Check out the following:

https://forum.pfsense.org/index.php?topic=113092.new;topicseen#new

Using Squid ACLs turns out to not be a good choice as entire pages appear to be blocked when only some content loads from the undesirable domains.  Any suggestions to get it working in Squidguard?

" Any suggestions on correcting it?"

Your on the local lan right… then use the local IP, if you want to use the same public fqdn to access it then just setup a host override so that internal boxes resolve your public fqdn to your internal IP.

It must be a browser issue since it worked with Internet Explorer instead of Firefox.

Bumb.

I tried doing a full reinstall but still did not work. I am thinking of downgrading to an older PF sense version.

Just realized my question was vague with the word "sites".  Multiple wan sites is what I meant.. so looking to have many sites via internet point to a single point for whitelist lookup. But once access is allowed to a website Id like the wan site to use its own ISP gateway.

is this possible?

You could set up squid guard to filter those urls.

Someone please help!!!

I could not find the answer in the help documents nor using the forum search. So I kept searching the file system directory by directory till I found the files under "/usr/local/etc/lightsquid".

Okay, a reboot fixed this issue but I think a reboot should be the last opinion.

Regards

Yes, it is possible.

BUT you cannot use transparent proxy and authenticated (password protected) proxy at the same time.

Squid's basic auth is crap. It's based on crypt and cannot use any password over 8 characters long.

In prior versions the password was silently truncated and accepted, now it's rejected, which is more correct.

Nevermind, I solved the problem.

Since my company uses Google Apps for work, there was a "cloud" policy under Google Admin Center which sent the proxy to all linked accounts on Chrome.
The policy was explicit set to connect directly to the internet.

That´s why the "change proxy" button was even grayed out.

post your LDAP settings and filter criteria please

@monkeyx:

Hi,

The settings below were copied from a forum post, that I used to help improve performance of squid on pfSense 2.2. Could anyone advise if these settings are still needed on 2.3?

add this to the /boot/loader.conf kern.ipc.nmbclusters=32768 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.ip.portrange.last=65535 or just delete it and replace with autoboot_delay="1" #kern.ipc.nmbclusters="0" hint.apic.0.disabled=1 kern.hz=100 #for squid kern.ipc.nmbclusters="32768" kern.maxfiles="65536" kern.maxfilesperproc="32768" net.inet.ip.portrange.last="65535" you might ask why squid is so slow? its because default configuration of pfsense is router not as a server thats why kern.ipc.nmbclusters="0" <- is set to zero. if you just simply remove this squid will be just fine. but to tune the squid i add this kern.ipc.nmbclusters: 32768 kern.maxfiles=65536 kern.maxfilesperproc=32768 net.inet.ip.portrange.last: 65535

I believe kern.ipc.nmbclusters is the only /boot/loader.conf.local variable you need to set. All of the other settings are managed by pfSense/FreeBSD and are bigger than the values recommended for pfSense 2.2 and earlier:

[2.3.2-DEVELOPMENT][root@pfSense.lan]/root/scripts: sysctl net.inet.ip.portrange.last net.inet.ip.portrange.last: 65535 [2.3.2-DEVELOPMENT][root@pfSense.lan]/root/scripts: sysctl kern.maxfilesperproc kern.maxfilesperproc: 232389 [2.3.2-DEVELOPMENT][root@pfSense.lan]/root/scripts: sysctl kern.maxfiles kern.maxfiles: 258216 [2.3.2-DEVELOPMENT][root@pfSense.lan]/root/scripts: sysctl kern.ipc.nmbclusters kern.ipc.nmbclusters: 1000000 [2.3.2-DEVELOPMENT][root@pfSense.lan]/root/scripts:

No, you cannot have authentication active in squid while also having transparent mode active.

There may be some other way to reach the same goal, however, it wouldn't involve strictly using pfSense (e.g. second proxy box you could manually configure with auth, or maybe 802.1x auth to drop into another VLAN, etc)