Problem with Squid3-dev, dansguardian and https Traffic

thomas_91 · Mar 10, 2014, 1:11 PM

hello Community,

| Gateway | (Router IP: 192.168.2.1)
'–---+-----'
|
WAN | IP 192.168.2.10
|
.-----+-----.
| pfSense
'-----+-----'
|
LAN | IP 192.168.3.1
|
LAN | 192.168.3.0/27
|
.-----+------.
| LAN-Switch |
'-----+------'
|
...-----+------... (Clients/Servers)

I did install my Squid3-dev with the tutorial here: http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/#comment-477

What i want to run is squid + dansguradian in transperant mode filtering http and https Traffic. My http (80) Traffic is still working, and i dont know what i should do with my https.

Forward 1:
Interface: LAN
Protocol: TCP
Source: LAN subnet
Destination: any
Destination Port: HTTP to HTTP
Redirect IP: 127.0.0.1
Redirect Target Port: 8080

Portforward 2:
Interface: LAN
Protocol: TCP
Source: LAN subnet
Destination: any
Destination Port: HTTPs to HTTPs
Redirect IP: 127.0.0.1
Redirect Target Port: 8080

Squid Gernal Settings:
Port 3128
enable: Transperant http proxy
Transperant Proxy interface: loopback

enable: Https/ssl interception
ssl intercept interfaces: loopback
Port 3128
CA: selfsight from pfsense

ACLs:
Allowd Subnets 192.168.3.0/27

About suggestions I would be happy

koohiisan · Apr 17, 2014, 1:29 PM

I have the same question! Did you make any progress on getting that setup working?

rjcrowder · Apr 17, 2014, 8:32 PM

You can't transparently redirect HTTPS. You have to explicitly set the proxy in the browser settings or use an auto config URL.