Netgate SG-1000 microFirewall

Author Topic: SQUID proxy wont work HTTPS? SOLVED  (Read 455 times)

0 Members and 1 Guest are viewing this topic.

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 591
  • Karma: +13/-0
    • View Profile
SQUID proxy wont work HTTPS? SOLVED
« on: February 02, 2018, 06:54:17 pm »
Hi,
I was wondering if someone else has had this issue before. As this is not my first time installing WPAD i have been scratching my head on why its not working.  A put a new install of 2.3.5 with squid and squidguard. Whats odd is that the wpad is works and it finds it if i put http://wpad.mydomain.local/wpad.dat and it downloads the file what the wierd part is that https wont work but i see on the log its filtering only works http I have no idea why.

These are the steps i took.

1) first install squid and squidguard then turn it on  and reboot

2)  then create proxy.pac  and put it in  /usr/local/www/

Code: [Select]
function FindProxyForURL(url, host) {
//proxy  wpad.mydomain.local:3128 == 192.168.10.251:3128;
var wpad = "PROXY wpad.mydomain.local:3128";
host = host.toLowerCase();
var hostIP = dnsResolve(host);
if (hostIP == 0) return wpad;
if (isPlainHostName(host)) return "DIRECT";
if (shExpMatch(host, ".local")) return "DIRECT";
//mi dominio mydomain.local;
if (shExpMatch(host, ".casa.local")) return "DIRECT";
//redes privadas;
if (isInNet(dnsResolve(host), "127.0.0.0", "255.0.0.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "10.0.0.0", "255.255.0.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "10.0.0.0", "255.255.255.0")) return "DIRECT";
//end mi red privada;
if (isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "192.168.0.0", "255.255.255.0")) return "DIRECT";
if (isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0")) return "DIRECT";
if (shExpMatch(host, "fe80::*")) return "DIRECT";
if (shExpMatch(url, "http:*")) return wpad;
if (shExpMatch(url, "https:*")) return wpad;
return wpad;
}

then i would go to /usr/local/etc/nginx/mime.types

and add this

Code: [Select]
application/x-ns-proxy-autoconfig     pac;
application/x-ns-proxy-autoconfig     dat;
application/x-ns-proxy-autoconfig     da;

Then on dns resolver create a host override (see picture)

then create sym link

Code: [Select]
ln -s /usr/local/www/proxy.pac /usr/local/www/wpad.dat
Code: [Select]
ln -s /usr/local/www/proxy.pac /usr/local/www/wpad.da
Then on the LAN create the rules ( see picture)

the WPAD part was already implemented before using 2.2.4 on a windows server which runs the DNS and DHCP so i know thats not the issue


Thank you
« Last Edit: February 15, 2018, 09:26:42 pm by killmasta93 »

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: SQUID proxy wont work HTTPS?
« Reply #1 on: February 05, 2018, 08:47:55 am »
??? Your squidguard table seems to think https is working.

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 591
  • Karma: +13/-0
    • View Profile
Re: SQUID proxy wont work HTTPS?
« Reply #2 on: February 05, 2018, 06:51:57 pm »
I know thats whats odd. i just uninstalled squidguard updated to 2.4 and no dice either. any other ideas?

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: SQUID proxy wont work HTTPS?
« Reply #3 on: February 06, 2018, 08:39:33 am »
Can you describe the nature of the actual problem?  Timeouts, error messages...?

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 591
  • Karma: +13/-0
    • View Profile
Re: SQUID proxy wont work HTTPS?
« Reply #4 on: February 07, 2018, 08:02:16 pm »
Thanks for the reply, the timeout error is that it cannot find proxy, when it i clearly put it in as it does not respond to it. I check the logs and is see that the proxy is working, the weirdest thing i have ever seen.

Thank you

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: SQUID proxy wont work HTTPS?
« Reply #5 on: February 08, 2018, 08:05:56 am »
Can you show the access.log when that client is actually making a request through the proxy?  All it show now is you talking to WebGUI.  Do you have IPv6 enabled?

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 591
  • Karma: +13/-0
    • View Profile
Re: SQUID proxy wont work HTTPS?
« Reply #6 on: February 08, 2018, 06:40:37 pm »
Thanks for the reply, im attaching the  file,  and no IPV6

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: SQUID proxy wont work HTTPS?
« Reply #7 on: February 13, 2018, 09:05:11 am »
Sorry for the delay, I have the flu.  Squid looks like it's working.  Your access.log is full of valid connection info, lots of https connections.

What specifically is making you believe that https isn't working?

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 591
  • Karma: +13/-0
    • View Profile
Re: SQUID proxy wont work HTTPS?
« Reply #8 on: February 15, 2018, 09:26:27 pm »
Dont worry hope you get better "winter is coming" but what did the trick was ticking Resolve DNS IPv4 First with that it worked everything so odd i have never seen this before

Thank you