• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

(SOLVED) Squid HTTPS/SSL Interception blocks Warframe login.

Scheduled Pinned Locked Moved Cache/Proxy
4 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    DMaverick
    last edited by DMaverick Nov 5, 2018, 1:49 AM Nov 4, 2018, 3:00 AM

    I configured Squid as a transparent proxy and everything works. However, when I enabled HTTPS/SSL Interception and installed a local CA to block certain https sites (which works great), I found that I could no longer login to Warframe through the game launcher. If I uncheck HTTPS/SSL Interception, then I can login to Warframe. Rechecking HTTPS/SSL Interception and I cannot log into Warframe.

    How do I fix this so I can leave HTTPS/SSL Interception enabled to filter https websties and still login to Warframe?

    Thank you!

    SOLVED:

    Per Impatient and Asamat' suggestions:

    1. SSH to pfSense box with admin (or root permission)
    2. Choose option 8, Shell
    3. View Squid access.log in real-time using: tail -f /var/squid/logs/access.log
    4. Login to warframe and watch what gets logged.
    5. Squid logged 192.168.1.105 TAG_NONE/200 0 CONNECT 104.72.37.198:443 - ORIGINAL_DST/104.72.37.198 -
    6. (optional) DNS lookup Reverse DNS (PTR record) a104-72-37-198.deploy.static.akamaitechnologies.com
    7. Under Services>Squid Proxy Server>Transparent Proxy Settings>Bypass Proxy for These Destination IPs - add the IP from Step 5, which in my case was 104.72.37.198
    8. Run Warframe, login works.

    This left my other Squid settings intact with working transparent proxy server blocking unwanted https sites using Squidguard, logging IP traffic, and Waframe login issue fixed.

    Thanks for the help!

    1 Reply Last reply Reply Quote 0
    • I
      Impatient
      last edited by Nov 4, 2018, 5:49 AM

      On a home network it is easier to run non-transparent and config. each browser to use squid.

      The simplest way to find what is being blocked is to view the squid real time log's while trying
      to log-in then you add that domain to the squid whitelist under the ACLs tab.

      1 Reply Last reply Reply Quote 0
      • A
        Asamat Global Moderator
        last edited by Nov 4, 2018, 6:34 AM

        Also you can try to add Warframe into Squid Bypass list: Package/Proxy Server: General Settings/General/Transparent Proxy Settings "Bypass Proxy for These Destination IPs"

        1 Reply Last reply Reply Quote 0
        • D
          DMaverick
          last edited by Nov 4, 2018, 4:00 PM

          Ok after some reading, it seems I don't need to filter https. All I really need to do is block certain https domains from my kids on my home network while allowing all other traffic, prevent kids from circumventing proxy, monitor traffic stats per IP, and no issues with online games like logging into Warframe.

          To block https domains, I found some info on setting the ssl intercept to "splice all" and putting ".*" in the acl whitelist, then use squidguard to block https. However, I'm not exactly sure how to set this up with squidguard or if it will fix my Warframe login issue.

          I'm trying to learn this so I don't really want to use something like OpenDNS if I can help it. I'm running psSense in a VM with working backup so I'll try any suggestions because I can easily restore my pfSense firewall.

          Thanks.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received