Awesome! Glad it works for ya.

Perhaps some default config which wasn't written into a .conf file.
Go to every GUI windows and click save again to make sure all configuration is written to the files.

@Seb:

Just suppress the alert (that's what I did). Joel Esler (who is 'responsible for the detection created for Snort' and works at Sourcefire) says that disabling this alert will not produce any additional cost savings (at least in the case of 'MESSAGE WITH INVALID CONTENT-LENGTH OR CHUNK SIZE' and, I assume, all preprocessor type alerts.  Read the whole thread (or at least the preceding and first messages in it) for more details.

I suppressed the "MESSAGE WITH…" alerts, and will probably be suppressing the remaining http_inspect alerts. I cleared the logs, and will check them later tonight, thanks.

in my case, I just removed the WAN which snort was generating fatal erros for and after I re-added the Interface and reset the rules and categories everything worked back. It's probably some kind of software conflict.

@dvserg:

You url www.müller.de will be converted by browser to punycode http://www.xn–mller-kva.de/ ( SG view last url only )
You must use one of services ( for example http://www.charset.org/punycode.php ) for converting you national url to punycode and use this in the SG filter.

Great! I never heard of that. Thank you very much!

Hi,

if you enabled "Not to allow IP addresses in URL" then users are not allowed to use an IP address in the browsers URL.

To bypass this for some specific URLs/IP-addresses you must create a target and whitelist this target.

So create a target and add all the destination IPs you want to whitelist.
The on "Group ACL" or "Common ACL" select this target as "Whitelist"

This should work - even if "Not to allow IP addresses in URL" is enabled.

But I do not see a way to automatically use the IPs from pfblocker.

Any one help please

I just discovered this being new to pfsense.  Not a big deal as I did a backup before hand but I would think 99.9% of the time people upgrading the snort package would want to keep their previous config even if they normally want the config removed if they were to uninstall the package (to keep the config relevant to what is used).  I wonder how big of a change it would be to always treat upgrades with a keep config.

YOU'RE FUCKING AWESOME MAN!!!!!!!!! I DID IT.. Both sites now are accessible each on its own FQDN.  I LOVE PFSENSE and everyone here.
BTW I have been using TMG and ISA since 2002 and never liked it .. and was waiting for the moment to get rid of it esp that some Microsoft employees told me that MS will not continue supporting TMG anymore.

@marcelloc:

There is a tutorial on Portuguese forum, I'll look for it and paste the link here for a Google translate.  ;)

http://forum.pfsense.org/index.php/topic,47532.msg249812.html#msg249812
http://forum.pfsense.org/index.php/topic,47532.msg250366.html#msg250366

can you please post your configuration ? your network configuration as well and what port is your webserver hosted on ?

Thanks

The categories are only taken from there for the main package list.

I don't recall though if the column in the Installed Packages list comes from that data or from the package's .xml file.

@mlafer:

Hi, but for authentication I need to deactivate transparent proxy :-(, therefore I need to configure every PC, needn't I?

What about the use of Voucher:
a) normal user login with password: no Youtube access, but unlimited time;
b) with Voucher: xx min access to youtube, but still Dansfilter active

I don't think you would need to configure each PC - other than making sure they are setup to automatically detect the proxy settings. You would need to create a wpad.dat auto configuration file to allow automatic proxy configuration. You can search the forums here to see how to do it…

The other option would be to leave transparent on and assign each device a specific IP address (in DHCP settings). Of course, this assumes that your boys have there own devices and don't have the ability to access another users device.

I am also wondering if and when this will be fixed.

Thanks.

@marcelloc:

@thetzawko:

Your reply is very useful and valuable for me.

Why do you install package gui if you are not going to use it? ???

Install squid via pkg_add on console this way you get squid without gui.

Take a look on available package at http://files.pfsense.org/packages/

Thank you for your instruction. This is my first time experience on pfSense. I had a lot of experience on rpm based linux. But I have no idea to do so on pfSense. When I use squid GUI I can configure basic setup for my environment. After that I edit the config file manually. I think this is a little easy for me. Anyway thank you.

@nearones:

I am using browser proxy server.

Create an exception rule for this site on your browser configuration and add a rule on lan(using alias to include site name) to allow traffic without proxy to it.

Am I the only one seeing this issue? Can someone with a 6RD setup comment on their snort success please?

@marcelloc:

@Gradius:

I need to log into WebGUI and enable it manually everytime I perform an update.

Every time pfblocker is uninstalled(during update or not) it's disabled to prevent rules and aliases errors

@Gradius:

This never happened before 2.0.1 (even on 1.2.3).

Pfblocker on 1.2.3??? I did it together with tommyboy only for 2.x or later