4. SquidGuard url_rewrite issue with Squid 3.5

SquidGuard url_rewrite issue with Squid 3.5

  • M

    Hi all,

    I've installed pfSense 2.2.6 64bit and have been using it as a web filter with Squid and SquidGuard.  Everything was working fine except the rewritten cert on HTTPS connections was being picked up by Firefox and Chrome as a weak certificate (SHA1).

    I updated squid using this guide https://forum.pfsense.org/index.php?topic=99141.0 which has upgraded squid to 3.5.3.  Now squidguard is working on HTTP but not HTTPS.

    I'm thinking the url_rewrite is the problem.  When i go to an https page i get a messsage that the cert if for the domain "http" and doesn't match the actual site (e.g. www.google.co.uk).  In IE i can bypass this and get the attached screen.

    I can't see anything in the logs that says much other than this in cache.log:

    2016/04/03 16:51:48 kid1| UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.212.106/192.168.212.106 - CONNECT'. Future Squid will treat this as part of the URL.

    Can anyone help/point me in the right direction?

    Thanks in advance

    0
  • H

    Hello,

    i found out, that you can stop service in webgui and start squidGuard in emergency mode from command line to see debug info

    command: squidGuard

    my problem isnt solved but maybe it helps

    0
  • N

    would you please tell me how you make pfsense work with squid+squidguard  as webfilter only ?
    i mean are you able to make them work in non-transparent mode and block both http and https ?

    0
  • H

    @moley2016:

    Hi all,

    I've installed pfSense 2.2.6 64bit and have been using it as a web filter with Squid and SquidGuard.  Everything was working fine except the rewritten cert on HTTPS connections was being picked up by Firefox and Chrome as a weak certificate (SHA1).

    I updated squid using this guide https://forum.pfsense.org/index.php?topic=99141.0 which has upgraded squid to 3.5.3.  Now squidguard is working on HTTP but not HTTPS.

    I'm thinking the url_rewrite is the problem.  When i go to an https page i get a messsage that the cert if for the domain "http" and doesn't match the actual site (e.g. www.google.co.uk).  In IE i can bypass this and get the attached screen.

    I can't see anything in the logs that says much other than this in cache.log:

    2016/04/03 16:51:48 kid1| UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.212.106/192.168.212.106 - CONNECT'. Future Squid will treat this as part of the URL.

    Can anyone help/point me in the right direction?

    Thanks in advance

    Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard, but Rewrite set to none? I had the same problem. There should be a safesearch option in the Rewrite drop down box. Select it, save and click the Apply button on the General Settings page. I believe that's what fixed my problem.

    0
  • M

    I have same problem with pfsense 2.3

    I made the safesearch configuration but did not work

    Any other idea?

    0
  • A

    Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard

    that has not worked for quite a while,

    before 2.3 I used DNS Resolver and created a Host Overrides

    Host      Domain        IP
    www     google.com 216.239.38.120

    However this stoped working in 2.3

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy