Pfsesne 2.2 and Squid3+squidGuard-devel Error

Brutos

Hi,

I hope someone with alot more experience will be able to help me on this. I have done fresh install of pfsense 2.2 install the only packages squid3+ squidGuard-devel. I have configure both and they are running. Now the problem I am having which has been bothering me for sometime is when i block a particular category ie. Porn and then try and access a porn site i get the following error which isn't the correct error when i page is blocked :

I saw the following in system logs which i think is related also:
lighttpd[52620]: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

Any help will be very much appreciated.
Thanks

mmjlz

Hi,

are you using webconfigurator with https? if yes, this had always helped me:

If you’re using SSL to secure your webConfigurator, pfSense sends the block page (sgerror.php) over an https connection. By default, any good browser will NOT load an http URL inside an iFrame on an https page (it’s a security thing)

Solution
Instead, you can set lighttpd to ignore sgerror.php when it redirects http requests to https.

1. Go to “Diagnostics > Edit File” and load /etc/inc/system.inc
    Find the lines that modify your lighttpd config to redirect http to https, which should say:
    $SERVER["socket"] == ":80" {
    $HTTP["host"] =~ "(.)" {
    url.redirect = ( "^/(.)" => "https://%1{$redirectport}/$1" )
    }
    }

2. Update them to NOT redirect the file beginning sgerror.php:
    $SERVER["socket"] == ":80" {
    $HTTP["host"] =~ "(.)" {
    url.redirect = ( "^/^(sgerror)(.)" => "https://%1{$redirectport}/$1" )
    }
    }

3. Save.

4. Go to "Diagnostics > Edit File" and load /usr/local/pkg/squidguard_configurator.inc
    Find the lines starting with: $guiport = (!empty
    Make a new line below and enter: $guiport = '80';

5. Save. Restart your webConfigurator (shell option 11).

6. Restart SquidGuard

maybe it helps you too :)

Brutos

Thanks,

I will try this and update you.

Brutos

@mmjlz:

Hi,

are you using webconfigurator with https? if yes, this had always helped me:

If you’re using SSL to secure your webConfigurator, pfSense sends the block page (sgerror.php) over an https connection. By default, any good browser will NOT load an http URL inside an iFrame on an https page (it’s a security thing)

Solution
Instead, you can set lighttpd to ignore sgerror.php when it redirects http requests to https.

1. Go to “Diagnostics > Edit File” and load /etc/inc/system.inc
    Find the lines that modify your lighttpd config to redirect http to https, which should say:
    $SERVER["socket"] == ":80" {
    $HTTP["host"] =~ "(.)" {
    url.redirect = ( "^/(.)" => "https://%1{$redirectport}/$1" )
    }
    }

2. Update them to NOT redirect the file beginning sgerror.php:
    $SERVER["socket"] == ":80" {
    $HTTP["host"] =~ "(.)" {
    url.redirect = ( "^/^(sgerror)(.)" => "https://%1{$redirectport}/$1" )
    }
    }

3. Save.

4. Go to "Diagnostics > Edit File" and load /usr/local/pkg/squidguard_configurator.inc
    Find the lines starting with: $guiport = (!empty
    Make a new line below and enter: $guiport = '80';

5. Save. Restart your webConfigurator (shell option 11).

6. Restart SquidGuard

maybe it helps you too :)

You are a star this fixed the problem for me Thank you very much :)