OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: nospam on October 03, 2018, 02:38:01 pm

Title: SSL Proxy Config question
Post by: nospam on October 03, 2018, 02:38:01 pm

I got the SSL proxy working yesterday for most sites except for a few cases and I'm not sere how to resolve the issue.

This morning when I go to https://somewebsite.com  on a PC it connects after warning me about a security SSL issue...no problem here.  When I access the same website using an ipad my firewall is now blocking it with the message

Access Denied: URL https://11.22.33.44/*

I added somewebsite.com to my proxy whitelist AND to the "SSL no bump sites" but I am still getting the error.

Can someone offer insight as to why the domain is getting resolved by the proxy URL as an IP and then getting blocked?

Title: Re: SSL Proxy Config question
Post by: ruggerio on October 19, 2018, 07:39:39 am

How do your clients connect to the proxy? Is it a transparent proxy, or did you install it on each device?

Title: Re: SSL Proxy Config question
Post by: bmail on October 20, 2018, 05:26:06 pm

Hello,

Perhaps, you should flush ssl cache of all your PC or ipad.
SSL cache of each browser can create issues, sometimes quite persistent ...

have a good day.

Title: Re: SSL Proxy Config question
Post by: nospam on October 26, 2018, 04:06:08 pm

It is set up as a transparent proxy.  All caches cleared on the clients.

The issue appears to be with Squid and domains that exist on multiple IP addresses.  I don't know how to resolve the way squid is blocking these sites.