It was there !
Many thanks !

Thank you PiBa! It works like a charm!

thank you guys for your suggestion and comments, and sorry for the late feedback due to a reason I temporarily disable of using both squid3 and squidguard at the same time. I've made some experiment and follow some of your suggestion. but unfortunately it has an abnormal functionality sometime it works sometimes it won't so I decided to stop for awhile. but anyway and again thank you guys for the help.

best regards

Argie Santos
from Philippines.

@KOM:

Don't waste your time with squid2.  Install squid3 instead.  Honestly, I don't know why they even have squid2 still in packages.  It's ancient.

This is surprising. I had no idea that squid3 is more stable. I assumed that that been marked as beta, the squid package would be more stable.

Can i just uninstall squid, then install squid3 and keep the configuration, or i have to reconfigure this package and/or squidGuard?

forcing safesearch is not working for me.

@qwaven:

Hey there,

So I bit the bullet and upgraded to 2.2.4-RELEASE. Had to fight with it a bit but it seems to be working now.

So…

after installing Squid3. Turning on the proxy seems to be working with or without transparent mode on. :)

However when I try and enable HTTPS/SSL filtering anything SSL no longer will work.

I see:

error:invalid-request

through-out the logs. Not sure what to do about this?

Thoughts?

Thanks!

maybe need import cert to your browser?

I don't think there are recommendations for your scenario.. But from what i expect it should work alright for most options like your planning it..

I found a non conventional solution adding c1.vkcache.com to "Bypass proxy for these destination IPs" option, it works but I'm still wondering why squid blocks this website and why not the others streaming sites  ???

Squid2 is old and should be avoided.  Squid 3.4.10 is what pfSense has.  If you need something newer, you will have to compile it yourself or use a separate *nix server to do it..

Both pfBlockerNG and Snort inject rules into the ruleset.  You might try disabling them, if possible, and see if that has any effect.

Looks like I figured it out.  For us to be able to block ports 80 and 443 we had to create a custom error page in another server and configure squidguard to redirect the errors to it in Group ACL  > Redirect mode  set to ext url err page (enter URL) and on the redirect box http://other_server_ip/path_to_custom_error_page/index.php?clientAddress=%a&clientName=%n&clientUser=%i&clientGroup=%s&targetGroup=%t&clientUrl=%u

I'm not the greatest at web pages but this is the code for the basic custom error page, once it is displayed you will realize that it is obviously based on the pfsense built in error page

$clientAddress = $_GET['clientAddress']; $clientName = $_GET['clientName']; $clientUser = $_GET['clientUser']; $clientGroup = $_GET['clientGroup']; $targetGroup = $_GET['targetGroup']; $clientUrl = $_GET['clientUrl']; echo "\n"; echo "\n"; echo " ### Request denied by pfSense proxy: 403 Forbiden"; echo " \n"; echo " **Reason:** \n"; echo " * * * "; echo " **Client address:** "; echo "$clientAddress"; echo " \n"; echo " **Client group:** "; echo "$clientGroup"; echo " \n"; echo " **Target group:** "; echo "$targetGroup"; echo " \n"; echo " **URL:** "; echo "$clientUrl"; echo " \n"; echo " * * * "; echo "\n"; echo "\n"; #RESPONSE CODE http_response_code(403); ?>

Great steps so far but im stuck at the point of joining the domain, i keep getting
cannot join as standalone machine

can anyone help with this?

Yes its the version 3.4.10 available in the public Package Repository.

If you would like to install the squid-3.5.3-… from the pfsense files then you have to "build" your own Custom Package Repository and manipulate the "pkg_config.10.xml".

But be carefull, dont try it in a live environment. Also please read about "peak and splice" on the squid homepage.

Here is the link to Creating a Custom Package Repository https://doc.pfsense.org/index.php/Creating_a_Custom_Package_Repository

edit:

BTW you could see the version of installed squid version by enabling ssh , and connect via ssh to your pfsense server and type squid -v. Then you see the build options and version number.

For real though, Squid3 will both eliminate problems now and prevent future ones from happening. Just use it.

Isnt there a option to enable auto update or do i have to make a cronjob for that?

Or a script perhaps.

@ganewbie:

Well,
Thanks to all for the great support, now I got squid3 working no issue however the squid-guard does not want to run.
After searching on forums, I found out that you need to re-download the blacklist sites after each reboot. Not sure why? but in any case when I do that it works meaning, both services could show green and running under status–> Services.

The interesting thing is when I deny for example Porn it does not do anything and you can still have access to Porn. Is there a special package or even some different approach to block or deny certain site categories?

Thanks,

I had the same issue on pfsense 2.2.1.  I solved the problem by putting one item into "target categories" at squidguard. Choose a name for the entrance and put one URL into the URL-List.
Save the item and apply the changes. Download the blacklist again. After a reboot the blacklist is still active.