Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid3-devel + squidGuard-squid3 - double https redirection

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • belleraB
      bellera
      last edited by

      squid3-dev 3.3.10 pkg 2.2.1 + squidGuard-squid3 1.4_4 pkg v.1.9.5

      Blocked pages at sites such https://www.google.com doesn't show the redirect page when the link is also https.

      Example searching DansGuardian versus SquidGuard at Google:

      https://www.google.es/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CE4QFjAC&url=https://www.linuxquestions.org/questions/linux-security-4/dansguardian-squidguard-web-filter-squid-614865/&ei=WWYvU8C8GK-A7QbqtYGoBg&usg=AFQjCNEeZZd9J2VbGx3yduXd6fyDaoKmLw&sig2=h9otDnJpDh-tsAtiuKW7pQ&bvm=bv.62922401,d.ZGU

      If I open the link in a new tab or window the redirect page is shown.
      ![Captura de 2014-03-24 00:09:56.png](/public/imported_attachments/1/Captura de 2014-03-24 00:09:56.png)
      ![Captura de 2014-03-24 00:09:56.png_thumb](/public/imported_attachments/1/Captura de 2014-03-24 00:09:56.png_thumb)

      1 Reply Last reply Reply Quote 0
      • D
        dvserg
        last edited by

        Try to play with redirect link type (ext & co)

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • D
          dvserg
          last edited by

          But http://squid-web-proxy-cache.1019090.n4.nabble.com/Squidguard-redirect-and-https-td4662707.html

          The problem is not Squid nor HTTPS.

          The problem is that the HTTP protocol has a standard that allows
          redirection and the HTTPS protocol does not.
          The HTTPS protocol was designed to be secure and does not allow
          any type of interference.

          SquidGuardDoc EN  RU Tutorial
          Localization ru_PFSense

          1 Reply Last reply Reply Quote 0
          • belleraB
            bellera
            last edited by

            @dvserg:

            Try to play with redirect link type (ext & co)

            My redirect page is external

            Redirect mode	
            Select redirect mode here.
            Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible.
            Options:ext url err page , ext url redirect , ext url as 'move' , ext url as 'found'.
            Redirect info	http://www.mydomain.tld/denied.php?a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
            Enter external redirection URL, error message or size (bytes) here.
            
            1 Reply Last reply Reply Quote 0
            • belleraB
              bellera
              last edited by

              @dvserg:

              But http://squid-web-proxy-cache.1019090.n4.nabble.com/Squidguard-redirect-and-https-td4662707.html

              The problem is not Squid nor HTTPS.

              The problem is that the HTTP protocol has a standard that allows
              redirection and the HTTPS protocol does not.
              The HTTPS protocol was designed to be secure and does not allow
              any type of interference.

              The link refers to squid2, without SSL interception possibility.

              I'm using squid3-devel package with SSL interception (SSL Bump, man-in-the middle based). It's intercepting SSL without any troubles.

              http://translate.google.com/translate?hl=en&sl=es&tl=en&u=http%3A%2F%2Fforum.pfsense.org%2Findex.php%3Ftopic%3D73007.msg402349%23msg402349

              Google https pages with https links are also intercepted. But when I click the link the redirect page is not opened. However, opening the page in a new tab or window browser the redirect page appears.

              Curious! It's FireFox 27.0.1 fault? I just tried with Chromium 32.0.1700.107 and I've got the redirect page!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.