pfSense Gold Subscription

Author Topic: The following error was encountered while trying to retrieve https://http/*  (Read 422 times)

0 Members and 1 Guest are viewing this topic.

Offline mzmrk

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile


I am getting this error:
ERROR

The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: https://http/*

Unable to determine IP address from host name http

The DNS server returned:

Name Error: The domain name does not exist.
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.

Your cache administrator is admin@localhost.


SquidGuard is broken for https out of the box. You need configure Common ACL
Target Rules List Default access [all] to Allow, save. Then click Apply in General settings tab.


My best bet is that Default access has no block page configured for some reason. If anyone knows how to get Default access to deny working please let me know.

Here is my working SquidGuard configuration step by step tested on pfSense 2.3.4-RELEASE-p1 (amd64):
 
1. Download any blacklist - www.shallalist.de for example.

  - General Settings -> Blacklist options -> check to enable blacklist
  - Put in Blacklist URL: http://www.shallalist.de/Downloads/shallalist.tar.gz
  - Hit save.
  - Go to Blacklist tab.
  - Hit download (Black list url is already there)
  - Wait for it to finish downloading.

2. You need to configure your blacklist default to Allow state (The default state which is Deny all is what causes https://http/* error)

  - Go to Common ACL Tab
  - Hit plus button on Target Rules List
  - Scroll down to Default access [all], set access to allow
  - Set other categories that you want to be blocked to deny.
  - Hit save at the bottom of the page.
  - Go to General settings Tab.
  - Click Apply at to Top of the page so your settings will be applied from Common ACL Tab.

Check if https sites load properly now.
Remember to clear cache from before playing with pfsense from your  browser or it will show you old state of web filtering.

I wrote this post so long for future gogglers if they ever encounter this error I wasted way to much time on.

The real question is how to set Default access [all] to deny without getting  https://http/* error for all https urls?
« Last Edit: August 13, 2017, 07:26:29 am by mzmrk »

Offline loboferoz

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Nope, this does not work, tested several times on pfsense 2.4.2

Offline rmr85

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Im having same problem here on PfSense 2.4.2 (amd64)Transparent Proxy HTTP/HTTPS + Squidguard
If i disable Squidguard all works well.

Any help?

Offline Impatient

  • Newbie
  • *
  • Posts: 24
  • Karma: +1/-0
    • View Profile

It is not supposed to work with Default access [all] to deny.