Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard https bug?

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rds_correia
      last edited by

      Greetings.
      I'm running 1.2.3 with squid+squidguard and I have setup some filtering so that people can't access social networks (blk_BL_socialnet ).
      It has been working fine until last week I tried to access facebook through HTTPS (https://www.facebook.com).
      Seems like using HTTPS bypasses my filters.
      Can anyone confirm this issue?
      Cheers

      pfSense 2.2.4 running on a HP DL385 G5
      WAN bce(4) + LAN em(4) + OPTn em(4) with 10 VLANs + Snort + PPTP VPN soon to be trashed by OVPN

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You cannot transparently proxy HTTPS due to the way SSL works. You would essentially be doing a man-in-the-middle attack against the browser by trying to do that transparently. Some hacked-up methods can do it but it's both insecure and a bad idea in general.

        Hardcoding user's proxy settings in their browser and blocking outbound 443 is the only way to ensure HTTPS goes through the proxy.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          rds_correia
          last edited by

          Darn…hope it would be easier.
          Maintaining proxy settings through AD might be doable but would that work for ANY browser or only IE?
          Thanks for the tip jimp ;)
          Cheers

          pfSense 2.2.4 running on a HP DL385 G5
          WAN bce(4) + LAN em(4) + OPTn em(4) with 10 VLANs + Snort + PPTP VPN soon to be trashed by OVPN

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I think that only works for AD, though you can setup WPAD and make people put their browsers on auto detect for proxy settings.

            Or just tell them "If you want HTTPS, use the proxy, otherwise you're stuck with HTTP"

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • D
              dvserg
              last edited by

              @jimp:

              I think that only works for AD, though you can setup WPAD and make people put their browsers on auto detect for proxy settings.

              Or just tell them "If you want HTTPS, use the proxy, otherwise you're stuck with HTTP"

              I use WPAD & this is good way - i can redefine proxy settings once for all users.

              SquidGuardDoc EN  RU Tutorial
              Localization ru_PFSense

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.