Netgate SG-1000 microFirewall

Author Topic: Squid/Squidguard blacklist nginx bug  (Read 92 times)

0 Members and 1 Guest are viewing this topic.

Offline giacomo

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Squid/Squidguard blacklist nginx bug
« on: February 02, 2018, 08:31:43 am »
Hi All!

News about this?


I am new to pfsense and could not find a satisfactory solution to the following problem. I installed the squid and squidguard packages. When I try to go to a blacklisted page, I get the web error "400 Bad request The plain HTTP request was sent to HTTPS port nginx".
This was previously noted in post https://forum.pfsense.org/index.php?topic=115115.0. The work around is no move the web GUI from https to http.
I have tested this solution and it works. The workaround is not entirely satisfying because security is compromised using unencrypted http access to the web GUI.


Thak you!

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: Squid/Squidguard blacklist nginx bug
« Reply #1 on: February 02, 2018, 08:45:12 am »
What news are you expecting?  WPAD requires an HTTP server, not HTTPS.

https://technet.microsoft.com/en-us/library/cc995261.aspx?f=255&MSPPError=-2147217396

Implementing DNS or DHCP

Consider the following criteria when deciding whether to use a DHCP WPAD entry, a DNS entry, or both:

 - WPAD entries in DNS can only be used by client computers that belong to a domain, and clients must be configured to resolve DNS names.
 - When implementing WPAD with a DNS server, entries must be configured for every domain containing clients enabled for automatic discovery.
 - A valid DHCP server must be installed.
 - When using DNS to publish WPAD, automatic discovery must be configured to use port 80. Alternatively, the outgoing Web requests must be configured to listen on port 80.
 - WPAD in DHCP is limited to specific user groups on some client computer operating systems. For more information, see the Microsoft Knowledge Base article 312864, "Automatic Proxy Discovery in Internet Explorer with DHCP requires specific permissions."
 - Generally, using DHCP servers with automatic detection works best for local area network (LAN)-based clients, while DNS servers enable automatic detection on computers with both LAN-based and dial-up connections. Although DNS servers can handle network and dial-up connections, DHCP servers provide faster access to LAN users and greater flexibility. If you configure both DHCP and DNS, clients will attempt to query DHCP for automatic discovery information first and then query DNS.