Squidguard RedirectUrlHTTPS

Hi,

i changed value of RedirectUrlHTTPS like this:

db configuration setprop squidguard RedirectUrl https://lalalalal/blocked/
db configuration setprop squidguard RedirectUrlHTTPS https://lalalala/blocked/
signal-event nethserver-squidguard-save

Blocked http sites will be redirected perfectly, https not:

is there something else do set?

If I recall correctly this is a know limitation for https sites on transparent mode due to peek and splice implenentation. I think there’s some comment about it in the documentation.

i dont use transparent mode :slight_smile: i use authenticate mode

My bad, the limitation is on the web-content filter:

Known limitations

  • Transparent URL filtering on HTTPS websites can only block whole domains, because ufdbGuard can only receive the domain name, not the full URL
  • Redirected HTTPS show an error instead of the block page

what happens without the https:// prefix ie:

db configuration setprop squidguard RedirectUrlHTTPS lalalala_FQDN_lalala/blocked/

@mark_nl: it makes no difference:

@dnutan: so currently this setting “RedirectUrlHTTPS” is useless correct?

I think the parameter was there at the time the webfilter was using another interception method to analyse URLs. Better ask @filippo_carletti about the RedirectUrlHTTPS parameter.

to bad , did have a peek in the code :thinking:

the default url is : blocked.nethserver.org:443

so you may try this :

db configuration setprop squidguard RedirectUrlHTTPS lalalala_FQDN_lalala:443/blocked

EDIT: and you may have an peek how the URL expands the templated configuration file:

cat /etc/ufdbguard/ufdbGuard.conf

the same result…

Than better wait until the real expert(s) tune in …

I need to see the real url. I suspect it has an invalid certificate.

I can’t reproduce the error.
I used firefox 84, I tried to visit a blocked website, I saw the usual warning about risky page (due to certificate not matching), accepted to continue and finally the blocked red page.

mhhh which site do you test?