Hi,
I am using URL filter - its works fine at http and https (page not open), but in HTTPS i don’t have my Redirect page.
Anyone have an idea why this doesn’t work?!
thank you very much in advance for your help
my config:
Proxy transparent mode
Authentication method: Windows Active Directory (samba).
Firefox / Chrome - proxy setting from GPO
Hi,
welcome to the IPFire community.
Quoted from the documentation:
Transparent mode
In this mode Squid operates completely in the background and requires no configuration on client side. This mode only works with HTTP (port 80), the transparency is technically regulated by the firewall that intercepts any request to the web through the proxy and redirects the service (REDIRECT-Target).
This is why using transparent mode does not make sense if your clients query services via HTTPS. In addition, IPFire does not support intercepting HTTPS connections for security purposes, which is why it cannot inject the redirection page into blocked HTTPS queries.
Thanks, and best regards,
Peter Müller
Why keep support intercepting http?
For http the interception of the encryption is not needed. We also send the block page also on https but the browser ignore it without the encryption.
Almost all domains today are in https. If page redirection is not 100% efficient, there is no need to maintain it.
I’ve tried everything (Proxy no transparent, proxy settings in firefox, sslbump etc …)
IPfire does not display a notification page at https.
I turned off the content filter in ipfire and made it on Kaspersky KES12
subject to close.
thank you
Hi,
I’ve tried everything (Proxy no transparent, proxy settings in firefox, sslbump etc …)
IPfire does not display a notification page at https.
if you would have read my post closely enough, you might have seen that IPFire cannot inject a notification page for HTTPS sites without intercepting TLS - which we do not support for security reasons. More information is available in this paper:
Thanks, and best regards,
Peter Müller
