Squid Proxy server + SSL
-
I have a problem, Squid Proxy and Man in the Midd Filtering no filtering websites, what am I doing wrong?
-
@cobain please provide screenshots of configuration and errors or logs you are seeing.
-
@jonathanlee, hello I share the configuration.
The ssl filtering was working correctly, but it stopped filtering
-
Turn off verify remote SSL Read the following
"WARNING: SQUID_X509_V_ERR_DOMAIN_MISMATCH and ssl:certDomainMismatch can
be used with sslproxy_cert_adapt, but if and only if Squid is bumping a
CONNECT request that carries a domain name. In all other cases (CONNECT
to an IP address or an intercepted SSL connection), Squid cannot detect
the domain mismatch at certificate generation time when
bump-server-first is used."I think this means that that when Squid Clam AV and SSL and Transparent are all running with a SSL CA issued by Squid and that CA is imported into PfSense it causes issues when it redirects to the splash screen, even if you have it set to have a secondary trust certificate. The is the issue I am looking for solutions for. For now just disable the firewall verifi requests so ClamAV can run and scan web traffic for viruses.
Or else you get this bug
(Image: SSL verify issue)
over the SplashScreen
-
@cobca I do not know if you are running Squidguard, if so also make sure you have a loopback dummy ACL that lets the firewall and the proxy work. If you do not have this it will fail to reach wpad and will not work correctly as Squidguard will block the redirects.
(Image: My dummy acl)I have mine set up to allow the loopback and the firewalls ip address to talk to one another and also let the wpad work.
(Image: Group acl with loopback and firewall Ip)
(Image: location of group acl that attaches to the dummy acl rules)
