pfSense Transparent Squid Proxy, SSL Man In The Middle, Clam AntiVirus, and Windows Updates

USE AT YOUR OWN RISK: The following procedures may be illegal in some countries. Follow all local laws and regulations for your area. I am not responsible for any issues or damage you may cause.

This is how I setup squid, ClamAV, and splicing for Windows Updates on pfSense. We setup SSL/MITM bumping and splicing for HTTPS traffic as well. You will need to install your certificate created in pfSense as a trusted root certification authority on all clients using the proxy and bumped connections.

Below are custom options and refresh patterns that I used:

# My custom options in the SSL/MITM text box:
# Windows Update domains that should be spliced, not bumped
acl splice_it ssl::server_name .microsoft.com
acl splice_it ssl::server_name .windowsupdate.com
acl splice_it ssl::server_name .akamaitechnologies.com
acl splice_it ssl::server_name .akadns.net
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice splice_it
ssl_bump bump all

# My custom refresh_options on the Local Cache tab
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims

#Also, a thank you to Aleksey Mochalin for this great additional info:
Thank you very much one more time for that video. It you want to restrict (bypass) ip addresses you can have next configuration:
acl splice_it ssl::server_name .microsoft.com
acl splice_it ssl::server_name .windowsupdate.com
acl splice_it ssl::server_name .akamaitechnologies.com
acl splice_it ssl::server_name .akadns.net
acl localnet src 10.0.0.0/8 #local network
acl localnet src 192.168.0.0/16 #local network
acl localnet src 172.16.0.0/12 #local network
acl localnet src 2.2.2.2/32 #just for example
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice splice_it
ssl_bump splice localnet # splice one more time
ssl_bump bump all

Thanks for watching!

rocketcitytech.tv

Видео pfSense Transparent Squid Proxy, SSL Man In The Middle, Clam AntiVirus, and Windows Updates канала Rocket City Tech