Pfsesne 2.2 and Squid3+squidGuard-devel Error



  • Hi,

    I hope someone with alot more experience will be able to help me on this. I have done fresh install of pfsense 2.2 install the only packages squid3+ squidGuard-devel. I have configure both and they are running. Now the problem I am having which has been bothering me for sometime is when i block a particular category ie. Porn and then try and access a porn site i get the following error which isn't the correct error when i page is blocked :

    I saw the following in system logs which i think is related also:
    lighttpd[52620]: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

    Any help will be very much appreciated.
    Thanks



  • Hi,

    are you using webconfigurator with https? if yes, this had always helped me:

    If you’re using SSL to secure your webConfigurator, pfSense sends the block page (sgerror.php) over an https connection. By default, any good browser will NOT load an http URL inside an iFrame on an https page (it’s a security thing)

    Solution
    Instead, you can set lighttpd to ignore sgerror.php when it redirects http requests to https.

    1. Go to “Diagnostics > Edit File” and load /etc/inc/system.inc
        Find the lines that modify your lighttpd config to redirect http to https, which should say:
        $SERVER["socket"] == ":80" {
        $HTTP["host"] =~ "(.)" {
        url.redirect = ( "^/(.
    )" => "https://%1{$redirectport}/$1" )
        }
        }

    2. Update them to NOT redirect the file beginning sgerror.php:
        $SERVER["socket"] == ":80" {
        $HTTP["host"] =~ "(.)" {
        url.redirect = ( "^/^(sgerror)(.
    )" => "https://%1{$redirectport}/$1" )
        }
        }

    3. Save.

    4. Go to "Diagnostics > Edit File" and load /usr/local/pkg/squidguard_configurator.inc
        Find the lines starting with: $guiport = (!empty
        Make a new line below and enter: $guiport = '80';

    5. Save. Restart your webConfigurator (shell option 11).

    6. Restart SquidGuard

    maybe it helps you too :)



  • Thanks,

    I will try this and update you.



  • @mmjlz:

    Hi,

    are you using webconfigurator with https? if yes, this had always helped me:

    If you’re using SSL to secure your webConfigurator, pfSense sends the block page (sgerror.php) over an https connection. By default, any good browser will NOT load an http URL inside an iFrame on an https page (it’s a security thing)

    Solution
    Instead, you can set lighttpd to ignore sgerror.php when it redirects http requests to https.

    1. Go to “Diagnostics > Edit File” and load /etc/inc/system.inc
        Find the lines that modify your lighttpd config to redirect http to https, which should say:
        $SERVER["socket"] == ":80" {
        $HTTP["host"] =~ "(.)" {
        url.redirect = ( "^/(.
    )" => "https://%1{$redirectport}/$1" )
        }
        }

    2. Update them to NOT redirect the file beginning sgerror.php:
        $SERVER["socket"] == ":80" {
        $HTTP["host"] =~ "(.)" {
        url.redirect = ( "^/^(sgerror)(.
    )" => "https://%1{$redirectport}/$1" )
        }
        }

    3. Save.

    4. Go to "Diagnostics > Edit File" and load /usr/local/pkg/squidguard_configurator.inc
        Find the lines starting with: $guiport = (!empty
        Make a new line below and enter: $guiport = '80';

    5. Save. Restart your webConfigurator (shell option 11).

    6. Restart SquidGuard

    maybe it helps you too :)

    You are a star this fixed the problem for me Thank you very much :)


Log in to reply