Problem: Block HTTPS websites



  • Hello everybody,

    I've activated Captive portal on pfsense server then I've installed squid & squidGuard proxy in addition to download black list on squid proxy.
    I've created and added several users  (Normal and Managers) to the Group ACl in Services->SquidGuaard Proxy Filter->Groups ACL

    the problem is  https sites still not blocked, only http, and when I Enabled (HTTPS/SSL Interception), all websites are blocked.

    I want to block a group of sites to several users and allow it to the other users and I don't want to install certificates on users laptops and machines (Create Interal Certificate and export it) cuz I have more than 100 Machine.

    I need to do this filter according to the users group like the websites filter on fortigate.

    is there any solution on suggestion??

    Thank You.



  • @Anas.sh:

    I want to block a group of sites to several users and allow it to the other users and I don't want to install certificates on users laptops and machines (Create Interal Certificate and export it) cuz I have more than 100 Machine.

    If you plan on doing HTTPS filtering, that is impossible without installing certs. If you find a way, the USA government would love to know. You would win world wide recognition for breaking HTTPS, which is explicitly designed to keep this from happening.

    Except in the current case for SNI



  • Thank you Bro for killing my dreams  :P

    In case like this (make a web filtering for several websites to specific users) what is my choices?
    any suggestion or hint?



  • Use PfBlockerNG to blackhole the DNS for sites do is protocol agnostic.  You just need to find the right block list to feed it.