNS or DHCP

        Consider the following criteria when deciding whether to use a DHCP WPAD entry, a DNS entry, or both:

        • WPAD entries in DNS can only be used by client computers that belong to a domain, and clients must be configured to resolve DNS names.
        • When implementing WPAD with a DNS server, entries must be configured for every domain containing clients enabled for automatic discovery.
        • A valid DHCP server must be installed.
        • When using DNS to publish WPAD, automatic discovery must be configured to use port 80. Alternatively, the outgoing Web requests must be configured to listen on port 80.
        • WPAD in DHCP is limited to specific user groups on some client computer operating systems. For more information, see the Microsoft Knowledge Base article 312864, "Automatic Proxy Discovery in Internet Explorer with DHCP requires specific permissions."
        • Generally, using DHCP servers with automatic detection works best for local area network (LAN)-based clients, while DNS servers enable automatic detection on computers with both LAN-based and dial-up connections. Although DNS servers can handle network and dial-up connections, DHCP servers provide faster access to LAN users and greater flexibility. If you configure both DHCP and DNS, clients will attempt to query DHCP for automatic discovery information first and then query DNS.
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.