Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block HTTPS websites without DNS solutions?

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 3 Posters 516 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LotfiDZ
      last edited by

      Hello,
      I want to block some HTTPS websites in my firewall (pfsense 2.4.4). I created the local Certificate Authority, and activated SSL Man in the Middle in SQUID Proxy Server, but i don't know what to do now.
      I created two entries in SQUIDGUARD Groups ACLs, one that would allow, and one to block that traffic. But it did nothing.
      Till now, i cannot block it correctly.
      Thanks for your help.

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Hi,
        check out the Netgate Hangout, very good explained there https://www.youtube.com/watch?v=xm_wEezrWf4

        -Rico

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Always remember that whenever you make any change in squidguard, you must save it and then go back to the General tab and click Apply or nothing will work as expected.

          1 Reply Last reply Reply Quote 1
          • L
            LotfiDZ
            last edited by

            @KOM KUDO for you Sir...
            I was wandering why sometimes changes are applied and sometimes not... Because, apparently there's a Save button in Groups ACL but it's not working.
            Thank you so much.
            Now everything is working like a charm.
            HTTPS inspection, Logging, HTTPS blocking, OpenVPN...
            Thank you.

            1 Reply Last reply Reply Quote 0
            • L
              LotfiDZ
              last edited by

              By the way, i'd rather ask if there's by any mean to make those changes by changing any files because, i think that would be more efficient than changing in the gui. Because, i believe that SquidGuard GUI is not stable at all...

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Not that I know of. The GUI is stable, it's just that squidguard is old, not well-written, and unsupported by a maintainer.

                1 Reply Last reply Reply Quote 0
                • L
                  LotfiDZ
                  last edited by

                  I talk about SQUIDGUARD too, is there any alternative except DNSBL (i cannot change that)?

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    Unofficial E2Guardian, but I have no experience with that.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.