HTTPS Everywhere Plugin For Squid

smirkingeddie

I was trying to install an HTTPS Everywhere plugin for Squid but am having a problem.

I was following a tutorial for OPNsense and figured it would be close enough:

https://medium.com/@privb0x23/minimal-cache-proxy-configuring-an-https-everywhere-squid-plugin-on-opnsense-80af717d40ab

This is the part of the log where I am having problems:

2019/12/03 16:49:06 kid1| Starting new redirector helpers...
2019/12/03 16:49:06 kid1| ipcCreate: /usr/local/libexec/squid/https-everywhere/squid.pl: (2) No such file or directory
2019/12/03 16:49:06 kid1| WARNING: redirector #Hlpr1 exited

The file most definitely exists. Maybe some weird Perl issue with pfSense? Maybe something else that I am missing?

This sure looks like a nice plugin for Squid that I would like to get working.

smirkingeddie

Ok, got it working. This is on 2.4.4-RELEASE-p3.

pkg install git
mkdir -v -p /usr/local/libexec/squid/https-everywhere
git clone 'https://gitlab.com/privb0x23/perl-https-everywhere' /usr/local/libexec/squid/https-everywhere
cd /usr/local/libexec/squid/https-everywhere
mkdir -v git
chmod 755 squid.pl update_rules.sh
./update_rules.sh

#This is where I was having problems, manually install XML-LibXML and dependancies without upgrading perl and making a mess
pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/release_2/All/p5-XML-NamespaceSupport-1.12.txz
pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/release_2/All/p5-XML-SAX-Base-1.09.txz
pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/release_2/All/p5-XML-SAX-1.00.txz
pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/release_2/All/p5-XML-LibXML-2.0132,1.txz

Then go to Services > Squid Proxy Server
Show advanced options at the bottom

And paste in Custom Options (Before Auth):

redirect_program /usr/local/libexec/squid/https-everywhere/squid.pl
url_rewrite_children 5

A good test site is:
http://www.irongeek.com/
It should redirect you to the HTTPS version
And in your realtime log you should see:
TCP_REDIRECT/301 http://irongeek.com/

smirkingeddie

Upgraded to pfSense 2.4.5 and this broke. I figured out the problem and it is very simple.

Delete old stuff:

pkg remove p5-XML-NamespaceSupport-1.12
pkg remove p5-XML-SAX-Base-1.09
pkg remove p5-XML-SAX-1.00
pkg remove p5-XML-LibXML-2.0132,1

Install the new packages:

pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-NamespaceSupport-1.12.txz
pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-SAX-Base-1.09.txz
pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-SAX-1.02.txz
pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/p5-XML-LibXML-2.0202,1.txz

For 2.5.0:

pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-NamespaceSupport-1.12.txz
pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-SAX-Base-1.09.txz
pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-SAX-1.02.txz
pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/p5-XML-LibXML-2.0202,1.txz

But the most important thing!!!
Open this file in a text editor:

/usr/local/libexec/squid/https-everywhere/squid.pl

Change to first line from:

#!/usr/local/bin/perl5

To:

#!/usr/local/bin/perl

And another thing that isn't necessary but I found helpful with heavy use is increasing the helpers:

Go to Services > Squid Proxy Server
Show advanced options at the bottom

And update in Custom Options (Before Auth):

url_rewrite_children 16