Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HOW TO BLOCK HTTPS sites

    Scheduled Pinned Locked Moved Cache/Proxy
    11 Posts 5 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      damithudayangakumara
      last edited by

      can i know , how to block https sites on pfsense 2.2.2

      1 Reply Last reply Reply Quote 0
      • A
        aGeekhere
        last edited by

        Two options,

        Option 1
        Download squid and squidguard and use Transparent Proxy with SSL man in the middle Filtering.

        Option 2
        Download squid and squidguard and Setup a wpad.

        Never Fear, A Geek is Here!

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Option 3: Do not be evil and stop breaking security for users.

          https://forum.pfsense.org/index.php?topic=93188.0

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            so you want to block users going to https?  But allow http?  That would break a lot of the internet for your users for sure.

            But you don't need a proxy to block that - just block outbound tcp 443..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • A
              aGeekhere
              last edited by

              Sorry, do you want to block or filter https sites?

              Never Fear, A Geek is Here!

              1 Reply Last reply Reply Quote 0
              • D
                damithudayangakumara
                last edited by

                sorry  guys… i want to filter https

                1 Reply Last reply Reply Quote 0
                • A
                  aGeekhere
                  last edited by

                  Ok, so going back to post 2 you have two options.

                  Transparent Proxy or wpad.

                  Which would you prefer?

                  Never Fear, A Geek is Here!

                  1 Reply Last reply Reply Quote 0
                  • D
                    damithudayangakumara
                    last edited by

                    how to use wpad

                    1 Reply Last reply Reply Quote 0
                    • A
                      aGeekhere
                      last edited by

                      The wiki
                      https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

                      My process of setting it up
                      https://forum.pfsense.org/index.php?topic=93060.0

                      Never Fear, A Geek is Here!

                      1 Reply Last reply Reply Quote 0
                      • D
                        damithudayangakumara
                        last edited by

                        @aGeekHere:

                        The wiki
                        https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

                        My process of setting it up
                        https://forum.pfsense.org/index.php?topic=93060.0

                        thank you aGeekHere i'll try it and informed it work or not

                        1 Reply Last reply Reply Quote 0
                        • C
                          chris4916
                          last edited by

                          Use WPAD

                          This is a short-cut.  ;)
                          You have to notice that WPAD has no impact on HTTPS filtering.

                          What makes difference here is use of explicit proxy instead of transparent proxy.

                          Purpose, with WPAD, is to ease proxy discovery (WPAD stands for Web Proxy Auto Discovery) in order to use explicit proxy because manual configuration can be painful in case you have a lot of clients (or in case your proxy moves or… whatever that would require to change such setting).

                          For reasonably small group of clients, configuring manually proxy at browser level can be the easiest solution.

                          Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.