Https redirect page using firewall rule?

  • hello pfsense users!  :) . i would like to know if it is  possible to redirect users to a block page when they try to use https instead of http using a firewall rule? i mean, i did block majority of my users from using the https port by blocking it(using the firewall rule) but i want to redirect them to a block page informing them that https traffic is not allowed just like squid/squidguard do with http traffic.

  • up. anyone can point me to a direction?? or is this not possible?  :-\

  • Patience - don't wait less than 24 hours and then bump. Remember, people don't have to help you, and if you come across as having an attitude people most likely won't help you.

    However, in short no, it isn't possible.

  • sorry if i may sound rude on my thread. apologies to all. :-[ anyway thanks Cry Havok for answering my question. :)

  • LAYER 8 Global Moderator

    you would have to use a proxy to redirect, firewalls don't redirect.  But I am curious – why in the world would you want block all https traffic?  I can understand blocking sites you don't want to use -- but why would you block access to a site you allow if they are using https?

    Or am I not understanding your question?

  • because 90% of my users uses the internet for searching/browsing only and it also eliminates the use of bypass proxy programs which utilizes that port to connect to. The remaining 10%( admin group) has access to https sites and yes i am using a proxy(squid/squidguard) to block http traffic. If ever there is a need for majority of my users to connect to a certain hhtps site I can always allow it by adding them on top of my firewall rule. hope this answers your question. :)

  • Just use Squid and SquidGuard to control access to web sites, having blocked ports 80 and 443 in your firewall.

  • LAYER 8 Global Moderator

    Not really

    So you let them browse the internet – what is the point of blocking ssl??  So what they have to login or can not login to sites that use ssl?

    Not getting the logic of blocking such an import port for security on the internet, if you letting them browse anyway -- and filter sites with with squid I just do not see the point in blocking 443.  I can run a proxy on 80 just as well ;) if you worried about circumvention of your filters.

  • it is the approved internet usage policy for that group on our company and we (the IT's) are just implementing it.  :)