Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SquidGuard url_rewrite issue with Squid 3.5

    Cache/Proxy
    6
    6
    2980
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moley2016 last edited by

      Hi all,

      I've installed pfSense 2.2.6 64bit and have been using it as a web filter with Squid and SquidGuard.  Everything was working fine except the rewritten cert on HTTPS connections was being picked up by Firefox and Chrome as a weak certificate (SHA1).

      I updated squid using this guide https://forum.pfsense.org/index.php?topic=99141.0 which has upgraded squid to 3.5.3.  Now squidguard is working on HTTP but not HTTPS.

      I'm thinking the url_rewrite is the problem.  When i go to an https page i get a messsage that the cert if for the domain "http" and doesn't match the actual site (e.g. www.google.co.uk).  In IE i can bypass this and get the attached screen.

      I can't see anything in the logs that says much other than this in cache.log:

      2016/04/03 16:51:48 kid1| UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.212.106/192.168.212.106 - CONNECT'. Future Squid will treat this as part of the URL.

      Can anyone help/point me in the right direction?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • H
        Hanswerner last edited by

        Hello,

        i found out, that you can stop service in webgui and start squidGuard in emergency mode from command line to see debug info

        command: squidGuard

        my problem isnt solved but maybe it helps

        1 Reply Last reply Reply Quote 0
        • N
          Naughty last edited by

          would you please tell me how you make pfsense work with squid+squidguard  as webfilter only ?
          i mean are you able to make them work in non-transparent mode and block both http and https ?

          1 Reply Last reply Reply Quote 0
          • H
            hbarnhart last edited by

            @moley2016:

            Hi all,

            I've installed pfSense 2.2.6 64bit and have been using it as a web filter with Squid and SquidGuard.  Everything was working fine except the rewritten cert on HTTPS connections was being picked up by Firefox and Chrome as a weak certificate (SHA1).

            I updated squid using this guide https://forum.pfsense.org/index.php?topic=99141.0 which has upgraded squid to 3.5.3.  Now squidguard is working on HTTP but not HTTPS.

            I'm thinking the url_rewrite is the problem.  When i go to an https page i get a messsage that the cert if for the domain "http" and doesn't match the actual site (e.g. www.google.co.uk).  In IE i can bypass this and get the attached screen.

            I can't see anything in the logs that says much other than this in cache.log:

            2016/04/03 16:51:48 kid1| UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.212.106/192.168.212.106 - CONNECT'. Future Squid will treat this as part of the URL.

            Can anyone help/point me in the right direction?

            Thanks in advance

            Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard, but Rewrite set to none? I had the same problem. There should be a safesearch option in the Rewrite drop down box. Select it, save and click the Apply button on the General Settings page. I believe that's what fixed my problem.

            1 Reply Last reply Reply Quote 0
            • M
              menezes last edited by

              I have same problem with pfsense 2.3

              I made the safesearch configuration but did not work

              Any other idea?

              1 Reply Last reply Reply Quote 0
              • A
                aGeekhere last edited by

                Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard

                that has not worked for quite a while,

                before 2.3 I used DNS Resolver and created a Host Overrides

                Host      Domain        IP
                www     google.com 216.239.38.120

                However this stoped working in 2.3

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy