Squid + SquidGuard URL Filtering Question

  • Hi all

    I'm running latest pfSense Version with squid and squidGuard package.
    It fulfils all the functions I need:

    • Possibility to block URL's (http and https)
    • NO HTTPS Interception
    • WPAD Automatic Configurations works fine (DNS)

    I configured wpad like this:

    function FindProxyForURL(url, host)
        if (
            // ignore RFC 1918 internal addreses
            isInNet(host, "", "") ||
            isInNet(host, "", "") ||
            isInNet(host, "", "") ||
            // plain host name
            isPlainHostName(host) ||
            // localhost
            localHostOrDomainIs(host, "")
            return "DIRECT";
    return "PROXY proxy.domain.local:3128;DIRECT";

    Now I need to enable transparent Proxy function, but there is one problem.
    If a client connects to a HTTPS Site, only the IP is visible in the squid access log. Therefore HTTPS URL Filtering is no longer working. I don't want to intercept the traffic. I only need URL Filtering.
    Squid configuration is default with the following line in the Custom Options (SSL/MITM) field:

    ssl_bump none all

    Why is such a configuration not possible without intercepting the traffic? Using a wpad is working fine. I don't get it.
    What is the technical issue? Is there a way to solve this?

    Squid Access Log Entries (domain nam and ip changed):
    Over WPAD:

    1541429204.553  14926 TCP_TUNNEL/200 95299 CONNECT www.domain.com:443 - HIER_DIRECT/ -


    1541429324.821   9282 TCP_TUNNEL/200 131589 CONNECT - ORIGINAL_DST/ -

    Thanks in advance

  • Problem solved.
    Set SSL/MITM Mode to Splice All.

Log in to reply