q16marvin
(Q16marvin)
December 29, 2020, 2:12pm
1
Hi,
i changed value of RedirectUrlHTTPS like this:
db configuration setprop squidguard RedirectUrl https://lalalalal/blocked/
db configuration setprop squidguard RedirectUrlHTTPS https://lalalala/blocked/
signal-event nethserver-squidguard-save
Blocked http sites will be redirected perfectly, https not:
is there something else do set?
dnutan
(Marc)
December 29, 2020, 2:16pm
2
If I recall correctly this is a know limitation for https sites on transparent mode due to peek and splice implenentation. I think there’s some comment about it in the documentation.
q16marvin
(Q16marvin)
December 29, 2020, 2:23pm
3
i dont use transparent mode i use authenticate mode
dnutan
(Marc)
December 29, 2020, 4:05pm
4
My bad, the limitation is on the web-content filter:
Known limitations
Transparent URL filtering on HTTPS websites can only block whole domains, because ufdbGuard can only receive the domain name, not the full URL
Redirected HTTPS show an error instead of the block page
https://docs.nethserver.org/projects/nethserver-devel/en/latest/nethserver-squidguard.html#known-limitations
mark_nl
(Mark Verlinde)
December 29, 2020, 4:24pm
5
what happens without the https://
prefix ie:
db configuration setprop squidguard RedirectUrlHTTPS lalalala_FQDN_lalala/blocked/
q16marvin
(Q16marvin)
December 29, 2020, 4:28pm
6
@mark_nl : it makes no difference:
@dnutan : so currently this setting “RedirectUrlHTTPS” is useless correct?
dnutan
(Marc)
December 29, 2020, 4:33pm
7
I think the parameter was there at the time the webfilter was using another interception method to analyse URLs. Better ask @filippo_carletti about the RedirectUrlHTTPS
parameter.
mark_nl
(Mark Verlinde)
December 29, 2020, 4:35pm
8
q16marvin:
it makes no difference:
to bad , did have a peek in the code
the default url is : blocked.nethserver.org:443
so you may try this :
db configuration setprop squidguard RedirectUrlHTTPS lalalala_FQDN_lalala:443/blocked
EDIT: and you may have an peek how the URL expands the templated configuration file:
cat /etc/ufdbguard/ufdbGuard.conf
mark_nl
(Mark Verlinde)
December 29, 2020, 5:11pm
10
Than better wait until the real expert(s) tune in …
I need to see the real url. I suspect it has an invalid certificate.
I can’t reproduce the error.
I used firefox 84, I tried to visit a blocked website, I saw the usual warning about risky page (due to certificate not matching), accepted to continue and finally the blocked red page.
q16marvin
(Q16marvin)
December 30, 2020, 1:30pm
13
mhhh which site do you test?