squid cant redirect ssl website correctly to squidguard error page in a denied category
When you use "squid" with "squidguard" set in "NO" transparent mode, any category denied previously (squidguard) the browser shows an invalid cert for the domain "http", this happens always, if you ignore the warning, squid show an error¶
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: https://http/*
Unable to determine IP address from host name http
The DNS server returned:
Name Error: The domain name does not exist.
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.
But never shows the error page from squidguard, I tested many pages with the same result, the certificate issue only appears when the website is denied by a rule from squidguard when you inspect ssl.
I attached screenshots with the tests.
pfsense 2.3.2-RELEASE (amd64)
#1 Updated by Albert Albert over 4 years ago
here is the same error reported in pfsense forum without a solution
#2 Updated by Luiz Fernando Cavalcanti over 4 years ago
NOT A BUG.
This is caused by a behavior on Browsers, check this link for more information about it: https://bugzilla.mozilla.org/show_bug.cgi?id=479880
Also explained on the Squid Wiki[[http://wiki.squid-cache.org/Features/CustomErrors?highlight=%28faqlisted.yes%29]]
Reading subsequent discussion on this standard doesn't seem that Browsers will change this because it open the attack vectors, allowing exploits for Phishing.
So, any page accessed using HTTPS that is blocked by Squid/SquidGuard will display the Browser's standard error message about Tunnel connection error.