SquidGuard url_rewrite issue with Squid 3.5
-
Hi all,
I've installed pfSense 2.2.6 64bit and have been using it as a web filter with Squid and SquidGuard. Everything was working fine except the rewritten cert on HTTPS connections was being picked up by Firefox and Chrome as a weak certificate (SHA1).
I updated squid using this guide https://forum.pfsense.org/index.php?topic=99141.0 which has upgraded squid to 3.5.3. Now squidguard is working on HTTP but not HTTPS.
I'm thinking the url_rewrite is the problem. When i go to an https page i get a messsage that the cert if for the domain "http" and doesn't match the actual site (e.g. www.google.co.uk). In IE i can bypass this and get the attached screen.
I can't see anything in the logs that says much other than this in cache.log:
2016/04/03 16:51:48 kid1| UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.212.106/192.168.212.106 - CONNECT'. Future Squid will treat this as part of the URL.
Can anyone help/point me in the right direction?
Thanks in advance
-
Hello,
i found out, that you can stop service in webgui and start squidGuard in emergency mode from command line to see debug info
command: squidGuard
my problem isnt solved but maybe it helps
-
would you please tell me how you make pfsense work with squid+squidguard as webfilter only ?
i mean are you able to make them work in non-transparent mode and block both http and https ? -
Hi all,
I've installed pfSense 2.2.6 64bit and have been using it as a web filter with Squid and SquidGuard. Everything was working fine except the rewritten cert on HTTPS connections was being picked up by Firefox and Chrome as a weak certificate (SHA1).
I updated squid using this guide https://forum.pfsense.org/index.php?topic=99141.0 which has upgraded squid to 3.5.3. Now squidguard is working on HTTP but not HTTPS.
I'm thinking the url_rewrite is the problem. When i go to an https page i get a messsage that the cert if for the domain "http" and doesn't match the actual site (e.g. www.google.co.uk). In IE i can bypass this and get the attached screen.
I can't see anything in the logs that says much other than this in cache.log:
2016/04/03 16:51:48 kid1| UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.212.106/192.168.212.106 - CONNECT'. Future Squid will treat this as part of the URL.
Can anyone help/point me in the right direction?
Thanks in advance
Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard, but Rewrite set to none? I had the same problem. There should be a safesearch option in the Rewrite drop down box. Select it, save and click the Apply button on the General Settings page. I believe that's what fixed my problem.
-
I have same problem with pfsense 2.3
I made the safesearch configuration but did not work
Any other idea?
-
Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard
that has not worked for quite a while,
before 2.3 I used DNS Resolver and created a Host Overrides
Host Domain IP
www google.com 216.239.38.120However this stoped working in 2.3