Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to block HTTPS websites without DNS solutions?

    Firewalling
    3
    8
    304
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LotfiDZ last edited by

      Hello,
      I want to block some HTTPS websites in my firewall (pfsense 2.4.4). I created the local Certificate Authority, and activated SSL Man in the Middle in SQUID Proxy Server, but i don't know what to do now.
      I created two entries in SQUIDGUARD Groups ACLs, one that would allow, and one to block that traffic. But it did nothing.
      Till now, i cannot block it correctly.
      Thanks for your help.

      1 Reply Last reply Reply Quote 0
      • Rico
        Rico LAYER 8 Rebel Alliance last edited by

        Hi,
        check out the Netgate Hangout, very good explained there https://www.youtube.com/watch?v=xm_wEezrWf4

        -Rico

        2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

        1 Reply Last reply Reply Quote 0
        • KOM
          KOM last edited by

          Always remember that whenever you make any change in squidguard, you must save it and then go back to the General tab and click Apply or nothing will work as expected.

          1 Reply Last reply Reply Quote 1
          • L
            LotfiDZ last edited by

            @KOM KUDO for you Sir...
            I was wandering why sometimes changes are applied and sometimes not... Because, apparently there's a Save button in Groups ACL but it's not working.
            Thank you so much.
            Now everything is working like a charm.
            HTTPS inspection, Logging, HTTPS blocking, OpenVPN...
            Thank you.

            1 Reply Last reply Reply Quote 0
            • L
              LotfiDZ last edited by

              By the way, i'd rather ask if there's by any mean to make those changes by changing any files because, i think that would be more efficient than changing in the gui. Because, i believe that SquidGuard GUI is not stable at all...

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by

                Not that I know of. The GUI is stable, it's just that squidguard is old, not well-written, and unsupported by a maintainer.

                1 Reply Last reply Reply Quote 0
                • L
                  LotfiDZ last edited by

                  I talk about SQUIDGUARD too, is there any alternative except DNSBL (i cannot change that)?

                  1 Reply Last reply Reply Quote 0
                  • KOM
                    KOM last edited by

                    Unofficial E2Guardian, but I have no experience with that.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post