Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Squid and SSL/HTTPS
« previous
next »
Print
Pages: [
1
]
Author
Topic: Squid and SSL/HTTPS (Read 3572 times)
proxykid
Newbie
Posts: 16
Karma: 0
Squid and SSL/HTTPS
«
on:
September 25, 2019, 11:54:20 pm »
Hi
I'm a little confused about SSL and Squid Proxy.
So I've deployed Squid and trying to implement category based rules along with some custom domain rules, however it doesn't seem to be blocking correctly the domains blacklisted.
I do NOT need transparent mode, I'm perfectly OK in setup devices manually with proxy settings.
Squid settings are:
General:
Proxy enabled
Use via header
X-Forwarded-For header handling Append client's IP
Forward proxy, all default except:
Enable SSL inspection: yes
CA to use: none
(now this is what I'm not sure if I need one even for a non transparent proxy)
Let me know, thanks!
Sergio M.
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Squid and SSL/HTTPS
«
Reply #1 on:
September 26, 2019, 03:04:41 pm »
Hi,
if you do not use tranparent proxy, you should not need ssl inspection.
Client connects to Proxy using for example Port 3128 and then requests the proxy to load the page and deliver it to the client.
If you want to test, first disable all allow rules on that interface if possible. So you know the client is using the proxy and does no bypath. Then allow the client network to connect to your firewall on the defined squid proxy port.
That should be all.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
proxykid
Newbie
Posts: 16
Karma: 0
Re: Squid and SSL/HTTPS
«
Reply #2 on:
September 26, 2019, 05:55:31 pm »
I see.... I do have an additional rule for dual wan fail over, which now that you mention it it could be causing to allow the traffic that should be blocked.
If that's so.... so should I go about it? should I just disable the load balancing and allow opnsense to switch the default gateway and let it decide? Thanks.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Squid and SSL/HTTPS