Squid and SquidGuard broken out of the box?
Hoping you can help me here.
I have installed Squid and SquidGuard like normal. I have disabled the caching part of squid and setup a vanilla proxy with SSL inspection too.
When I use squidguard to block some URL's to test, HTTP sites show the block page as normal:
However HTTPS blocked sites show this:
I have reinstalled both packages, reinstalled pfsense and rolled back to earlier versions and it happens every single time when a HTTPS site gets blocked.
I can access non blocked HTTPS sites without a problem.
Can anyone help with this? I have seen multiple postings about this on other forums but none have a fix for it.
https doesn't show error message:
I use squid in explicit mode (not transparent mode). I believe this is a limit of what squid can/cannot do.
KOM last edited by
@shawn8888 You need to set your redirect mode to ext url move and point it to:
This will only work if you have pfSense set to http and not https.
My pfsense web is http.
I set the redirect mode, url, then saved it, applied SquidGuard settings,
saved Squid settings, and even reset all states table. Still the same.
Thanks, it’s working for me now. However because it’s fully redirecting to a new URL. Chrome caches stuff like this. So when I unblock a page, chrome still redirects to the block page.
Is there any way to do it without using URL Move?
KOM last edited by KOM
@shawn8888 @avidpontoon-0 I booted up my test lab and checked it out and it's not working for me now either. Perhaps I got bamboozled by cached content. For the longest time I thought that the ssl error was a feature of https that prevents redirects like that and I was surprised when I dug deeper and saw folks using the solution I posted above. Now I'm not sure what to think. I'll have to experiment & read up further. I'm starting to think that this method only works if you're using a full bump&splice which requires installing a trusted CA cert on every client so you can do a man in the middle interception of the traffic.
Gondim 0 last edited by Gondim 0
Regular expression in the squidguard is also not working. I tried to make several blocks including using: \.facebook.com and even then it does not block. It only works when I put it in the domains box.