pfSense 2.3 Proxy Bypass breaks filtering
1 view
Skip to first unread message
Chris Teesdale
May 3, 2016, 7:36:09 AM5/3/16
to QuintoLabs Content Security for Squid Proxy / Diladele Web Safety
Good afternoon,
I'm currently running pfSense 2.3 and Diladele 4.4.0. Everything seems to work OK (except websites with the SNI Peek and Splice error).
However if you enter any destination IPs to bypass the SSL interception within the pfSense GUI all filtering stops completely and you're able to access everything that should be blocked. This did work on pfSense 2.2.3
Is there any way of achieving this elsewhere such as under ICAP settings within Diladele?
Chris Teesdale
May 3, 2016, 10:46:15 AM5/3/16
to QuintoLabs Content Security for Squid Proxy / Diladele Web Safety
I also need to add that the Website exclusions list isn't applying even after a full restart. I want to block social network but allow Facebook.com only.
Rafael
May 11, 2016, 12:46:44 PM5/11/16
to QuintoLabs Content Security for Squid Proxy / Diladele Web Safety
Hello Chris,
We never test with transparent Squid in pfSense. I presume the squid.conf is somehow not correctly generated :(
As for categories - you seem to 'block' facebook by category and it is indeed blocked. You need to clear the "Check for prohibited site categories" checkbox for .facebook.com in your exclusions.
Best regards,
Rafael
We never test with transparent Squid in pfSense. I presume the squid.conf is somehow not correctly generated :(
As for categories - you seem to 'block' facebook by category and it is indeed blocked. You need to clear the "Check for prohibited site categories" checkbox for .facebook.com in your exclusions.
Best regards,
Rafael
Reply all
Reply to author
Forward
0 new messages