HTTPS Filtering Guide



  • Unfortunately, I wish to say that the documentation of pfSense is very bad. It is not having a single guide which is complete and helpful.
    I have been happy with Zentyal since many years. But they removed proxy support from 4.0 version. I had tried with pfSense, but I was never ever successful.
    I have been searching pfSense forum since 3 years. There is no complete post regarding this. Believe me, they are not complete.

    I wish to setup the following with a simple step by step guide for beginners(not anything commercial eg Diladele etc.):

    • HTTPS filtering with SquidGaurd. (For blocking facebook and youtube etc)

    • create Objects on Network. (eg full access to facebook and youtube etc for Boss)

    • adjust bandwith limit for Objects.

    • Multi-WAN failover and loadbalancing (I already did it, still a complete guide required)



  • Well I will try.

    For transparent proxy with man in the middle (a bit old but should still work)
    https://forum.pfsense.org/index.php?topic=79389.0
    Just skip the System Patches part.

    For wpad
    https://forum.pfsense.org/index.php?topic=93060.0

    Good luck



  • :D

    I've been quite heavily involved in Zentyal deployment. Thus I see what you mean although I'm not 100% in line with your statement.
    This said, most important point is that, at least for what I understand, you're welcome if you want to take part to pfSense Wiki and write your own part of documentation  ;)

    My feeling is that such documentation is not directly related to pfSense. The only point, if any, that is linked to pfSense is debate about HTTP proxy positioning when pfSense is deployed.
    Perhaps obviously some cookbook aspects (I've noticed that a lot of people, I don't want to write "admin" here, expect documentation stating "click here and there then it should work".

    But the most important aspects, describing how it works, from technical viewpoint, why and what are the best practices is not part or even dependent from pfSense isn't it?



  • Hi,

    squid comes as a package from the community. Even if many of the developers contribute code to this package this is still a community package and as long as the author of this package or someone else does not add a tutorial to the wiki then there won't be any.

    I myself developed a package for pfsense and I added a tutorial to the wiki and I tried to help in a separte post and I appreciated any help in documentation but I do not know of anyone who posted just one line to the wiki. I added the posts from the forum but noone else did.

    So you can see that packages from the community can be well documented or the aren't.

    I assume that most of the features of the pfsense base system is well documented - at least in the pfsense book and/or wiki.


Log in to reply