• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Squid Proxy server + SSL

Scheduled Pinned Locked Moved Cache/Proxy
5 Posts 3 Posters 852 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cobain
    last edited by Dec 2, 2022, 7:56 PM

    I have a problem, Squid Proxy and Man in the Midd Filtering no filtering websites, what am I doing wrong?

    J 1 Reply Last reply Dec 4, 2022, 4:13 PM Reply Quote 0
    • J
      JonathanLee @cobain
      last edited by Dec 4, 2022, 4:13 PM

      @cobain please provide screenshots of configuration and errors or logs you are seeing.

      Make sure to upvote

      C 1 Reply Last reply Dec 9, 2022, 6:06 PM Reply Quote 0
      • C
        cobca @JonathanLee
        last edited by Dec 9, 2022, 6:06 PM

        @jonathanlee, hello I share the configuration.
        The ssl filtering was working correctly, but it stopped filteringssl.png

        J 1 Reply Last reply Dec 9, 2022, 10:31 PM Reply Quote 0
        • J
          JonathanLee @cobca
          last edited by Dec 9, 2022, 10:31 PM

          @cobca

          Screenshot 2022-12-09 at 2.25.59 PM.png

          Turn off verify remote SSL Read the following

          "WARNING: SQUID_X509_V_ERR_DOMAIN_MISMATCH and ssl:certDomainMismatch can
          be used with sslproxy_cert_adapt, but if and only if Squid is bumping a
          CONNECT request that carries a domain name. In all other cases (CONNECT
          to an IP address or an intercepted SSL connection), Squid cannot detect
          the domain mismatch at certificate generation time when
          bump-server-first is used."

          I think this means that that when Squid Clam AV and SSL and Transparent are all running with a SSL CA issued by Squid and that CA is imported into PfSense it causes issues when it redirects to the splash screen, even if you have it set to have a secondary trust certificate. The is the issue I am looking for solutions for. For now just disable the firewall verifi requests so ClamAV can run and scan web traffic for viruses.

          Or else you get this bug

          Screenshot 2022-12-09 at 2.31.00 PM.png

          (Image: SSL verify issue)

          over the SplashScreen

          Screenshot 2022-12-03 at 9.46.24 AM.png

          Make sure to upvote

          1 Reply Last reply Reply Quote 0
          • J
            JonathanLee
            last edited by JonathanLee Dec 10, 2022, 5:39 PM Dec 10, 2022, 5:37 PM

            @cobca I do not know if you are running Squidguard, if so also make sure you have a loopback dummy ACL that lets the firewall and the proxy work. If you do not have this it will fail to reach wpad and will not work correctly as Squidguard will block the redirects.

            Screenshot 2022-12-10 at 9.35.14 AM.png
            (Image: My dummy acl)

            I have mine set up to allow the loopback and the firewalls ip address to talk to one another and also let the wpad work.

            Screenshot 2022-12-10 at 9.37.56 AM.png
            (Image: Group acl with loopback and firewall Ip)

            Screenshot 2022-12-10 at 9.38.33 AM.png
            (Image: location of group acl that attaches to the dummy acl rules)

            Make sure to upvote

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received