Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid + SquidGuard URL Filtering Question

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 616 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asan
      last edited by asan

      Hi all

      I'm running latest pfSense Version with squid and squidGuard package.
      It fulfils all the functions I need:

      • Possibility to block URL's (http and https)
      • NO HTTPS Interception
      • WPAD Automatic Configurations works fine (DNS)

      I configured wpad like this:

      function FindProxyForURL(url, host)
      {
          if (
              // ignore RFC 1918 internal addreses
              isInNet(host, "10.0.0.0", "255.0.0.0") ||
              isInNet(host, "172.16.0.0", "255.240.0.0") ||
              isInNet(host, "192.168.0.0", "255.255.0.0") ||
      
              // plain host name
              isPlainHostName(host) ||
      
              // localhost
              localHostOrDomainIs(host, "127.0.0.1")
      
              )
              return "DIRECT";
      
      return "PROXY proxy.domain.local:3128;DIRECT";
      }
      

      Now I need to enable transparent Proxy function, but there is one problem.
      If a client connects to a HTTPS Site, only the IP is visible in the squid access log. Therefore HTTPS URL Filtering is no longer working. I don't want to intercept the traffic. I only need URL Filtering.
      Squid configuration is default with the following line in the Custom Options (SSL/MITM) field:

      ssl_bump none all
      

      Why is such a configuration not possible without intercepting the traffic? Using a wpad is working fine. I don't get it.
      What is the technical issue? Is there a way to solve this?

      Squid Access Log Entries (domain nam and ip changed):
      Over WPAD:

      1541429204.553  14926 192.168.1.33 TCP_TUNNEL/200 95299 CONNECT www.domain.com:443 - HIER_DIRECT/8.8.8.8 -
      

      Transparent

      1541429324.821   9282 192.168.1.33 TCP_TUNNEL/200 131589 CONNECT 8.8.8.8:443 - ORIGINAL_DST/8.8.8.8 -
      

      Thanks in advance
      Asan

      1 Reply Last reply Reply Quote 0
      • A
        asan
        last edited by

        Problem solved.
        Set SSL/MITM Mode to Splice All.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.