Squid/Squidguard error redirect



  • Hello,

    I setup my pfsense firewall's webconfigurator to use https which have the domain name as https://pfsense.mydomain.com.  I also have squid/squidguard install on the same machine.  Whenever squidguard encounter a blacklist domain, it will redirect to a default request denied page with an ip address of https://192.168.1.1.  I have a certificate for pfsense.mydomain.com, so whenever a redirect occur, my browser always show a warning about the certificate doesn't match the website.

    Is there a way to make squidguard redirect to https://pfsense.mydomain.com instead of https://192.168.1.1?

    Thanks,

    -Brian



  • I'm also having this problem.

    I found that when you set up pfSense in System-> Advanced-> Admin Access check http squidgard works well. But if you check HTTPS or HTTP and defines a port other than 80 it presents problems.

    In version 1.2.3 I was using http and port 8320 (my default).

    In pfsense 2.0 rc1 is showing this error because squidgard always configures
    redirect to redirect http://192.168.1.1:80/sgerror.php?url=403 &a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

    Even though you have set your ateriormente that would work with pfSense
    HTTP:8320

    File squidguard_configurator.inc
    function sg_redirector_base_url($rdr_info, $redirect_mode)
    {
        global $squidguard_config;
        $rdr_path = '';

    # gui port, ip & proto
        $guiip = (!empty($squidguard_config[F_CURRENT_LAN_IP])) ? $squidguard_config[F_CURRENT_LAN_IP] : '127.0.0.1';
        $guiport = (!empty($squidguard_config[F_CURRENT_GUI_PORT])) ? $squidguard_config[F_CURRENT_GUI_PORT] : '80'; ////////////////////// the error is here ////////////////
        $rdr_path = "http://$guiip:$guiport" . REDIRECT_BASE_URL;

    The staff should make pfSense squidgard used the same port as defined in
    System->Advanced->Admin Access check HTTP

    I changed my code to cause the port to the redirect was equal to the configuration of pfSense HTTP: 8320, is now up, but I think this is a
    BUG.


Log in to reply