Squidguard ext url err page odd issues



  • I have configured a custom squidguard ext url err page that displays when a user tries accessing a blocked website. It seems to work fine except in certain circumstances.

    The following is the ext url erro page. This is served to all systems.
    http://192.168.50.1:80/sgerror.php?url=403 &a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

    This is my current setup:

    Wired systems run on non-transparent proxy, with WPAD implementation.

    Wireless devices run on transparent proxy. (WPAD was a huge hassle)

    Anyhow, I have created target categories as well as am using shallalist categories.  I have created Groups ACLs for admin computers and non-admin systems.

    Now here is the issue:

    A wired system when browsing to a blocked non-https site will display the error page with no problem. Looking in squidguard log tab I is see the following:

    10.0.0.51/- http://ask.com/ Request(Cam_Laptop/blk_BL_searchengines/-) - GET REDIRECT

    However, if the wired systems browsers to a blocked https site I do not receive the error page, rather I get the firefox error "unable to connect"  "Firefox can't establish a connection to the server at privatelee.com"  Looking in squidguard log tab I see:

    10.0.0.51/- privatelee.com:443 Request(Cam_Laptop/blocked_sites/-) - CONNECT REDIRECT

    So why is the error page working with non-https sites but not with https sites?  Is this a configuration setting issue or a limitation of squidguard?

    Thanks much!



  • Only way to get a redirect when visiting a blocked https website is if you use MITM method instead of WPAD.  Basically Squid will break an HTTPS tunnel, but isn't able to tell the browser to redirect since you aren't trusting the proxy server to handle the connection.  You are just tunneling through it when using wpad.