Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid filtering https

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      josey
      last edited by

      Hi guys
      i have small problem
      squid works, blacklist works but for http only
      how can i configure it to work with https too?

      for example
      http://www.facebook.com is blocked, but
      https://www.facebook.com is not blocked

      i guess problem is because im using proxy in transparent mode and all requests over port 80 are fwded to 3128, but requests over 443 not.

      can u help, thnx

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        You'd need this: http://forum.pfsense.org/index.php/topic,62256.0.html

        (Definitely not ready for production use.)

        1 Reply Last reply Reply Quote 0
        • J
          josey
          last edited by

          is there any walk around ?
          im ready to manually add all http urls

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            You mean work around? No, you cannot block encrypted traffic without squid seeing it.

            1 Reply Last reply Reply Quote 0
            • J
              josey
              last edited by

              yes, i mean to block encrypted traffic (only specific ones) without blocking it (port 443) in firewall.

              1 Reply Last reply Reply Quote 0
              • S
                srk3461
                last edited by

                This is what I did to block https://facebook.com along with squid-guard(http). But on the other-hand users can still use ultra-surf or change their dns to either google or any other one and access that stupid site!  >:(

                with DNS forwarder enabled! but remember blocking (check the img) this way blocks Fb for everyone on the LAN!
                successfully working!  ;)

                fb.jpg
                fb.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • J
                  josey
                  last edited by

                  is it possible to use this as solution
                  http://linuxlabz.blogspot.com/2012/05/https-traffic-block-in-squid-26.html

                  is there way to forward all inside traffic over port :443 to port :3128?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.