pfSense Transparent Squid Proxy, SSL Man In The Middle, Clam AntiVirus, and Windows Updates

USE AT YOUR OWN RISK: The following procedures may be illegal in some countries. Follow all local laws and regulations for your area. I am not responsible for any issues or damage you may cause. This is how I setup squid, ClamAV, and splicing for Windows Updates on pfSense. We setup SSL/MITM bumping and splicing for HTTPS traffic as well. You will need to install your certificate created in pfSense as a trusted root certification authority on all clients using the proxy and bumped connections. Below are custom options and refresh patterns that I used: My custom options in the SSL/MITM text box: Windows Update domains that should be spliced, not bumped acl splice_it ssl::server_name .microsoft.com acl splice_it ssl::server_name .windowsupdate.com acl splice_it ssl::server_name .akamaitechnologies.com acl splice_it ssl::server_name .akadns.net acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice splice_it ssl_bump bump all My custom refresh_options on the Local Cache tab refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims #Also, a thank you to Aleksey Mochalin for this great additional info: Thank you very much one more time for that video. It you want to restrict (bypass) ip addresses you can have next configuration: acl splice_it ssl::server_name .microsoft.com acl splice_it ssl::server_name .windowsupdate.com acl splice_it ssl::server_name .akamaitechnologies.com acl splice_it ssl::server_name .akadns.net acl localnet src 10.0.0.0/8 #local network acl localnet src 192.168.0.0/16 #local network acl localnet src 172.16.0.0/12 #local network acl localnet src 2.2.2.2/32 #just for example acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice splice_it ssl_bump splice localnet # splice one more time ssl_bump bump all Thanks for watching! rocketcitytech.tv

• #science_technology
• #squid
• #proxy
• #clamav
• #antivirus
• #windows_updates
• #pfsense
• #virtualbox
• #bump
• #splice
• #man_in_the_middle
• #mitm
• #https
• #http
• #cache
• #certificate_authority
• #transparent