Squid + SquidGuard URL Filtering Question

asan · Nov 5, 2018, 2:53 PM

Hi all

I'm running latest pfSense Version with squid and squidGuard package.
It fulfils all the functions I need:

Possibility to block URL's (http and https)
NO HTTPS Interception
WPAD Automatic Configurations works fine (DNS)

I configured wpad like this:

function FindProxyForURL(url, host)
{
    if (
        // ignore RFC 1918 internal addreses
        isInNet(host, "10.0.0.0", "255.0.0.0") ||
        isInNet(host, "172.16.0.0", "255.240.0.0") ||
        isInNet(host, "192.168.0.0", "255.255.0.0") ||

        // plain host name
        isPlainHostName(host) ||

        // localhost
        localHostOrDomainIs(host, "127.0.0.1")

        )
        return "DIRECT";

return "PROXY proxy.domain.local:3128;DIRECT";
}

Now I need to enable transparent Proxy function, but there is one problem.
If a client connects to a HTTPS Site, only the IP is visible in the squid access log. Therefore HTTPS URL Filtering is no longer working. I don't want to intercept the traffic. I only need URL Filtering.
Squid configuration is default with the following line in the Custom Options (SSL/MITM) field:

ssl_bump none all

Why is such a configuration not possible without intercepting the traffic? Using a wpad is working fine. I don't get it.
What is the technical issue? Is there a way to solve this?

Squid Access Log Entries (domain nam and ip changed):
Over WPAD:

1541429204.553  14926 192.168.1.33 TCP_TUNNEL/200 95299 CONNECT www.domain.com:443 - HIER_DIRECT/8.8.8.8 -

Transparent

1541429324.821   9282 192.168.1.33 TCP_TUNNEL/200 131589 CONNECT 8.8.8.8:443 - ORIGINAL_DST/8.8.8.8 -

Thanks in advance
Asan

asan · Nov 5, 2018, 5:56 PM

Problem solved.
Set SSL/MITM Mode to Splice All.