Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard redirect page and https traffic

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 2 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bjm3805
      last edited by

      Couple of questions:

      1. I have a redirect info to an internal URL, but the images and background are not being downloaded. The page is coming in lacking images. Any ideas on what I need to do to ensure the images are downloaded? Same thing happens with external pages as well.

      2. I have set the default access to blocked and have only enabled a few pages, thus locking down everything. However, https traffic is being blocked, but not redirecting to the redirect page I have defined. What am I missing with this?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        1. Can you view the error web page normally via its URL?  Is your redirect the general one or linked to a Target category or Group ACL?

        2. How are you doing this, similar to #1 above?  Maybe some screens of your config would help.  Do you have logging enabled under General - Logging options?

        1 Reply Last reply Reply Quote 0
        • B
          bjm3805
          last edited by

          1. Yes, I can view it normally. The redirect is the general one (see screenshots)

          1. See attached screenshots

          Thanks!

          CommonACL.jpg
          CommonACL.jpg_thumb
          GeneralSettings.jpg
          GeneralSettings.jpg_thumb
          TargetCategories.jpg
          TargetCategories.jpg_thumb
          TargetCategoryBTL.jpg
          TargetCategoryBTL.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            1.  A quick forum & Google search shows that others have had this same issue before, and nobody has managed to pin it down.  I just created a simple err.html page on my pfsense box and threw an image in the mix.  Then I set my redirect mode to point to ext url redirect but I did it on the Target category for the thing I was blocking instead of making it common.  It worked fine for me.  Add me to the list of people who don't know why it works for some and not others.  Have you tried playing with the various redirect modes?

            2.  How are you doing your https blocking?

            1 Reply Last reply Reply Quote 0
            • B
              bjm3805
              last edited by

              I will try moving and playing around with the redirect page.

              I don't think I am handling https blocking. I assumed that blocking default would also block https traffic. Is that configured somewhere else?

              Thanks for your help!

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                From what I understand, HTTPS filtering is tricky because the proxy only sees the IP addresses at the two ends of the tunnel and not the actual URL.  For SquidGuard to see the content of the traffic, it would have to have a trusted cert installed on the user's PC, and this would make pfSense the "man" in what's essentially a Man-in-the-Middle attack.  Modern browsers can detect this to a degree and may warn the user.

                You can block all of HTTPS through the firewall of course, but if you need to selectively block some HTTPS sites and not others, you will have to use IP addresses.

                I've seen some stuff on the latest releases of Squid/SquidGuard that supposedly support filtering HTTPS, but I haven't tried it or really paid it much attention as I use Squid2.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.