Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard Expressions not filtering HTTPS

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SpankIt
      last edited by

      Setup:
      Squid (Port 8080)
      SquidGuard
      LightSquid
      Browser settings are forced to use proxy for all protocols.

      Issue:
      I have had numerous issues with students bypassing the content filter using various proxy websites. The only way I have been able to block the sites in question is by looking them up in LightSquid and then adding them to the domain list in my custom destination. This works well (including if you go to the HTTPS version of the site in question) however this can be quite tedious so I looked into using expressions instead. The expression I came up with works perfectly if you go to the website normally. However if you go to the site using the HTTPS version it fails to filter it using the expression. Here are some examples of the settings I used to block the website highdirt.com and the outcome of each setting. In every case HTTP was filtering properly. I want to avoid adding the domain names to my list of expressions if that's even possible.

      Expression: (highdirt.com)

      
http://highdirt.com/vbvxmnsr.php?KYnCAwoX9516I4QFc0Q=Oh8hzBbu3jsXdhgw7Dvr78qTPBscjAUCVbzv1ExQ%2F7U%3D&r3D85SWI7a91iYZwp1fdg=Tokq095kGZX9MbGe2TEJJQ%3D%3D
https://highdirt.com/vbvxmnsr.php?KYnCAwoX9516I4QFc0Q=snCVec01mqa4XZnnhgQfSnFMBlOnVIL46xqL0sn%2Bxqc%3D&r3D85SWI7a91iYZwp1fdg=Tokq095kGZX9MbGe2TEJJQ%3D%3D
.*\.com/.*\.php\?.*Q\=.*g\=.*

      Example 1:
      HTTP: Blocked
      HTTPS: Not Blocked

      Example 2:
      HTTP: Blocked
      HTTPS: Blocked

      Example 3:
      HTTP: Blocked
      HTTPS: Blocked

      1 Reply Last reply Reply Quote 0
      • S
        SpankIt
        last edited by

        Boy do I feel dumb. For those of you having the same issue it is due to the URL string not being visible to the proxy. The only thing visible is the domain name as it it submitted unencrypted.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.