Hello there!
i im trying to configure the squid web proxy to achieve the following goals:
- Transparent proxy (Gateway on the Clients is set to the opnesense ip)
- Block everything by default (HTTPS/HTTP)
- Allow specific domains only (HTTPS/HTTP)
I managed to configure the system
- "Enable Transparent HTTP proxy" -> true
- "Enable SSL inspection" -> true
- "Log SNI Information only" -> true
- "Ca to use" -> created and imported on th eclients
- "SSL no bump sites" currently empty
- NAT Rules to the proxy are created
- ACL: "Whitelist" contains only "nuget.org"
- ACL: "Blacklist" contains ".*" to block everything
The Problem:
If i open https://nuget.org i will get the message:
"The following error was encountered while trying to retrieve the URL: https://172.183.192.203/* Access Denied."
I do not understand why it would ?redirect? to the ip instead the hostname?
If i remove the ".*" from the blacklist it works.
What am i doing wrong? Is there another better way?
Thanks!
Benjamin