• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Proxy block page pointed to pfsense management port

Scheduled Pinned Locked Moved Cache/Proxy
4 Posts 2 Posters 675 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    michmoor LAYER 8 Rebel Alliance
    last edited by michmoor Aug 15, 2023, 3:15 AM Aug 15, 2023, 3:13 AM

    Playing around with Squid Proxy and the SquidGuard package i decided to toy aorund with doing content control by blocking exe and pdf files.
    On the https site i get the squidguard error message noting what was blocked and by what policy.

    Problem: To get this to work you have to have your Redirect mode pointed to your firewall in order for the page to be displayed. In my case its firewall.com:10443//sgerror.php?url=403&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

    Port 10443 is the management port of the fireawll (I am using HA Proxy so cant use 443).
    I dont know how to create another listening port just for squidguard so im left with either displaying a custom page noting why a user was blocked but opening up port 10443 to the entire LAN or dont use a SG error page.
    Any ideas?

    96034cb3-26ac-49cf-a228-d6e446384622-image.png

    Firewall: NetGate,Palo Alto-VM,Juniper SRX
    Routing: Juniper, Arista, Cisco
    Switching: Juniper, Arista, Cisco
    Wireless: Unifi, Aruba IAP
    JNCIP,CCNP Enterprise

    M 1 Reply Last reply Aug 15, 2023, 11:36 AM Reply Quote 0
    • M
      michmoor LAYER 8 Rebel Alliance @michmoor
      last edited by Aug 15, 2023, 11:36 AM

      @jimp Would you happen to still have the code for your custom web page in this old Netgate video ? Around the 1hr mark is your custom external page. You did state you would make the code in the page available in turn notes..it’s been some time 😝

      https://youtu.be/OjQ4__0AGOE

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Aug 15, 2023, 12:47 PM

        I haven't used that setup in quite a long time so I have no idea if it would even still work, but here it is:

        <?PHP
        /* Used in the March 2014 Hangout for pfSense Gold Members by ESF, LLC */
        /* Most of this copied from sgerror.php in squidGuard */
        
        $url  = '';
        $msg  = '';
        $cl   = Array(); // squidGuard variables: %a %n %i %s %t %u
        $err_code = array();
        
        $err_code[301] = "301 Moved Permanently";
        $err_code[302] = "302 Found";
        $err_code[303] = "303 See Other";
        $err_code[305] = "305 Use Proxy";
        
        $err_code[400] = "400 Bad Request";
        $err_code[401] = "401 Unauthorized";
        $err_code[402] = "402 Payment Required";
        $err_code[403] = "403 Forbidden";
        $err_code[404] = "404 Not Found";
        $err_code[405] = "405 Method Not Allowed";
        $err_code[406] = "406 Not Acceptable";
        $err_code[407] = "407 Proxy Authentication Required";
        $err_code[408] = "408 Request Time-out";
        $err_code[409] = "409 Conflict";
        $err_code[410] = "410 Gone";
        $err_code[411] = "411 Length Required";
        $err_code[412] = "412 Precondition Failed";
        $err_code[413] = "413 Request Entity Too Large";
        $err_code[414] = "414 Request-URI Too Large";
        $err_code[415] = "415 Unsupported Media Type";
        $err_code[416] = "416 Requested range not satisfiable";
        $err_code[417] = "417 Expectation Failed";
        
        $err_code[500] = "500 Internal Server Error";
        $err_code[501] = "501 Not Implemented";
        $err_code[502] = "502 Bad Gateway";
        $err_code[503] = "503 Service Unavailable";
        $err_code[504] = "504 Gateway Time-out";
        $err_code[505] = "505 HTTP Version not supported";
        
        if (count($_POST)) {
        	$url  = trim($_POST['url']);
        	$msg  = $_POST['msg'];
        	$cl['a'] = $_POST['a'];
        	$cl['n'] = $_POST['n'];
        	$cl['i'] = $_POST['i'];
        	$cl['s'] = $_POST['s'];
        	$cl['t'] = $_POST['t'];
        	$cl['u'] = $_POST['u'];
        }
        elseif (count($_GET)) {
        	if (isset($_GET['url']))
        		$url  = trim($_GET['url']);
        	if (isset($_GET['msg']))
        		$msg  = $_GET['msg'];
        	$cl['a'] = $_GET['a'];
        	$cl['n'] = $_GET['n'];
        	$cl['i'] = $_GET['i'];
        	$cl['s'] = $_GET['s'];
        	$cl['t'] = $_GET['t'];
        	$cl['u'] = $_GET['u'];
        }
        ?>
        <html>
        <head><title>You're fired!</title></head>
        <body>
        <center>
        We were monitoring that transaction!
        <h1>YOU'RE</h1>
        <h1>FIRED!!!</h1>
        <img src="blocked.gif">
        <?PHP // Use this if you want the image inline for use with "ext url error page":
        //$gif_data = file_get_contents("blocked.gif"); 
        //echo "<img alt=\"Embedded Image\" src=\"data:image/png;base64," . base64_encode($gif_data) . "\" />";
        ?>
        <br/>&copy; Universal Studios
        </center>
        <br/>
        
        <table width="50%" align="center"><tr><td>
        <?PHP
        if (count($_GET)) {
        	$str[] = '<hr size="1" noshade>';
        	if ($cl['a'])        $str[] = "<b> Client address: </b> {$cl['a']} <br>";
        	if ($cl['n'])        $str[] = "<b> Client name:    </b> {$cl['n']} <br>";
        	if ($cl['i'])        $str[] = "<b> Client user:    </b> {$cl['i']} <br>";
        	if ($cl['s'])        $str[] = "<b> Client group:   </b> {$cl['s']} <br>";
        	if ($cl['t'])        $str[] = "<b> Target group:   </b> {$cl['t']} <br>";
        	if ($cl['u'])        $str[] = "<b> URL:            </b> {$cl['u']} <br>";
        	$str[] = '<hr size="1" noshade>';
        	echo implode("\n", $str);
        }
        ?>
        </td></tr></table>
        
        </body>
        </html>
        

        The gif is too large to attach, but a copy can be found at https://i.imgur.com/CAecfuD.gif

        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        M 1 Reply Last reply Aug 15, 2023, 2:02 PM Reply Quote 1
        • M
          michmoor LAYER 8 Rebel Alliance @jimp
          last edited by michmoor Aug 15, 2023, 2:59 PM Aug 15, 2023, 2:02 PM

          @jimp I appreciate you.
          Those old videos are great for content. I have this one deployment at a rural school. I can host an apache instance and i remember this squidguard video from a year ago where you could have a custom page for blocking. Your code works beautifully. Thanks again.

          edit: I love the GIF...but had to get rid of it :)

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received