OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: ddoke on April 16, 2018, 10:24:32 am

Title: Web Proxy - Inconsistent filtering and protocol mismatch
Post by: ddoke on April 16, 2018, 10:24:32 am

Hello all,
We would like to use a transparent Web proxy in order to block visitors from accessing undesirable Websites.

Here are some of the issues we are encountering:

* Websites that match one of the filtered category seem to be blocked. I.e.: www.ubs.com cannot be accessed even though the “bank” category is not blacklisted.

* When trying to access via HTTPS a Website that matches a filtered category that isn’t white-listed, we receive an SSL error on the browser. A network capture shows Squid responding with an Access Denied message in plain-text HTTP, and not HTTPS.

The error that is reoccurring in the access logs is TCP_Denied, but we can’t tell specifically what ACL we are hitting.
We are able to access some HTTPS Websites, it’s only when the access is denied that we receive a response in HTTP, and we also cannot tell why it’s being denied.

Other websites that don’t work: www.youtube.com, ch.archive.ubuntu.com

What are your suggestions?

Title: Re: Web Proxy - Inconsistent filtering and protocol mismatch
Post by: ddoke on April 18, 2018, 01:48:21 pm

Hi there,
Can anyone help on this?
Doesn't seem like the filters are applied or treated correctly.