Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Proxy server + SSL

    Cache/Proxy
    3
    5
    848
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cobain
      last edited by

      I have a problem, Squid Proxy and Man in the Midd Filtering no filtering websites, what am I doing wrong?

      JonathanLeeJ 1 Reply Last reply Reply Quote 0
      • JonathanLeeJ
        JonathanLee @cobain
        last edited by

        @cobain please provide screenshots of configuration and errors or logs you are seeing.

        Make sure to upvote

        C 1 Reply Last reply Reply Quote 0
        • C
          cobca @JonathanLee
          last edited by

          @jonathanlee, hello I share the configuration.
          The ssl filtering was working correctly, but it stopped filteringssl.png

          JonathanLeeJ 1 Reply Last reply Reply Quote 0
          • JonathanLeeJ
            JonathanLee @cobca
            last edited by

            @cobca

            Screenshot 2022-12-09 at 2.25.59 PM.png

            Turn off verify remote SSL Read the following

            "WARNING: SQUID_X509_V_ERR_DOMAIN_MISMATCH and ssl:certDomainMismatch can
            be used with sslproxy_cert_adapt, but if and only if Squid is bumping a
            CONNECT request that carries a domain name. In all other cases (CONNECT
            to an IP address or an intercepted SSL connection), Squid cannot detect
            the domain mismatch at certificate generation time when
            bump-server-first is used."

            I think this means that that when Squid Clam AV and SSL and Transparent are all running with a SSL CA issued by Squid and that CA is imported into PfSense it causes issues when it redirects to the splash screen, even if you have it set to have a secondary trust certificate. The is the issue I am looking for solutions for. For now just disable the firewall verifi requests so ClamAV can run and scan web traffic for viruses.

            Or else you get this bug

            Screenshot 2022-12-09 at 2.31.00 PM.png

            (Image: SSL verify issue)

            over the SplashScreen

            Screenshot 2022-12-03 at 9.46.24 AM.png

            Make sure to upvote

            1 Reply Last reply Reply Quote 0
            • JonathanLeeJ
              JonathanLee
              last edited by JonathanLee

              @cobca I do not know if you are running Squidguard, if so also make sure you have a loopback dummy ACL that lets the firewall and the proxy work. If you do not have this it will fail to reach wpad and will not work correctly as Squidguard will block the redirects.

              Screenshot 2022-12-10 at 9.35.14 AM.png
              (Image: My dummy acl)

              I have mine set up to allow the loopback and the firewalls ip address to talk to one another and also let the wpad work.

              Screenshot 2022-12-10 at 9.37.56 AM.png
              (Image: Group acl with loopback and firewall Ip)

              Screenshot 2022-12-10 at 9.38.33 AM.png
              (Image: location of group acl that attaches to the dummy acl rules)

              Make sure to upvote

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.