pfSense Transparent Squid Proxy, SSL Man In The Middle, Clam AntiVirus, and Windows Updates
46.4 هزار بار بازدید -
6 سال پیش
-
USE AT YOUR OWN RISK:
USE AT YOUR OWN RISK: The following procedures may be illegal in some countries. Follow all local laws and regulations for your area. I am not responsible for any issues or damage you may cause.
This is how I setup squid, ClamAV, and splicing for Windows Updates on pfSense. We setup SSL/MITM bumping and splicing for HTTPS traffic as well. You will need to install your certificate created in pfSense as a trusted root certification authority on all clients using the proxy and bumped connections.
Below are custom options and refresh patterns that I used:
My custom options in the SSL/MITM text box:
Windows Update domains that should be spliced, not bumped
acl splice_it ssl::server_name .microsoft.com
acl splice_it ssl::server_name .windowsupdate.com
acl splice_it ssl::server_name .akamaitechnologies.com
acl splice_it ssl::server_name .akadns.net
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice splice_it
ssl_bump bump all
My custom refresh_options on the Local Cache tab
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
#Also, a thank you to Aleksey Mochalin for this great additional info:
Thank you very much one more time for that video. It you want to restrict (bypass) ip addresses you can have next configuration:
acl splice_it ssl::server_name .microsoft.com
acl splice_it ssl::server_name .windowsupdate.com
acl splice_it ssl::server_name .akamaitechnologies.com
acl splice_it ssl::server_name .akadns.net
acl localnet src 10.0.0.0/8 #local network
acl localnet src 192.168.0.0/16 #local network
acl localnet src 172.16.0.0/12 #local network
acl localnet src 2.2.2.2/32 #just for example
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice splice_it
ssl_bump splice localnet # splice one more time
ssl_bump bump all
Thanks for watching!
rocketcitytech.tv
6 سال پیش
در تاریخ 1397/10/16 منتشر شده
است.
46,465
بـار بازدید شده