Blocked Website Help Needed
-
Our first post on this forum.
We have been running pfSense on an XG-7100-1U appliance since April 2020 and are still learning the product. One thing we have not been able to figure out is when attempting to access certain web sites (e.g redfin.com), the connection is blocked with the following message:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.redfin.com. The certificate is only valid for pfsense.armsd.com. Error code: SSL_ERROR_BAD_CERT_DOMAIN View CertificateAnd, when we click on the View Certificate link, the certificate is our own LetsEncrypt certificate for pfSense. Can someone please explain why our certificate is being shown instead of the blocked site certificate. Sometimes, we are redirected to the pfSense login page. We suspect there is something awry with our pfSense settings but have no idea where to look. Any suggestions would greatly be appreciated.
Thanks!
-
Bump. Anyone?
-
This post is deleted! -
Removed last post because I didn't read the text after the certificate message.
Disregard last post, thanks. -
@kim-premuda said in Blocked Website Help Needed:
Can someone please explain why our certificate is being shown instead of the blocked site certificate
So your blocking the site via pfblocker? Your running a proxy? Blocking sites that are https can be problematic because the browser is trying to go to say https://www.redfin.com - but when they get redirected to a page to tell them hey that is blocked via https.. The cert does not match where the browser wanted to go redfin.com - so yeah its going to normally balk at hey.. There is a mismatch here.
so how your setup this filtering you doing, and what you expect to happen will be helpful in us helping you accomplish what your after.
https blocked site pages is not going to be click this button sort of setup ;)
-
@mcury: Thank you for the warm welcome.
I am running the latest version of FireFox 80.0.1. I should have mentioned that I get the same behavior (connection not private) whether using FireFox, Chrome, IE, or Edge...but, only when using a particular computer. Using another computer, I can access redfin.com using FireFox and Chrome (the only browsers I tested).
@johnpoz: We are not running a proxy. We were using pfBlocker but have it currently disabled (for a couple of weeks now) thinking it was the source of the problem. We are running Suricata; disabling it made no difference. We also disabled malware blocker software running on the suspect computer, but it did not make any difference either. I was hopeful that learning the mechanism that displays our certificate instead of the redfin.com certificate would lend some insight in tracking this down. We are not knowingly blocking redfin.com.
-
Well the only way that would happen then is redfin for whatever reason resolves to an IP on pfsense.
I show redfix.com as
;www.redfin.com. IN A ;; ANSWER SECTION: www.redfin.com. 3600 IN CNAME www.redfin.com.edgekey.net. www.redfin.com.edgekey.net. 3600 IN CNAME e6704.a.akamaiedge.net. e6704.a.akamaiedge.net. 3600 IN A 23.60.171.44 ;; QUESTION SECTION: ;redfin.com. IN A ;; ANSWER SECTION: redfin.com. 3600 IN A 216.211.130.168I would validate what its resolving so what it should resolve too - if your saying it resolves correctly and your still getting certs on pfsense - then you must have some sort of redirection setup, etc..
Works fine here.. redfin.com redirects to www.redfin.com
