After Configure CA certificates everything is blocked



  • Hi Team,
    I have configure pf-sense 2.4.4 and i want to block https websites also thats why i was configure CA certificates but after that everything is blocked(even google). I have configured a group ACL in which we provided full access to client IP but same problem is here we can't access anything (everything is blocked).
    [0_1552375236363_pfsense_squid.xlsx](Uploading 100%)



  • Hi,

    Blocking https ?
    What do you mean ?
    Plain "http" sites will not exist anymore in a near future, so what your asking for is a "total blocking for web browsing".
    I advise you to pull the plug. Works very well and less hassle.

    Btw : glad you found out Google is using https these days ^^

    Maybe you know what this is, but we don't.
    @itsupport_debut said in After Configure CA certificates everything is blocked:

    [0_1552375236363_pfsense_squid.xlsx](Uploading 100%)



  • Thanks for your reply,
    I only want to block some https websites, such as SocialNet, but after configuring the CA certificates on the firewall, every https websites has been blocked.
    I know Google is working on https, but we do not want to block Google.
    you don't understand what I am asking for. Here I am asking that Google is blocked after installing a CA certificate on the firewall, not here I want to block Google.
    Here I just do not want to block google but we want block some https websites only.



  • What part of pfSense - what part of the manual - are you using so it could block 'some' https web sites ?
    Why installing a CA Certificate ?
    How does this certificate comes into play so it could help you achieving your goal ?

    Btw : this forum is loaded with question about : "help me blocking facebook / twitter / instagram / youtube / etc" if that is what you want. I still don't really understand your "block some https site". https stands for security. You really want to block secured access to some sites ?
    That isn't a general pfSense issue (to part of the forum where you posted) but more related to "Home pfSense Packages" see the Cache/Proxy and pfBlockerNG sub forum.



  • Please help me blocking facebook ,twitter,instagram, youtube etc.
    if you want to access my firewall then i ready to provide access for it.
    Thanks



  • Ah, ok, now we are getting somewhere ...
    Still, what does this CA cert has to do with it ?
    Anyway.

    When you use solutions that block 'some users' to visit 'some sites' you need to read awful lot of information. Because you have to understand the why / what / when.
    Added to that : when you have a working situation, you have to survey it constantly as your are using rather complicated solution that can change any moment.
    This is a topicality : you want something, so you implement something (like driving that car you bought - you do it, because no one will be there for you for your car).

    So, read the forums I mentioned.
    Try something like Google pfsense block Facebook - just read and you will get the picture.
    Have a look at the Netgate's Videos about this subject (Youtube => Netgate).

    Btw : I never ever I block 'some sites' for some of the visitors or my colleagues or who eve on my networks. I'm using pfSense in a company - not some family or related environment. I also tend to keep things simple.


Log in to reply