Dear, I've created a self signed CA Certificate in pfSEnse, in order to use it in the SSL Filtering / Spice All from Squid.
This CA certificate is NOT installed in none of the device clients (notebooks, cell phones, etc), because is imposible to ask each WiFi user to install it. Everything works OK, except certains cases, for example: - Facebook app sometimes doesn't load the user profiles, I have to close Facebook and open it again - Mercadolibre is the same, it doesn't load the content and after that I have to close and open the app Why certain apps don't work OK until I close and restart them ??? Thanks a lot again!!! 2018-01-10 3:51 GMT-03:00 WebDawg <[email protected]>: > Can you just do inspection on this and have it stop acting as a true proxy? > > Splice All: > This configuration is suitable if you want to use the SquidGuard > package for web filtering. > All destinations will be spliced. SquidGuard can do its job of denying > or allowing destinations according its rules, as it does with HTTP. > You do not need to install the CA certificate configured below on clients. > Content filtering (such as Antivirus) will not be available for SSL sites. > > On Tue, Jan 2, 2018 at 11:01 AM, Elijah Savage <[email protected]> > wrote: >> Interested in what sort of problems you are seeing. >> >> I use the same setup in a small environment let's call it home :) with many >> different devices and have not seen any issues. >> >> -----Original Message----- >> From: List [mailto:[email protected]] On Behalf Of Rainer >> Duffner >> Sent: Tuesday, January 02, 2018 10:01 AM >> To: pfSense Support and Discussion Mailing List <[email protected]> >> Subject: Re: [pfSense] Transparent proxy for WiFi users >> >> >> >>> Am 02.01.2018 um 14:46 schrieb Roberto Carna <[email protected]>: >>> >>> Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4 >>> in order to filter HTTP and HTTPS web content for different types of >>> WiFi clients on my company: >>> >>> - Android (different versions) >>> - Notebooks Windows 7/10 >>> - Iphone >>> - Etc. >>> >>> In some cases, depending on the device Operating System, some apps >>> experiment problems, for example Facebook and some others. >>> >> >> >> >> >> Apps that do hardwired Key-Pinning (everything from Apple, Google and >> probably TFB, too) will not work. >> You have to make exemptions, AFAIK. >> >> Same for ebanking and related. >> >> >> >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
