If it's the amd64 snapshot from very late on the 15th ("Tue Feb 15 23:25:41 EST 2011") or and i386 snapshot from the 16th ("Wed Feb 16 02:41:43 EST 2011") it should be OK again.

Sorry For late reply. These are my refresh pattern rules….

refresh_pattern -i .(gif|png|jpg|jpeg|ico) 43200 90% 129600 ignore-reload ignore-no-cache ignore-private;

refresh_pattern -i .(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf) 43200 90% 432000 override-expire ignore-reload ignore-no-cache ignore-private;

refresh_pattern -i .(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|jar) 43200 90% 129600 override-expire ignore-reload ignore-no-cache ignore-private;

To avoid no-cache response from servers & increase hit rate.
Note: "ignore-private" command may give a warning message as "WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP". I just Ignored it.

refresh_pattern .dnl..geo.kaspersky.com/..(zip|avc|kdc) 2160 100% 10080 ignore-no-cache reload-into-ims;
refresh_pattern ..avg.com/..(bin) 2160 100% 10080 ignore-no-cache reload-into-ims;
refresh_pattern ..avast.com/..(vpu|vpaa) 2160 100% 10080 ignore-no-cache reload-into-ims;
refresh_pattern ..kaspersky-labs.com/..(cab|zip|exe|msi|msp) 4320 100% 43200 ignore-no-cache reload-into-ims;
refresh_pattern ..kaspersky.com/..(cab|zip|exe|msi|msp|avc) 2160 100% 10080 ignore-no-cache reload-into-ims;
refresh_pattern ..nai.com/.*.(gem|zip|mcs) 2160 100% 10080 ignore-no-cache reload-into-ims;

Anti virus update Cache

Not so much luck Only 5% hit increased. Its only 3 days i am running my pfsense box. HOPE BETTER PERFORMANCE AFTER SOME DAYS. any suggestion is much appreciable.
Thanks in advance.

It is not envisaged.

@hugo:

@mellow-yellow:

I need to log, not block porn, gambling, facebook, and related (i.e. "time-wasting sites" as our management calls them) websites. We want to know WHO (reverse IP is fine) is viewing them and WHEN (squid). We already have pfsense, squid, and lighttpd running. These forums seem to recommend openDns or squidguard. However those products, while excellent, appear to block, not simply log such sites. lighttpd is also excellent, but it returns too many websites, since we're not interested in employees' visiting our already approved sites, including gmail, yahoo, google, etc, which represent 95% or more of the traffic.

In short, how can we simply log, not block, such sites?

There are specific software applications that can do that…
One of them is: MyPornBlocker. Which has many options and can log access to time wasting sites and even take screenshots.

That site and software sounds like a scam site or something that are trying to sell useless software to a high price to protective parents and that tip is also useless because the topic is about a BSD firewall, not a Windows client.

// rancor

Any ideas? I still want to do this…

Oh thanks. :)

# Do not edit manually ! http_port 10.10.200.254:8080 icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/English icon_directory /usr/local/etc/squid/icons visible_hostname ffdfw002 cache_mgr ithelp@dontcare.com access_log /var/log/httpproxy/access.log cache_log /var/log/httpproxy/cache.log cache_store_log none logfile_rotate 8 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src  10.10.200.0/255.255.255.0 uri_whitespace strip cache_mem 512 MB maximum_object_size_in_memory 32 KB memory_replacement_policy lru cache_replacement_policy lru cache_dir aufs /var/squid/cache 2500 16 256 minimum_object_size 0 KB maximum_object_size 1024 KB offline_mode off cache_swap_low 90 cache_swap_high 95 # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 acl sslports port 443 563  acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? acl allowed_subnets src 10.10.200.0/24 cache deny dynamic http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB reply_body_max_size 0 allow all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow all # Setup allowed acls # Allow local network(s) on interface(s) http_access allow allowed_subnets http_access allow localnet # Custom options redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf redirector_bypass on redirect_children 3 # Default block all to be sure http_access deny all

Thoughts?

Bump

Your info is here: http://doc.pfsense.org/index.php/Squid_Package_Tuning

You can find that infos for (not all pages/packages at the moment) by clicking at the blue help-point ahich is present on every page in the upper right white space near the page-name.

I have been having the same problem. And was thinking of using a linux box in between to authenticate Squid users on pfsense.
Did you find a better solution?
Or did this work for you?

Thanks

What would you like me to do (?), without the following information:

pfSense version; squidGuard version; full text of the error / screenshot.

Did you try checking /etc/hosts.allow?

Here is a quote from: http://www.mail-archive.com/ossec-list@googlegroups.com/msg00939.html

"Freebsd does not use /etc/hosts.deny but rather inserts all wrapper
rules into /etc/hosts.allow."

Also the formatting is ALL: XXX.XXX.XXX.XXX: deny

@tracer:

thanks for the file, this made my day.
It seems to work now.
Any idea where it creates the rules to block these IPs ?

Hey Chris!

Problem is that you need to enable the HTTP inspect preprocessor. To do that…

Thanks - made the changes and still got some fatal errors on startup, but these were related to the snort rule files. Deleted one rule line in /usr/local/etc/snort/snort_31447_fxp0/rules/exploit.rules and around 6 in ..specific-threat.rules and everything now starts up without any errors. Can't say I completely know what i'm doing here, but all seems to work.

It's my first introduction to FreeBSD and their seem to be a whole load of options in pfsense that I don't recognise at all, so will have to get FreeBSD installed on an old machine later in the year to see how all the bits fit together.

Had an uptime almost since install, with constant memory usage, so no memory leaks and a very robust, fit and forget system thus far...

Regards,

Chris

@jamesdean:

Im working on Snort 2.9.0.3 package for Pfsense 2.0. Please be patient.

james

Thanks a lot James, it is truly appreciated!!

Gabriel

http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764568353.html

http://forum.pfsense.org/index.php/topic,32994.0.html

This happens on 2.0 Beta 5. You are right, it never happened to me with 1.2.3.

And sadly, no, my pipe is not that phat :(

I'll check the Squid logs for the test server IPs. Thanks for the tip!

As has been explained many times before, you cannot transparently proxy HTTPS and thus you can't filter it.