Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem: Block HTTPS websites

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 632 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Anas.sh
      last edited by

      Hello everybody,

      I've activated Captive portal on pfsense server then I've installed squid & squidGuard proxy in addition to download black list on squid proxy.
      I've created and added several users  (Normal and Managers) to the Group ACl in Services->SquidGuaard Proxy Filter->Groups ACL

      the problem is  https sites still not blocked, only http, and when I Enabled (HTTPS/SSL Interception), all websites are blocked.

      I want to block a group of sites to several users and allow it to the other users and I don't want to install certificates on users laptops and machines (Create Interal Certificate and export it) cuz I have more than 100 Machine.

      I need to do this filter according to the users group like the websites filter on fortigate.

      is there any solution on suggestion??

      Thank You.

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        @Anas.sh:

        I want to block a group of sites to several users and allow it to the other users and I don't want to install certificates on users laptops and machines (Create Interal Certificate and export it) cuz I have more than 100 Machine.

        If you plan on doing HTTPS filtering, that is impossible without installing certs. If you find a way, the USA government would love to know. You would win world wide recognition for breaking HTTPS, which is explicitly designed to keep this from happening.

        Except in the current case for SNI

        1 Reply Last reply Reply Quote 0
        • A
          Anas.sh
          last edited by

          Thank you Bro for killing my dreams  :P

          In case like this (make a web filtering for several websites to specific users) what is my choices?
          any suggestion or hint?

          1 Reply Last reply Reply Quote 0
          • M
            motific
            last edited by

            Use PfBlockerNG to blackhole the DNS for sites do is protocol agnostic.  You just need to find the right block list to feed it.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.