Typically after you make changes and click save at the bottom of the associated page you are on (Common ACL if you changed target categories), go back to the General Settings page, and click Apply, once, no more, and it should reload the rules and work after a few moments.

Everything except HTTP, and if you have properly setup Squid to also handle HTTPS, will just pass through the firewall instead of squid… Squid is not meant for anything except traffic that goes over 80 and 443 in a typical environment.

Any idea?

Ok, figured I would update this post…  Had hoped someone would have chimed in by now though :(

I have HTTPS filtering working fully, I didn't realize that SquidGuard couldn't really intercept the connection, but will instead just break the tunnel, hence why I do not get the error page.

As for not accessing this forum, apparently when setting up my targets, I had accidently selected Forum instead of Fortune Telling... LOL

The only thing I have had trouble with since has been sgerror.php, since I followed that guide, and use HTTPS for webgui management, it seems I can't get the proper error page.  I attempted to copy the sgerror.php file over to the directory that is serving things, (I can serve an html file just fine!) but the browser just downloads the php file instead of generating a proper page with the block rule and such.

So, does anyone have any tips, or hints on how to get sgerror.php to work after having followed that guide?

Indeed:

from Squid perspective, relying on AD is nothing more than implementing LDAP support (although AD, as an LDAP server has some specific aspects) if you don't want to be prompted for authentication, Kerberos (especially in Microsoft domain environment) is the right solution. But this doesn't come out of the box because all browsers are not yet ready to support Kerberos.

This means you need Squid to support Kerberos (available since 2.6) and also your browser to be able to use such mechanism, which is not that obvious.

SquidGuard for sure wont 'interact' with HAProxy without some major work on lua scripting or development to haproxy to be able to call squidguard as a 'plugin' like squid does..

@alear:

I am using these packages. Squid is a transparent proxy. SquidGuard using int redirect default with custom block sgerror.php. All was working well. Once I configured whitelists it is failing. SquidGuard is still blocking bad sites but it is only displaying code 400 bad request now and has quit redirecting to my sgerror.php file. Tried other browser and got same results. I reinstalled the squidgaurd package and it will work correctly again but when I work in the whitelists I am back to failed redirect. Is the problem within squid itself?

Try disabling https for webui

pfsense - 2.2.6-RELEASE
They were installed using pfsense package management.

Assuming you have a block rule on LAN that prevents people from using ports 80/443 directly, just add a rule above that rule to allow those specific IP addresses out on 80/443.  This way those users don't have to go through squid at all.  This question would be better posted in the Cache/Proxy forum.

You have squidGuard but not squid?  squidGuard relies on squid and won't do much without it.  Did you search for the file using the command I gave you?  Weird that it wasn't in the default location.  You could try removing the package and then reinstalling it.  Worst case, me or someone else can upload the file for you to grab and put where it belongs.

@Duailibe:

Resolved my problem! Thank you!

Please, edit the first post and add [SOLVED] at the start or end of the title, so anyone else with your trouble knows that here is a solution.

Greetings!

This is for Lync but, it worked for skype too?
I'm having issues with skype from december (2015) until now. My pfSense has squid3+Squidguard+Lightsquid on transparent mode+Man in the Middle(hor http & https filtering). I'm trying to bypass the Skype servers IP address and nets but, until now, I had no luck…

"Unable to connect with Skype" shows when I open Skype. If I bypass from the proxy the IP of the PC where skype is running, Skype works without troubl; removed the bypass, the issue comes back.

Any advise or tip (or cheatsheet) are welcome :D

Thanks in advance.

@keelingj:

I have Squid3 configured as a transparent web proxy (want to cache Windows and antivirus updates) and would like to optimize my settings.  Specs:

Intel Atom C2758 8-core
32GB RAM
100GB Intel enterprise SSD

I currently have 16GB of RAM and 30GB of SSD allocated to Squid.  However, my server's RAM usage is only 11% so I think the cache object sizes need to be tweaked.  Suggestions?

If wsus is not an option then there exists windows offline updates installer or Downloader. Download them and run its instalation on machines.

in pf 2.2.6 i can`t by pass squid3 cache Hit in captive portal bandwit limiter

ClamAV is too heavy to be on a firewall IMO and puts an undue burden on all your network traffic.  Plus, I don't know how effective their signatures are as compared to the large anti-threat vendors.  Better to run client protection of some sort.

No.

hello,

Im still having problem on this topic. :'(

new pfsense installed and last version of squid3.
2.2.6+ 0.4.7