(SOLVED) Squid HTTPS/SSL Interception blocks Warframe login.



  • I configured Squid as a transparent proxy and everything works. However, when I enabled HTTPS/SSL Interception and installed a local CA to block certain https sites (which works great), I found that I could no longer login to Warframe through the game launcher. If I uncheck HTTPS/SSL Interception, then I can login to Warframe. Rechecking HTTPS/SSL Interception and I cannot log into Warframe.

    How do I fix this so I can leave HTTPS/SSL Interception enabled to filter https websties and still login to Warframe?

    Thank you!

    SOLVED:

    Per Impatient and Asamat' suggestions:

    1. SSH to pfSense box with admin (or root permission)
    2. Choose option 8, Shell
    3. View Squid access.log in real-time using: tail -f /var/squid/logs/access.log
    4. Login to warframe and watch what gets logged.
    5. Squid logged 192.168.1.105 TAG_NONE/200 0 CONNECT 104.72.37.198:443 - ORIGINAL_DST/104.72.37.198 -
    6. (optional) DNS lookup Reverse DNS (PTR record) a104-72-37-198.deploy.static.akamaitechnologies.com
    7. Under Services>Squid Proxy Server>Transparent Proxy Settings>Bypass Proxy for These Destination IPs - add the IP from Step 5, which in my case was 104.72.37.198
    8. Run Warframe, login works.

    This left my other Squid settings intact with working transparent proxy server blocking unwanted https sites using Squidguard, logging IP traffic, and Waframe login issue fixed.

    Thanks for the help!



  • On a home network it is easier to run non-transparent and config. each browser to use squid.

    The simplest way to find what is being blocked is to view the squid real time log's while trying
    to log-in then you add that domain to the squid whitelist under the ACLs tab.


  • Global Moderator

    Also you can try to add Warframe into Squid Bypass list: Package/Proxy Server: General Settings/General/Transparent Proxy Settings "Bypass Proxy for These Destination IPs"



  • Ok after some reading, it seems I don't need to filter https. All I really need to do is block certain https domains from my kids on my home network while allowing all other traffic, prevent kids from circumventing proxy, monitor traffic stats per IP, and no issues with online games like logging into Warframe.

    To block https domains, I found some info on setting the ssl intercept to "splice all" and putting ".*" in the acl whitelist, then use squidguard to block https. However, I'm not exactly sure how to set this up with squidguard or if it will fix my Warframe login issue.

    I'm trying to learn this so I don't really want to use something like OpenDNS if I can help it. I'm running psSense in a VM with working backup so I'll try any suggestions because I can easily restore my pfSense firewall.

    Thanks.