Roberto NFF: Product working as designed
When you use splice, you are doing a Man In The Middle (MitM) attack on your own users. Chrome is a Google product and they have enabled https ://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning and other things to detect this sort of thing. This could be seen as an abuse by Google https://www.troyhunt.com/bypas sing-browser-security-warnings-with-pseudo-password-fields/ or you could consider that end users should have an expectation of privacy by default. For example, what if your users do on line banking through your proxy? You could easily grab usernames and passwords and other personal details or worse if you abuse the trust that SSL/TLS should allow. Think very hard about the implications of attempting to break the contract that SSL/TLS is designed to provide - end to end encryption with no tampering and guaranteed privacy. Cheers Jon On Thu, 2017-11-02 at 12:00 -0300, Roberto Carna wrote: > People, I have pfSEnse 2.4 with Squid and Squidguard. > > I enable HTTP transparent proxy and SSL filtering with Splice All. > > From our Android cell phones, if we use Firefox TO NAVIGATE > everything > is OK, but if we use Chrome we can't go to Google and some other > HTTPS > sites. > > We reviewed firewall rules, NAT and denied target categories and > everything seems OK. > > What can be the problem with Chrome ??? > > Thanks a lot, > > ROBERTO > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
