SOLVED: Squidguard and Wireless Printer

JonathanLee

Hello fellow Netgate community members can you please help?

I have this nice Canon wireless printer, everything works except the scanner on OSx.

Now when I run the scanner it looks like it is attempting to access
https://c0a299900000.local/eSCL/ScannerCapabilities

I can see it in the proxy it wants to scan . . .

SCAN SCAN SCAN . . . .

However you know it fails

I can add in the IP address of the printer and go to the printer manually
http://192.168.1.14/eSCL/ScannerCapabilities

Bingo I get access to what the Computer wants

However if I attempt to use https I get this response . .. I use SSL intercept so what I have a root CA installed right...

I can ping the hostname and it resolves correctly also weird as it resolves it correctly in that perspective

I can access the printer directly with the IP address Side note I did't know I could even do this, nice new access feature

but when I go to log in with the URL access nope blocked out again with that SSL error.

The scanner works on Windows 11.

So I get the bright idea to say hey I will just create a Squidguard rewrite and a DNS manual entry to get the scanner to work with the Imac.

I had regular expressions https http every URL that it tries to access in it.

I added a custom splice entry for that address.. also in Squid

Nope same result.

Now keep in mind I do not allow internet to the wifi printer because it seems to transmit every time I use it data to Japan IP addresses. Let's face it Japan does not need my University homework right, I mean who wants my papers and stuff outside of the University? It should not be transmitting outside of the data sovereignty of the United States, Passport renewals, DL renewals, scans for insurance lots of stuff does not need to be sent overseas. I have protected all of this by blocking Internet access to it. It is contained.

But why does it print but not scan, and why does it work for the Windows 11 and 10 with scanning and printing on the same proxy. I have no certificates installed from the printer to the devices, that seems backwards should be root CA to printer.

So any ideas on how to secure the information, and keep my printer working without degrading the capabilities of what I purchased?

Let's face it the box does not say We transmit everything you print or scan to the cloud. I did not sign up for cloud use. Canon support stated the smartphone apps you can not limit the cloud use it will run anyway without user choice. Weird right? They recommended I uninstall the software on the smart phone to stop it as they can not change that one. They gave me steps to block it on the desktop side that worked great.

Seems like a data sovereignty issue again where the consumers have no clue what the device is doing on the backend side.

It works but not on the imac for scanning does for printing however.

How can I force it as I own it to scan again.

The printer works for Scanning and printing on the Windows 10 and 11.

It use to work with the Imac before upgrades 3 years ago.

I have updated the software same issues.

Any Ideas? I want that scanner to work however that SSL error is messing up stuff on the IMAC

RESOLUTION:
1. No need for Squidguard redirect for MFP

2. add a DNS host override for the hostname the Canon IJ Scan app utilizes. I used local and home.arpa

3. ping dig and nslookup the host make sure you get canon print ip as a reply.

4. set do not cache in Squid for the printer's host name

Now test url...

now test scan app...

Works !!!! Yeah !!!

MFP with non changeable host name accessible with Squid proxy and Squidguard.