Stop redirecting HTTP on webgui



  • Hello, I use HTTPS on my webgui and I also use squidguard to control my companys access. The problem is that when someone hits a blocked webpage they are redirected to https://mypfsense.company/sgerror.php and they get a certification error. I could install the certificate to the webgui on all the computers, but that would be verry time consuming.

    Is there a way to redirect squidguard (or other packages) to display a normal HTTP page (not https)? That way I would only use the https on my administrative computers to control the webgui and squidguard for example would be displayed on http://mypfsense.company/sgerror.php

    Thank you in advance
    Best Regards


  • LAYER 8 Netgate

    Have you tried System->Advanced->Admin Access - Disable webConfigurator redirect rule?



  • Yes, that was the first thing that I tried! But if I do that I continue to not be able to enter on HTTP mode, I get a error of not found! I would no mind to force the HTTPS, if I was able to continue entering in HTTP!

    I would not like to have to use the external webserver to do this!

    Thank you for your help!
    Best regards


  • LAYER 8 Netgate

    So you want to disable HTTP on port 80 for the webConfigurator and use port 80 for the webConfigurator?

    Something's going to have to give.



  • No, I want to have both http and https option, if that is possible! On the webconfigurator i would use https, on the squidguard redirector page I would use http



  • To any one that would like this solution, I found it out by adapting a code part of the page http://www.gopulls.com/blog/2014.08.13/squidguard-logging-with-pfsense-running-https/

    The only thing that I replaced was

    $SERVER["socket"] == ":80" {
    $HTTP["host"] =~ "(.)" {
    **url.redirect = ( "^/(.
    )" => "https://%1{$redirectport}/$1" )**

    $SERVER["socket"] == ":80" {
    $HTTP["host"] =~ "(.)" {
    **url.redirect = ( "^/^(sgerror)(.
    )" => "https://%1{$redirectport}/$1"**

    this way the redirector will work to all pages except sgerror

    Best Regards



  • Ok this worked as intended, but with a side effect, now I'm never redirected to https, the idea was to redirect only if the "sgerror" was on the url, but now I have to explicitly put https to go to https on my webconfiguration. This is better than nothing, but if it were only to url's with "sgerror" on the string it would be perfect.

    Something wrong with my RegEx pattern?

    Best Regards


Log in to reply