Need white list our https site



  • Our company website which is https is being blocked by PFSense somehow. While on our LAN any browser will give:

    This site can’t provide a secure connection
    www.companywebsite.com sent an invalid response.
    Try running Windows Network Diagnostics.
    ERR_SSL_PROTOCOL_ERROR

    I have turned off my laptop firewall and turned off malware/virus software. Checked the time. Went through all browser settings to troubleshoot what websites recommended to fix ERR_SSL_PROTOCOL_ERROR
    No luck

    The site can be accessed away from our office, but not while in it.

    I looked at the PFSense firewall logs and don't see a block for the website, it's URL, etc.

    I will need to create a white list to allow the company website. Would I create the white list in pfBlockerNG?
    Or create the whitelist in Firewall/Aliases ?
    Then create a rule in Firewall > Rules ?



  • I believe it's the self-signed pfB certificate that it's complaining about. I think you can create a rule on the LAN tab below the anti-lockout rule and above the first pfB rule to allow LAN Net to Server, any/any.



  • pfBlocker blocks via IP address, most often by geography. You shouldn't be getting any sort of error if blocked via firewall. So I don't see how pfBlocker could be related.

    What IP does your web site hostname resolve to on the LAN? Your router's WAN IP? If so then you need to enable NAT reflection to use that IP from inside the network.



  • @AndrewD You can create a DNSBL safe list like this screen shot below...be sure to set group to PRIMARY and logging to DISABLE...put your site in DNSBL Custom_list at the bottom of the page, then save and force update.

    Screen Shot 2019-11-13 at 6.48.42 PM.png

    Screen Shot 2019-11-13 at 6.48.56 PM.png



  • @NollipfSense Thank you. I created the DNSBL safe list for the site and saved it. I let Crone do the update. But our site is still not accessible because of the error:
    "This site can’t provide a secure connection . www.companyname.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR".



  • This post is deleted!


  • @AndrewD I would try clearing your browser cache and may be reboot your pfSense box too. When I did, it took a full day before I could visit the site because I didn't do a force update/reload nor set group to primary.


Log in to reply