Squid redirect Page



  • Hello,

    I have squid and squid guard set up and everything is working as it should be but when I go to a blocked site such as Dropbox I recieve a squid error for "Unable to determine IP address from host name "http"" (See below)0_1533571211353_pfsense Squid Blocked Page.png

    instead of my own custom blocked screen which I have created under SquidGuard so it would redirect if the website is blocked.

    Is there a way where I can have the blocked page always be the custom page which I created?

    Thanks


  • Netgate Administrator

    That's because it's not a blocked page it's a bad hyperlink.
    Wherever you're browsing to that from has probably added https incorrectly or maybe the : is missing from the link. Either way it's trying to resolve http as a url and failing.

    Steve



  • Oh right okay,

    When I unblock websites such as Dropbox I am able to get to them without any issue


  • Netgate Administrator

    Does your blocked site error page work correctly for other sites? That could be Squid attempting to apply a bad re-direct.

    Is that the only https blocked page?

    Whatever is causing that Squid is trying to resolve 'http' as an fqdn which will always fail.

    Steve



  • It shows the squid block page for mostly all of the blocked sites but only shows the squidguard block page for example:

    dropbox.com
    0_1534154111766_pfsense Squid Blocked Page(Dropbox.com).png

    dropbox.com/login
    0_1534154125405_pfsense Squid Blocked Page(Dropbox.com-login).png

    This also vary's from browser to browser on IE the top error comes up all the time and on Firefox both appear


  • Netgate Administrator

    Well, it's hard to say without seeing the config and logs etc but in both cases Squid is trying and failing to resolve http and https as a host name which clearly it isn't. Something is passing that Squid to resolve or something is Squid/Squidguard is configured with a URL and should be an FQDN.

    Steve



  • So I have created another pfSense machine so I can do testing and it seems that the reason I am getting the top error is because I have the "Enable SSL filtering" on.

    Am I missing something elsewhere as this option is enabled?

    Thanks,
    Jord


  • Netgate Administrator

    Try setting the redirect mode in Squidguard to ext url move. You will have to redirect to something, you might create a page for that.

    I hit that same error recently and that worked around it.

    Steve