• All HTTP redirected to HTTPS after 2.2.4 upgrade

    5
    0 Votes
    5 Posts
    2k Views
    J

    It was there !
    Many thanks !

  • Multiwan PPPeO and Squid in different Boxes - Horrible Speed

    1
    0 Votes
    1 Posts
    691 Views
    No one has replied
  • Pfsense Squid3 ReverseProxy and SNI

    1
    0 Votes
    1 Posts
    693 Views
    No one has replied
  • Haproxy-devel (0.27): tcp-request rule after reqadd rules

    3
    0 Votes
    3 Posts
    2k Views
    T

    Thank you PiBa! It works like a charm!

  • Problem with Squid3 and Squidguard.

    6
    0 Votes
    6 Posts
    2k Views
    1

    thank you guys for your suggestion and comments, and sorry for the late feedback due to a reason I temporarily disable of using both squid3 and squidguard at the same time. I've made some experiment and follow some of your suggestion. but unfortunately it has an abnormal functionality sometime it works sometimes it won't so I decided to stop for awhile. but anyway and again thank you guys for the help.

    best regards

    Argie Santos
    from Philippines.

  • PfSense 2.2.4(AMD64) Squid failure.

    6
    0 Votes
    6 Posts
    3k Views
    F

    @KOM:

    Don't waste your time with squid2.  Install squid3 instead.  Honestly, I don't know why they even have squid2 still in packages.  It's ancient.

    This is surprising. I had no idea that squid3 is more stable. I assumed that that been marked as beta, the squid package would be more stable.

    Can i just uninstall squid, then install squid3 and keep the configuration, or i have to reconfigure this package and/or squidGuard?

  • Does Squid and Squidguard work in PF Sense 2.2.2

    21
    0 Votes
    21 Posts
    6k Views
    A

    forcing safesearch is not working for me.

  • Squid Not Allowing Any Connections

    10
    0 Votes
    10 Posts
    4k Views
    A

    @qwaven:

    Hey there,

    So I bit the bullet and upgraded to 2.2.4-RELEASE. Had to fight with it a bit but it seems to be working now.

    So…

    after installing Squid3. Turning on the proxy seems to be working with or without transparent mode on. :)

    However when I try and enable HTTPS/SSL filtering anything SSL no longer will work.

    I see:

    error:invalid-request

    through-out the logs. Not sure what to do about this?

    Thoughts?

    Thanks!

    maybe need import cert to your browser?

  • HAproxy on a stick

    2
    0 Votes
    2 Posts
    763 Views
    P

    I don't think there are recommendations for your scenario.. But from what i expect it should work alright for most options like your planning it..

  • TCP_MISS 404 issue in some videos

    2
    0 Votes
    2 Posts
    2k Views
    L

    I found a non conventional solution adding c1.vkcache.com to "Bypass proxy for these destination IPs" option, it works but I'm still wondering why squid blocks this website and why not the others streaming sites  ???

  • 0 Votes
    2 Posts
    3k Views
    KOMK

    Squid2 is old and should be avoided.  Squid 3.4.10 is what pfSense has.  If you need something newer, you will have to compile it yourself or use a separate *nix server to do it..

  • Squid3 crashes on 2.2.3

    16
    0 Votes
    16 Posts
    5k Views
    KOMK

    Both pfBlockerNG and Snort inject rules into the ruleset.  You might try disabling them, if possible, and see if that has any effect.

  • Squidguard redirect in pfsense 2.2.3

    7
    0 Votes
    7 Posts
    3k Views
    F

    Looks like I figured it out.  For us to be able to block ports 80 and 443 we had to create a custom error page in another server and configure squidguard to redirect the errors to it in Group ACL  > Redirect mode  set to ext url err page (enter URL) and on the redirect box http://other_server_ip/path_to_custom_error_page/index.php?clientAddress=%a&clientName=%n&clientUser=%i&clientGroup=%s&targetGroup=%t&clientUrl=%u

    I'm not the greatest at web pages but this is the code for the basic custom error page, once it is displayed you will realize that it is obviously based on the pfsense built in error page

    $clientAddress = $_GET['clientAddress']; $clientName = $_GET['clientName']; $clientUser = $_GET['clientUser']; $clientGroup = $_GET['clientGroup']; $targetGroup = $_GET['targetGroup']; $clientUrl = $_GET['clientUrl']; echo "\n"; echo "\n"; echo " ### Request denied by pfSense proxy: 403 Forbiden"; echo " \n"; echo " **Reason:** \n"; echo " * * * "; echo " **Client address:** "; echo "$clientAddress"; echo " \n"; echo " **Client group:** "; echo "$clientGroup"; echo " \n"; echo " **Target group:** "; echo "$targetGroup"; echo " \n"; echo " **URL:** "; echo "$clientUrl"; echo " \n"; echo " * * * "; echo "\n"; echo "\n"; #RESPONSE CODE http_response_code(403); ?>
  • Squid+Dansguardian with Active Directory (NTLM) Single Sign On WORKING!!!

    135
    0 Votes
    135 Posts
    132k Views
    D

    Great steps so far but im stuck at the point of joining the domain, i keep getting
    cannot join as standalone machine

    can anyone help with this?

  • Certificate sha256

    16
    0 Votes
    16 Posts
    5k Views
    S

    Yes its the version 3.4.10 available in the public Package Repository.

    If you would like to install the squid-3.5.3-… from the pfsense files then you have to "build" your own Custom Package Repository and manipulate the "pkg_config.10.xml".

    But be carefull, dont try it in a live environment. Also please read about "peak and splice" on the squid homepage.

    Here is the link to Creating a Custom Package Repository https://doc.pfsense.org/index.php/Creating_a_Custom_Package_Repository

    edit:

    BTW you could see the version of installed squid version by enabling ssh , and connect via ssh to your pfsense server and type squid -v. Then you see the build options and version number.

  • I can't start squidguard on pfsense 2.2.4

    5
    0 Votes
    5 Posts
    2k Views
    T

    For real though, Squid3 will both eliminate problems now and prevent future ones from happening. Just use it.

  • ESPN videos

    1
    0 Votes
    1 Posts
    628 Views
    No one has replied
  • Anti Virus.

    3
    0 Votes
    3 Posts
    804 Views
    ?

    Isnt there a option to enable auto update or do i have to make a cronjob for that?

    Or a script perhaps.

  • Transparent proxy not working

    10
    0 Votes
    10 Posts
    4k Views
    T

    @ganewbie:

    Well,
    Thanks to all for the great support, now I got squid3 working no issue however the squid-guard does not want to run.
    After searching on forums, I found out that you need to re-download the blacklist sites after each reboot. Not sure why? but in any case when I do that it works meaning, both services could show green and running under status–> Services.

    The interesting thing is when I deny for example Porn it does not do anything and you can still have access to Porn. Is there a special package or even some different approach to block or deny certain site categories?

    Thanks,

    I had the same issue on pfsense 2.2.1.  I solved the problem by putting one item into "target categories" at squidguard. Choose a name for the entrance and put one URL into the URL-List.
    Save the item and apply the changes. Download the blacklist again. After a reboot the blacklist is still active.

  • Recommendations

    Locked
    8
    0 Votes
    8 Posts
    1k Views
    B

    @chris4916:

    @bcpereiraa:

    As for ok hardware resources. the question now would be regarding the configuration. Is there something else I should do?

    Like what ?

    Pay attention to I/O (Assuming both CPU and memory are OK, which is quite easy nowadays): disk I/O will most likely be your bottleneck with 1000 HTTP users as far as cache is concerned.
    Then it also depends on additional services you intend to run: content filtering, antivirus, something else ?

    I would also suggest to have log and cache on different spindles (this is also true for SSD  ;))

    Last but not least: do not assume that larger cache size will provide better performance.

    Thank you so much!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.