Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid3-devel + squidGuard-squid3 - double https redirection

    pfSense Packages
    2
    5
    2693
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bellera
      bellera last edited by

      squid3-dev 3.3.10 pkg 2.2.1 + squidGuard-squid3 1.4_4 pkg v.1.9.5

      Blocked pages at sites such https://www.google.com doesn't show the redirect page when the link is also https.

      Example searching DansGuardian versus SquidGuard at Google:

      https://www.google.es/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CE4QFjAC&url=https://www.linuxquestions.org/questions/linux-security-4/dansguardian-squidguard-web-filter-squid-614865/&ei=WWYvU8C8GK-A7QbqtYGoBg&usg=AFQjCNEeZZd9J2VbGx3yduXd6fyDaoKmLw&sig2=h9otDnJpDh-tsAtiuKW7pQ&bvm=bv.62922401,d.ZGU

      If I open the link in a new tab or window the redirect page is shown.
      ![Captura de 2014-03-24 00:09:56.png](/public/imported_attachments/1/Captura de 2014-03-24 00:09:56.png)
      ![Captura de 2014-03-24 00:09:56.png_thumb](/public/imported_attachments/1/Captura de 2014-03-24 00:09:56.png_thumb)

      1 Reply Last reply Reply Quote 0
      • D
        dvserg last edited by

        Try to play with redirect link type (ext & co)

        SquidGuardDoc EN  RU Tutorial
        Localization ru_PFSense

        1 Reply Last reply Reply Quote 0
        • D
          dvserg last edited by

          But http://squid-web-proxy-cache.1019090.n4.nabble.com/Squidguard-redirect-and-https-td4662707.html

          The problem is not Squid nor HTTPS.

          The problem is that the HTTP protocol has a standard that allows
          redirection and the HTTPS protocol does not.
          The HTTPS protocol was designed to be secure and does not allow
          any type of interference.

          SquidGuardDoc EN  RU Tutorial
          Localization ru_PFSense

          1 Reply Last reply Reply Quote 0
          • bellera
            bellera last edited by

            @dvserg:

            Try to play with redirect link type (ext & co)

            My redirect page is external

            Redirect mode	
Select redirect mode here.
Note: if you use 'transparent proxy', then 'int' redirect mode will not accessible.
Options:ext url err page , ext url redirect , ext url as 'move' , ext url as 'found'.
Redirect info	http://www.mydomain.tld/denied.php?a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
Enter external redirection URL, error message or size (bytes) here.
            1 Reply Last reply Reply Quote 0
            • bellera
              bellera last edited by

              @dvserg:

              But http://squid-web-proxy-cache.1019090.n4.nabble.com/Squidguard-redirect-and-https-td4662707.html

              The problem is not Squid nor HTTPS.

              The problem is that the HTTP protocol has a standard that allows
              redirection and the HTTPS protocol does not.
              The HTTPS protocol was designed to be secure and does not allow
              any type of interference.

              The link refers to squid2, without SSL interception possibility.

              I'm using squid3-devel package with SSL interception (SSL Bump, man-in-the middle based). It's intercepting SSL without any troubles.

              http://translate.google.com/translate?hl=en&sl=es&tl=en&u=http%3A%2F%2Fforum.pfsense.org%2Findex.php%3Ftopic%3D73007.msg402349%23msg402349

              Google https pages with https links are also intercepted. But when I click the link the redirect page is not opened. However, opening the page in a new tab or window browser the redirect page appears.

              Curious! It's FireFox 27.0.1 fault? I just tried with Chromium 32.0.1700.107 and I've got the redirect page!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post