• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Squidguard ext url err page odd issues

Scheduled Pinned Locked Moved Cache/Proxy
2 Posts 2 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    maverik1
    last edited by Feb 6, 2016, 7:14 AM

    I have configured a custom squidguard ext url err page that displays when a user tries accessing a blocked website. It seems to work fine except in certain circumstances.

    The following is the ext url erro page. This is served to all systems.
    http://192.168.50.1:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

    This is my current setup:

    Wired systems run on non-transparent proxy, with WPAD implementation.

    Wireless devices run on transparent proxy. (WPAD was a huge hassle)

    Anyhow, I have created target categories as well as am using shallalist categories.  I have created Groups ACLs for admin computers and non-admin systems.

    Now here is the issue:

    A wired system when browsing to a blocked non-https site will display the error page with no problem. Looking in squidguard log tab I is see the following:

    10.0.0.51/- http://ask.com/ Request(Cam_Laptop/blk_BL_searchengines/-) - GET REDIRECT

    However, if the wired systems browsers to a blocked https site I do not receive the error page, rather I get the firefox error "unable to connect"  "Firefox can't establish a connection to the server at privatelee.com"  Looking in squidguard log tab I see:

    10.0.0.51/- privatelee.com:443 Request(Cam_Laptop/blocked_sites/-) - CONNECT REDIRECT

    So why is the error page working with non-https sites but not with https sites?  Is this a configuration setting issue or a limitation of squidguard?

    Thanks much!

    1 Reply Last reply Reply Quote 0
    • C
      C0RR0SIVE
      last edited by Feb 6, 2016, 8:51 AM

      Only way to get a redirect when visiting a blocked https website is if you use MITM method instead of WPAD.  Basically Squid will break an HTTPS tunnel, but isn't able to tell the browser to redirect since you aren't trusting the proxy server to handle the connection.  You are just tunneling through it when using wpad.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received