Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid and SquidGuard broken out of the box?

    Cache/Proxy
    4
    7
    344
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AvidPontoon 0 last edited by

      Hi All,

      Hoping you can help me here.

      I have installed Squid and SquidGuard like normal. I have disabled the caching part of squid and setup a vanilla proxy with SSL inspection too.

      When I use squidguard to block some URL's to test, HTTP sites show the block page as normal:

      c7bfb93a-18cd-43af-a318-dcd59adc2fd9-image.png

      However HTTPS blocked sites show this:

      41b8d5c0-2504-4117-9b34-a7f311591935-image.png

      I have reinstalled both packages, reinstalled pfsense and rolled back to earlier versions and it happens every single time when a HTTPS site gets blocked.

      I can access non blocked HTTPS sites without a problem.

      Can anyone help with this? I have seen multiple postings about this on other forums but none have a fix for it.

      S 1 Reply Last reply Reply Quote 0
      • S
        shawn8888 @AvidPontoon 0 last edited by shawn8888

        @avidpontoon-0

        Same here:

        http works:
        a8f5eba1-5519-4877-831f-5c9500bbcf72-image.png

        https doesn't show error message:

        5e2eb600-00f0-45d6-8b1d-39d786161562-image.png

        I use squid in explicit mode (not transparent mode). I believe this is a limit of what squid can/cannot do.

        KOM 1 Reply Last reply Reply Quote 0
        • KOM
          KOM @shawn8888 last edited by

          @shawn8888 You need to set your redirect mode to ext url move and point it to:

          http://your_pfsense_lan_ip/sgerror.php?url=403%20Error&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

          This will only work if you have pfSense set to http and not https.

          S A 2 Replies Last reply Reply Quote 0
          • S
            shawn8888 @KOM last edited by

            @kom
            Not working.

            8d183c48-dc9a-4400-a632-b1e612a7f29c-image.png

            My pfsense web is http.

            I set the redirect mode, url, then saved it, applied SquidGuard settings,
            saved Squid settings, and even reset all states table. Still the same.

            KOM 1 Reply Last reply Reply Quote 0
            • A
              AvidPontoon 0 @KOM last edited by AvidPontoon 0

              @kom

              Thanks, it’s working for me now. However because it’s fully redirecting to a new URL. Chrome caches stuff like this. So when I unblock a page, chrome still redirects to the block page.

              Is there any way to do it without using URL Move?

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM @shawn8888 last edited by KOM

                @shawn8888 @avidpontoon-0 I booted up my test lab and checked it out and it's not working for me now either. Perhaps I got bamboozled by cached content. For the longest time I thought that the ssl error was a feature of https that prevents redirects like that and I was surprised when I dug deeper and saw folks using the solution I posted above. Now I'm not sure what to think. I'll have to experiment & read up further. I'm starting to think that this method only works if you're using a full bump&splice which requires installing a trusted CA cert on every client so you can do a man in the middle interception of the traffic.

                1 Reply Last reply Reply Quote 0
                • Gondim 0
                  Gondim 0 last edited by Gondim 0

                  Hi all,

                  Regular expression in the squidguard is also not working. I tried to make several blocks including using: \.facebook.com and even then it does not block. It only works when I put it in the domains box.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post