OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: nospam on October 06, 2018, 04:49:23 pm

Title: SSL Proxy Config question
Post by: nospam on October 06, 2018, 04:49:23 pm
Sorry about the cross post but I'm unable to delete my first post.

I have SSL transparent proxy working for most sites except for a few odd cases and I'm not sere how to resolve the issue.

When I go to certain websites https://somewebsite.com my firewall is blocking it with the message

Access Denied: URL*

I added somewebsite.com to my proxy whitelist AND to the "SSL no bump sites" but I am still getting the error.

Can someone offer insight as to why the domain is getting resolved by the proxy URL as an IP and then getting blocked?  Are there any work arounds?

Usually "Access Denied" message shows the URL blocked, not the actual IP address.  Reading up on squid indicates this might be due to multiple DNS servers providing conflicting results and squid flagging the website.  The sites in question are certain government websites which are likely hosting one URL on multiple IP addresses.  I've tried adding the IP addresses to the "SSL no bump sites" as well but that doesn't work.