Filtering HTTPS / SSL Traffic on pfSense 2.1 using Squid Proxy

NetVicious · Jun 9, 2015, 8:51 AM

Hi! Any progress on the squid update to fix the HTTPS filtering problem we have on 2.2.2?

lockye · Aug 26, 2015, 4:58 PM

I have everything setup and it is filtering HTTPS sites correctly but I do have a couple of issues with using iPad’s/Android’s on the network.

I have installed the certificates but It seems that some of the apps do not like going through the man in the middle filtering, the app store, banking apps and Facebook to name a few.

Is there a way to setup some sites to bypass the proxy filtering completely?

KOM · Aug 26, 2015, 5:58 PM

Is there a way to setup some sites to bypass the proxy filtering completely?

The main Squid config page has this option:

Bypass proxy for these destination IPs

lockye · Aug 26, 2015, 8:14 PM

KOM

I have tried using the bypass proxy with apples iTunes store address but for some reason I can not get it to work for various Apps.

nhgdesign · Nov 10, 2015, 4:35 PM

I Have about 70 workstations on the network.

Installing a certificate in each and every browser would be a terrible idea for me.

:o

KOM · Nov 10, 2015, 4:44 PM

Installing a certificate in each and every browser would be a terrible idea for me.

And everyone else, too. That's why WPAD is, IMO, the preferred method.

nhgdesign · Nov 10, 2015, 5:59 PM

How about using E2Guardian? Although I can't find it in the packages available, it's probably being ported sometime soon. I've read somewhere that it supports HTTPS filtering.

KOM · Nov 10, 2015, 6:27 PM

I haven't paid it much attention as I don't need a heavy content filter, just a simple URL filter. Others have likened it to a substitute for DansGuardian but I have no knowledge of that.

sichent · Apr 26, 2016, 7:10 PM

Updated the guide for pfSense 2.3 and web safety 4.4 - http://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html

alex_lebbrom · May 27, 2016, 6:25 PM

Question, Can I filter HTTPS traffic but not at all websites? For example, we could open websites for bank but we couldn't open social networks?

Thanks,

sichent · May 27, 2016, 7:49 PM

Hate to say but not in pfSense version :( In pfSense SSL filtering settings are managed by PfSense's Squid GUI. In Linux version there are two modes - bump all or filter targeted. And it is also possible to bump by categories - i.e. never bump banks