• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Squid + SquidGuard URL Filtering Question

Scheduled Pinned Locked Moved Cache/Proxy
2 Posts 1 Posters 644 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    asan
    last edited by asan Nov 5, 2018, 2:53 PM Nov 5, 2018, 2:52 PM

    Hi all

    I'm running latest pfSense Version with squid and squidGuard package.
    It fulfils all the functions I need:

    • Possibility to block URL's (http and https)
    • NO HTTPS Interception
    • WPAD Automatic Configurations works fine (DNS)

    I configured wpad like this:

    function FindProxyForURL(url, host)
    {
        if (
            // ignore RFC 1918 internal addreses
            isInNet(host, "10.0.0.0", "255.0.0.0") ||
            isInNet(host, "172.16.0.0", "255.240.0.0") ||
            isInNet(host, "192.168.0.0", "255.255.0.0") ||
    
            // plain host name
            isPlainHostName(host) ||
    
            // localhost
            localHostOrDomainIs(host, "127.0.0.1")
    
            )
            return "DIRECT";
    
    return "PROXY proxy.domain.local:3128;DIRECT";
    }
    

    Now I need to enable transparent Proxy function, but there is one problem.
    If a client connects to a HTTPS Site, only the IP is visible in the squid access log. Therefore HTTPS URL Filtering is no longer working. I don't want to intercept the traffic. I only need URL Filtering.
    Squid configuration is default with the following line in the Custom Options (SSL/MITM) field:

    ssl_bump none all
    

    Why is such a configuration not possible without intercepting the traffic? Using a wpad is working fine. I don't get it.
    What is the technical issue? Is there a way to solve this?

    Squid Access Log Entries (domain nam and ip changed):
    Over WPAD:

    1541429204.553  14926 192.168.1.33 TCP_TUNNEL/200 95299 CONNECT www.domain.com:443 - HIER_DIRECT/8.8.8.8 -
    

    Transparent

    1541429324.821   9282 192.168.1.33 TCP_TUNNEL/200 131589 CONNECT 8.8.8.8:443 - ORIGINAL_DST/8.8.8.8 -
    

    Thanks in advance
    Asan

    1 Reply Last reply Reply Quote 0
    • A
      asan
      last edited by Nov 5, 2018, 5:56 PM

      Problem solved.
      Set SSL/MITM Mode to Splice All.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received