Questions about web proxy

Started by awshirley, April 02, 2021, 03:23:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 02, 2021, 03:23:24 AM
New user here.  I was using an old Cisco ASA 5505 at home.  Can't really do too much with it.  Cisco dropped support for it, and adding a new features required another payment to Cisco.  So I switched to OPNsense and not looking back.

I've been interested in using the transparent proxy with web & AV filtering.  Just using HTTP is worthless now that almost everything is using HTTPS.  From what I've read, I need to create a certificate for HTTPS.  After that I can add the web and AV filtering for all inbound/outbound requests.

I'm not interested in browsing the HTTPS traffic, just want to filter web traffic and use the AV scanner for additional protection at home.  Is there some way I can do this without needing a certificate.  I'm also do not want to add the CA to each computer/phone in the house.  I'm not even sure out this would affect Roku and Amazon devices.

Any suggestions are greatly appreciated.

Thanks!
April 02, 2021, 10:21:51 PM #1
Quote from: awshirley on April 02, 2021, 03:23:24 AM
New user here.  I was using an old Cisco ASA 5505 at home.  Can't really do too much with it.  Cisco dropped support for it, and adding a new features required another payment to Cisco.  So I switched to OPNsense and not looking back.

I've been interested in using the transparent proxy with web & AV filtering.  Just using HTTP is worthless now that almost everything is using HTTPS.  From what I've read, I need to create a certificate for HTTPS.  After that I can add the web and AV filtering for all inbound/outbound requests.

I'm not interested in browsing the HTTPS traffic, just want to filter web traffic and use the AV scanner for additional protection at home.  Is there some way I can do this without needing a certificate.  I'm also do not want to add the CA to each computer/phone in the house.  I'm not even sure out this would affect Roku and Amazon devices.

Any suggestions are greatly appreciated.

Thanks!
Not possible without breaking services or having the "Cert Alert" in your browser while surfing.

The Opnsense is breaking the https encryption and encrypting it again with an own certificate.

But even with an installed certificate on your clients, there are some services which you will have to whitelist (Windows updates, Online Banking tools,...)
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
Print
Go Up Pages1
User actions