The blacklists are not likely to work at all on NanoBSD. They are gone because /var is a RAM disk so it will be gone at reboot.

The squidGuard package isn't coded to support them in that scenario.

well… I saw it was fast on my tablet... so It was related to my PC.

I uninstalled BitDefender 2012... and tada!

So... I will open a case at BitDefender.

Thanks for the trick anyway! :)

That did it ! Thanks Jim.

Thanks for your help.

I didn't realize you could control select in the proxy interface box. Thank you guys.

No.

All you know is the IP from the firewall log - at best you can guess the country with something like GeoIP but it's just a guess - you cannot get the URL unless you luck out and find that the IP actually reverse resolves to something meaningful.

Many sites are hosted as virtual hosts, so there are 10, 100, 1000 "URLs" on a single IP address. The only way to know the URL is to sniff/proxy the traffic. You cannot get that from the IP.

To do reverse DNS on the entire firewall log would take far too long to be practical, even just the part shown in the GUI. There is already a link (a little i) that will take you to Diagnostics > DNS with that IP if you really want to do a reverse lookup.

There are very hackish ways to hijack ssl but it involves installing a certificate on the client machine, which essentially completely breaks the trust of SSL in such a way to make it useless. (There are also rumors that China/FBI/NSA/CIA/etc have "special" trusted CA certs on sniffer devices that essentially do the same… but I haven't seen any real evidence, though it is a fun theory)

If you don't control the clients, you can't transparently proxy ssl. If you do control the clients, you're much better off doing as Nachtfalke suggested and hard coding the proxy information on the clients. Then you don't need to hack anything or install any certificates.

It should be no problem. I have installed the latest version.
thanks for your quick help~~:)))

Thanks for the response.

Yes, that is correct, I want the user to be required to authenticate only if they try to go to a restricted site.

For example, if a user navigates to http://someSiteThatIsRestricted.com it would prompt for a user name and password. If they are in a group in Active Directory that is allowed to go to that site it will of course let them otherwise they are redirected to a block page that tells them the reason.

Thanks for the link. I have looked at that before but how do you do that in pfSense? I'm running a separate install to test with so I want to know how to do it even if it is not as secure and then I can decide whether to use a dedicated proxy instead of using pfsense for that.

It is nice to be able to add functionality to pfSense through the packages because that allows for a more secure setup by default and the flexibility to customize it to fit almost any environment.

Talking to a 2008 r2 box, if it's been configured in a domain with 2008 functionality is a no go for this. You get the warning during the promotion of the server to DC that it will break lots of open source stuff. Also if Squid is in transparent mode it's a no go.

So what's your domain functionality set to?
Are your users authenticating to Squid and if so what method are you using i.e NTLM
How many users are we talking about?

Steve thanks for the help

As you know the squid3 not confirmed! The lock so I could do for l7.

About UltraSurf had already read that document but so far the only way I found to be successful in blocking was blocking all networks.
99.224.0.0/11
63.241.6.64/28
63.242.0.0/16
63.240.0.0/15
218.168.0.0/16
125.176.0.0/12
122.118.0.0/16
69.64.144.0/20
211.109.128.0/24
59.120.0.0/14
59.112.0.0/13
97.112.0.0/13
71.192.0.0/12
219.137.112.224/27
203.112.80.0/20
162.138.0.0/16
170.201.0.0/16
156.40.0.0/16
61.224.0.0/14
61.220.0.0/14
59.120.0.0/14
59.112.0.0/13
220.136.0.0/13
220.132.0.0/14
220.130.0.0/15
220.129.0.0/16
118.168.0.0/16
122.120.0.0/13
118.168.0.0/16
122.120.0.0/13
71.208.0.0/12
61.231.0.0/16
218.160.0.0/16
61.62.74.0/24
72.25.64.0/18
66.245.192.0/18
64.62.138.0/25
64.62.128.0/17
125.224.0.0/13

Work but is not an efficient method because tomorrow there may be a new network.

Lightsquid doesn't block, it just reports.

SquidGuard is probably what you want, but it can't filter based on the text in the page, just the text in the URL itself.

If you search the forum for SquidGuard you will probably find more useful information.

How would one recompile a the zlib library from the Web Configurator? If it has to be done via command line, what is the pkg_add command that would do this?  ???

@bluinside:

Waiting for a bugfix… I have found this solution:

make user "havp" (any password, I used "havp") using pfSense "User manager" from System menu

than reboot and look into syslog. The error shuold be gone and the two Havp services should correctly start.

:)

Did this correct the issue?

@compucoder:

I bit the bullet and upgraded to 2.0 RC3 last night. So far it is working perfectly. Every feature I used in Snort before works. The updater works properly now too.

I just did the 2.0 upgrade and it is using whichever version of Snort it had before and it all seems to be working fine.

So far 2.0 seems like a good route to take.

Have you looked at SNORT to see whats running, I have had an issue with SNORT not starting and refuseing to start doing it manually. I have tried reinstalling and uninstalling so far no go. I thing there is a bug with 2.0 RC3 and SNORT, also have had an issue with HAVP anti virus hanging the system. After hours of working with them, I removed both and all issues went away.

@jimp:

pkg_delete -f perl-5.12.3, then reinstall the lightsquid package.

i did that and reinstalled got same error
i noticed that there is 3 version of perl loaded do i have to delete all of them

perl-5.10.1_1      Practical Extraction and Report Language
perl-5.12.3        Practical Extraction and Report Language
perl-5.12.4        Practical Extraction and Report Language

Hi sully,

thanks for your feedback. Nice to hear, that it is working now and we didn't something wrong :)

If you like to see, if squidguard is blocking sites correctly than you have to enable the logs in squidguard. In squidguard there is a tab "Log" in which you find all logs according to squidguard. So here you can see if you son is browsing lego.com and then there is a redirect to another domain, e.g. lego-xyz.com and then this page will be blocked. so you are able to find out the URL which is blocked and than can add this to your target rules.

The logging capability of squid is for the whole traffic which passes squid. it shows you urls, ips. I think this is not what you intend to do.

How the hierarchy is working exaclty I do not know because I just have got one target rule and one Group ACL. But your order sounds good. But in Group ACL you have one option on top "Order". I think this is the order the Group ACLs will be apllied. If you do further tests in this case please post back your results.

Found it… =)

/usr/local/etc/squid/errors/English ERR_TOO_BIG