Squid and SSL/HTTPS

[proxykid]

Hi

I'm a little confused about SSL and Squid Proxy.

So I've deployed Squid and trying to implement category based rules along with some custom domain rules, however it doesn't seem to be blocking correctly the domains blacklisted.

I do NOT need transparent mode, I'm perfectly OK in setup devices manually with proxy settings.

Squid settings are:
General:
Proxy enabled
Use via header
X-Forwarded-For header handling Append client's IP

Forward proxy, all default except:
Enable SSL inspection: yes
CA to use: none (now this is what I'm not sure if I need one even for a non transparent proxy)

Let me know, thanks!
Sergio M.

[banym]

Hi,

if you do not use tranparent proxy, you should not need ssl inspection.

Client connects to Proxy using for example Port 3128 and then requests the proxy to load the page and deliver it to the client.

If you want to test, first disable all allow rules on that interface if possible. So you know the client is using the proxy and does no bypath. Then allow the client network to connect to your firewall on the defined squid proxy port.

That should be all.

[proxykid]

I see.... I do have an additional rule for dual wan fail over, which now that you mention it it could be causing to allow the traffic that should be blocked.

If that's so.... so should I go about it? should I just disable the load balancing and allow opnsense to switch the default gateway and let it decide? Thanks.