It’s just the same “redirection-problem” of blocked sites.
Ok, thanks
Hi Filippo,
what do you mean with not https aware? I only want to understand what is happening in detail, so I can try to find out a solution.
I had to say that I tried squid with squidguard with the MITM method at a transparent SSL proxy at my manual installation before.
AFAIK, squidguard cannot parse SNI from squid.
I appreciate your efforts, please continue to investigate.
I’ll be away from keyboard for some days.
@flatspin, I can’t reproduce your findings (the red block page showing URL https://www.facebook.com).
My env:
NethServer 6.8, manual proxy, social networks category blocked
Firefox, advanced settings connect to NethServer 6.8
Tests I made:
- access a blocked site via http → I see the red block page, url is http://…
- access a bocked site via https → I see Unable to connect ffox page
/var/log/squidGuard/urlfilter.log contains:
2017-01-25 11:00:36 [17917] Request(default/socialnet/-) www.facebook.com:443 192.168.56.1/192.168.56.1 - CONNECT REDIRECT
2017-01-25 11:20:37 [17917] Request(default/socialnet/-) http://anobii.com/ 192.168.56.1/192.168.56.1 - GET REDIRECT
2017-01-25 11:20:48 [17917] Request(default/socialnet/-) anobii.com:443 192.168.56.1/192.168.56.1 - CONNECT REDIRECT
As you can see, https requests have “:443” as expected.
I think this is the best explanation I found:
I think the transparent proxy with ssl in 6.8 decrypts all the ssl traffic and generates a fake certificate. Could it be that the fake certificate is the reason for showing the right block site.
Yes, you’re right. NS-Certificate is installed on all clients, so squid can decrypt and give a new cert to the client.