@ageekhere Done Opened [image: 1661211004620-screen-shot-2022-08-22-at-4.29.24-pm-resized.png]

@jonathanlee [image: 1661112591020-096e4435-3b0c-4f3e-a6c5-80fbc347097a-image.png] (IMAGE: After certificate is approved you can use your smartphone and it works again with Firefox as a browser)

@ghostshell Amazons Prime changed yesterday for me it was the same for 3 years now it has .am in the domain. I can see them resolve in logs under DNS resolver it will show them pull and resolve every 5 mins. [image: 1661022208159-resolver.png]

@ageekhere you would need a list of approved bypass urls. Apple, some android, Windows updates. . . Etc If(list.contains) something like that? You as an administrator must have granular control. As well as approve trusted sources. A GUI would work better with just a button that says Apple, Android, Windows, to help create lists for bypass traffic.

Ok, so after checking the CRL with openssl, and finding it was set to new in 1950 I found this thread: https://forum.netgate.com/topic/172870/crl-has-expired So I guess that patch would fix this? Anyway, I just created a new CRL with only 7000 days and it is working again.

@jonathanlee I have few hits this morning that show HIT but not many

@jonathanlee Hello again Netgate community, Why is items flagged as viruses coming from Google? I also checked some at Virus total and they have been flagged by other users of that site. Keylogger, and other items are marked found in links. It's amazing what the Netgate can find, and its also eye opening that they are coming from the cloud and not a random website.

@bluboy Thank you I used the ACL for a XBOX to splice only so I could still SSL check other devices with certificates [image: 1660754964196-screen-shot-2022-08-17-at-9.49.10-am-resized.png] This way I can cache and check for viruses on my laptop and my son can watch xbox and play games.

This workaround works, have to use it before this bugs gets fixed I guess. https://dannyda.com/2022/08/17/how-to-fix-squidguard-on-pfsense-only-the-first-rewrite-rule-work-bug-workaround/

@blindmotphil Am seeing the same problem on my unit. Did you manage to fix this since you last posted?

@omarvip huh - you wouldn't change your wan IP on the proxy configuration.. Your going to have to provide some context.. Why are you in the proxy/cache section which has zero to do with what an interfaces IP address is..

@wontbeherelong bump. Exact same , love offense and haproxy but would like to auth with google workspace

@michmoor Figured it out, from Reddit of all places. You can define multiple ACLs within the action field. This isnt documented for the GUI sadly BUT this works as a AND function.

FYI - if anyone else has this issue, the package is not supported by Netgate and there doesn't seem to be any obvious answer as to why this happens. I've given up now and gone with a DNS filtering solution instead of using Squid Guard.