How to block HTTPS websites without DNS solutions?



  • Hello,
    I want to block some HTTPS websites in my firewall (pfsense 2.4.4). I created the local Certificate Authority, and activated SSL Man in the Middle in SQUID Proxy Server, but i don't know what to do now.
    I created two entries in SQUIDGUARD Groups ACLs, one that would allow, and one to block that traffic. But it did nothing.
    Till now, i cannot block it correctly.
    Thanks for your help.



  • Hi,
    check out the Netgate Hangout, very good explained there https://www.youtube.com/watch?v=xm_wEezrWf4

    -Rico



  • Always remember that whenever you make any change in squidguard, you must save it and then go back to the General tab and click Apply or nothing will work as expected.



  • @KOM KUDO for you Sir...
    I was wandering why sometimes changes are applied and sometimes not... Because, apparently there's a Save button in Groups ACL but it's not working.
    Thank you so much.
    Now everything is working like a charm.
    HTTPS inspection, Logging, HTTPS blocking, OpenVPN...
    Thank you.



  • By the way, i'd rather ask if there's by any mean to make those changes by changing any files because, i think that would be more efficient than changing in the gui. Because, i believe that SquidGuard GUI is not stable at all...



  • Not that I know of. The GUI is stable, it's just that squidguard is old, not well-written, and unsupported by a maintainer.



  • I talk about SQUIDGUARD too, is there any alternative except DNSBL (i cannot change that)?



  • Unofficial E2Guardian, but I have no experience with that.