SSL Proxy giving me problems.



  • This should be an easy one for someone to help me with.

    I am NOT trying to use transparent mode, but instead want users to decide whether or not they want their devices running through my SSL proxy. My ISP is extremely slow and caching is a huge deal for me.

    PFSense 2.3
    Latest Squid package
    Proxy is enabled and http is on port 3128 https 3129.
    Firewall rule to allow TCP 3128-3129 to the firewall.
    Firefox is configured to use the above ports for the proxy.
    HTTP sites work correctly
    HTTPS sites time out with no errors

    When I try to access one of my websites I get the following using the Firefox developer tools
    Requested URL : http://michaelwiki.geekgalaxy.com/
    Request method : GET
    Remote address : 192.168.11.1:3128
    Status code: 301 Moved Permanently

    Ok all normal there, but then it tries to load the encrypted page
    Requested URL: https://michaelwiki.geekgalaxy.com/w/index.php/Main_Page
    Request method: GET

    and nothing happens.

    Any ideas on where to start looking would be appreciated.

    UPDATE:

    I was able to narrow down the problem to being that squid is NOT listening on port 3129 for some reason. So if anyone has run into any related bugs please let me know.

    UPDATE 2:
    I found my problem.

    1. You do NOT need to create a firewall rule to allow proxy traffic.
    2. Leaving the defaults, both encrypted and unencrypted traffic share the same port. Even though there is an option to specify the SSL proxy port.

    So this problem is solved, now I need to verify caching is working and I will be able to mark this to-do item done.


Log in to reply