Squid and SquidGuard broken out of the box?
-
Hi All,
Hoping you can help me here.
I have installed Squid and SquidGuard like normal. I have disabled the caching part of squid and setup a vanilla proxy with SSL inspection too.
When I use squidguard to block some URL's to test, HTTP sites show the block page as normal:
However HTTPS blocked sites show this:
I have reinstalled both packages, reinstalled pfsense and rolled back to earlier versions and it happens every single time when a HTTPS site gets blocked.
I can access non blocked HTTPS sites without a problem.
Can anyone help with this? I have seen multiple postings about this on other forums but none have a fix for it.
-
Same here:
http works:
https doesn't show error message:
I use squid in explicit mode (not transparent mode). I believe this is a limit of what squid can/cannot do.
-
@shawn8888 You need to set your redirect mode to ext url move and point it to:
http://your_pfsense_lan_ip/sgerror.php?url=403%20Error&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
This will only work if you have pfSense set to http and not https.
-
@kom
Not working.
My pfsense web is http.
I set the redirect mode, url, then saved it, applied SquidGuard settings,
saved Squid settings, and even reset all states table. Still the same. -
Thanks, it’s working for me now. However because it’s fully redirecting to a new URL. Chrome caches stuff like this. So when I unblock a page, chrome still redirects to the block page.
Is there any way to do it without using URL Move?
-
@shawn8888 @avidpontoon-0 I booted up my test lab and checked it out and it's not working for me now either. Perhaps I got bamboozled by cached content. For the longest time I thought that the ssl error was a feature of https that prevents redirects like that and I was surprised when I dug deeper and saw folks using the solution I posted above. Now I'm not sure what to think. I'll have to experiment & read up further. I'm starting to think that this method only works if you're using a full bump&splice which requires installing a trusted CA cert on every client so you can do a man in the middle interception of the traffic.
-
Hi all,
Regular expression in the squidguard is also not working. I tried to make several blocks including using: \.facebook.com and even then it does not block. It only works when I put it in the domains box.
