pfSense Squid https filtering ERROR - URL cannot be retrived

Question

I have pfsense 2.3.5 with squid 3.5 running on it. I have implemented HTTP and HTTPS filtering: http works like a charm, HTTPS doesn't work at all. I have uploaded the certificate into the browser but when I try to brows any https website I get the error below

I have tried to change DNS as well but still the problem. I have look around and all solution proposed they didn't work for me. Any idea? Thanks

Answer 1

SquidGuard is broken for https out of the box. You need configure Common ACL Target Rules List Default access [all] to Allow, save. Then click Apply in General settings tab.

My best bet is that Default access has no block page configured for some reason. If anyone knows how to get Default access to deny working please let me know.

Here is my working SquidGuard configuration step by step tested on pfSense 2.3.4-RELEASE-p1 (amd64):

1. Download any blacklist - www.shallalist.de for example.

• General Settings -> Blacklist options -> check to enable blacklist
• Put in Blacklist URL: http://www.shallalist.de/Downloads/shallalist.tar.gz
• Hit save.
• Go to Blacklist tab.
• Hit download (Black list url is already there)
• Wait for it to finish downloading.

2. You need to configure your blacklist default to Allow state (The default state which is Deny all is what causes https://http/* error)

• Go to Common ACL Tab
• Hit plus button on Target Rules List
• Scroll down to Default access [all], set access to allow
• Set other categories that you want to be blocked to deny.
• Hit save at the bottom of the page.
• Go to General settings Tab.
• Click Apply at to Top of the page so your settings will be applied from Common ACL Tab.

Check if https sites load properly now.

Remember to clear cache from before playing with pfsense from your browser or it will show you old state of web filtering.