https

Reply to https on Mon, 07 Jun 2021 12:54:50 GMT

fireodo — Mon, 07 Jun 2021 12:54:50 GMT

@ik2189 said in https:

So if i understand it's not possible to display a web page displaying that the site is not allowed ?

Thats correct. Gertjan has explained you the reason why thats so.

Reply to https on Mon, 07 Jun 2021 12:47:19 GMT

ik2189 — Mon, 07 Jun 2021 12:47:19 GMT

@gertjan

So if i understand it's not possible to display a web page displaying that the site is not allowed ?

Reply to https on Mon, 07 Jun 2021 12:33:41 GMT

Gertjan — Mon, 07 Jun 2021 12:33:41 GMT

@ik2189 said in https:

Why ?

The short answer : because no one** can break https = TLS.
If a web server want to connect to some 'p0rn-site-here.tld' and a web server, the one used by pfBlockerNG answers (because the DNS record matches a list) then the web browser tells you that that pfB web server, on your pfSense, does not have 'p0rn-site-here.tld' in it's certificate.
Which is understandable.
So, your web browser does not show the 'this site is blocked' page at all.

You might think : because 99,99 % of all traffic is https these days, is it useful to have this page 'this site is blocked' page being shown ?
Answer : of course not. It's something of the past. We see our browser telling us that 'there was an (cert !) issue'.

This is a TLS issue, not a pfBlockerNG issue ;)

** and the day some one breaks it, is the day that 'Internet' dies.