Cache/Proxy

• J

  Squid NTLM Config Proxy Work with IP but no work with DNS (IE and Chrome)
  • j.sejo1

  2
  0
  Votes
  2
  Posts
  207
  Views

  J

  @j-sejo1 The problem was? IE and Chrome when use Proxy for DNS. the way auth is kerberos. When use Proxy for IP the way auth is Ntlm. Firefox by default use NTLM. Solved: In Propierties, option avanced, IE Disable: Integrations Autentication WIndows. The best practices: is: on Squid enable auth: Kerberos NTLM Basic
• V

  Lightsquid SSL Web Access Problem
  • Viktor 0

  4
  0
  Votes
  4
  Posts
  287
  Views

  V

  @jimp said in Lightsquid SSL Web Access Problem: the cursor ends on a new lin Thank you! I reimported certificate with new line after -----END CERTIFICATE----- and it works.
• D

  Google Home connection issues related to squidguard safesearch
  • Dogfish

  1
  0
  Votes
  1
  Posts
  103
  Views

  No one has replied

• 

  Why use "Transparent HTTP Proxy" option
  • chudak

  4
  0
  Votes
  4
  Posts
  855
  Views

  S

  Hi All, I realize this topic is quite old, but I thought I'd post this here just in case someone needed it. I use squid in transparent proxy mode, and also Arlo cameras. I have found a way (though it may be temporary, we have yet to see) to get streaming from inside the firewall to work. Steps: Log-in to your Arlo account (arlo.netgear.com) Open developer options (F12) Click on a stream as-if you were going to watch it a. At this time, you'll see an error which states that you cannot load the stream due to an SSL protocol error. Write down or copy that host name. Open your squid general settings, and scroll down to Transparent Proxy -> Bypass Proxy for these IPs and paste the host name from above. Save your settings and test. This is what I did to allow streaming of video clips, and I hope it helps someone else!
• A

  Squid with CARP over LAN interface
  • alexx1923

  3
  0
  Votes
  3
  Posts
  181
  Views

  

  @alexx1923 go to General settings > Advanced Features > Integrations Add below line (use ; to separate new lines) ;http_port YOURCARPIP:SQUIDPORT you can sync squid settings with your backup server. when primary fails carp IP will shift to secondary server and squid will start working with CARPIP in secondary as well. so in general squid will be working with 3 Ips ... LAN IP of primary server, LAN IP of secondary server and CARP VIP . you can give configure CARP VIP in clients or serve in wpad.
• A

  No Categories in Squidguard?
  • anttechs

  8
  0
  Votes
  8
  Posts
  279
  Views

  

  @anttechs I am using squidguard, After configuration of blacklist option in General settings i.e http://www.shallalist.de/Downloads/shallalist.tar.gz in Package > SquidGuard > Blacklists you need to hit download button 4-5 times continuously , to get it download blacklist database, make sure it reaches 100%
• J

  I cannot disable youtube safesearch
  • Jopeme2000

  1
  0
  Votes
  1
  Posts
  137
  Views

  No one has replied

• 

  Squid + 5 VPN conection on one WAN
  • reza3sw

  4
  0
  Votes
  4
  Posts
  230
  Views

  

  @ravegen Hello my friend My goal : set proxy (SquidGuard-Cach server-Control Bandwidth with squid ) on VPN conection with LoadBalancing And I have One wan conection and 5 VPN conection on WAN This very simle ... I want pass traffic from VPN (LoadBalancing gateway (5vpn conection)) . also I want to have Squid proxy and SquidGuard ... But squid not compatible with loadbalancing very simple..I want tcp_outgoing_address to another interface and create rule for my traffic Did you realize what I mean?
• E

  This topic is deleted!
  • edgdfbdff11

  1
  0
  Votes
  1
  Posts
  2
  Views

  No one has replied

• D

  [SOLVED]pfsense 2.43: squidguard doesn't deny to download exe, mp3, etc
  • DimmKo

  8
  0
  Votes
  8
  Posts
  528
  Views

  

  Great! So looks like it was just a regex issue. Thanks for the follow up. Steve
• M

  E2guardian not working
  • mateusscheper

  1
  0
  Votes
  1
  Posts
  144
  Views

  No one has replied

• M

  Squiguard + SSL + Group ACL
  • mila76

  1
  0
  Votes
  1
  Posts
  216
  Views

  No one has replied

• D

  Squid-3.5.27 SSL Custom works few minutes. MITM breakdown
  • denisk

  13
  0
  Votes
  13
  Posts
  599
  Views

  P

  @denisk I've been waiting for the updates version on pfSense too. Squid 3.5 in my usage slowed down the Internet rather than helping it speed up through caching.
• F

  Squid-3.5 series became DEPRECATED with the release of Squid-4 series
  • fredlubrano

  8
  0
  Votes
  8
  Posts
  764
  Views

  

  Will what be in 2.4.4? Squid 4.x? Unlikely. 3.5.28 will probably make it in eventually, but it's not in FreeBSD ports yet.
• J

  Squid redirect Page
  • J7529

  8
  0
  Votes
  8
  Posts
  465
  Views

  

  Try setting the redirect mode in Squidguard to ext url move. You will have to redirect to something, you might create a page for that. I hit that same error recently and that worked around it. Steve
• N

  [SOLVED] pfSense / Squid vs Untangle - SSL inspection
  • nadmax

  6
  0
  Votes
  6
  Posts
  537
  Views

  P

  @nadmax said in [SOLVED] pfSense / Squid vs Untangle - SSL inspection: I installed E2 Guardian last night - I must say it is a very complete package so there is a bit of a learning curve involved. Way more advanced than the Squid equivalent. Nevertheless, I achieved the results I wanted in about 30 minutes - it works exactly as per my expectations. I still have a lot of tuning to do but I have no doubt that I've found what I was looking for. Thanks! No problem at all! Glad I could help! :) If you have any questions, feel free to shoot them through into the E2 Guardian thread and we'll be more than happy to assist!
• F

  [SOLVED] How to filter HTTPS for wifi network (guests)
  proxy https wifi • • felipemb

  14
  0
  Votes
  14
  Posts
  966
  Views

  P

  You can still do some filtering on HTTPS without the MITM. On E2 Guardian, I have multiple groups setup, some which have MITM enabled and some such as in your case that are for Guest Wi-Fi where I can't properly sneak in the CA. On Squid I believe this is referred to as Bump and Splice all. For my guest Wi-Fi setups, I just use the non-MITM method. This is where the proxy is able to see the domain name without the resource path at the end in order to decide if a website should be let through or not. MITM would obviously allow the proxy to look at the entire URL with the resource path and make a informed decision as to whether or not to allow a website through. I prefer it way more than DNS level filtering as it's more flexible. You can set it up for specific users while others can browse those sites just fine. If you've got sometime, I recommend you give E2 Guardian a shot. It worked out a lot better than Squid in my use case and it has the added benefit of actual phrase filtering.
• 

  Disable web GUI access when running Squid
  • Mr_JinX

  6
  0
  Votes
  6
  Posts
  194
  Views

  

  scratch that, clam av uses its FQDN, which is allowed to pass the clam av white list.
• S

  Issue with HAproxy Intermediate certificate
  • Solll

  1
  0
  Votes
  1
  Posts
  135
  Views

  No one has replied

• T

  Using HAProxy to redirect WAN port 80 to WAN Port 443 using webconfigurator
  • tazmo

  6
  0
  Votes
  6
  Posts
  5048
  Views

  M

  @tazmo I have Pfsense with HAProxy installed in it .can u guide how to do load balance between two AWS EC2 Web server Instance with SSL. Even i have SSL purchased from the 3rd party tool.
• A

  WPAD not working
  • albtech

  8
  0
  Votes
  8
  Posts
  561
  Views

  

  @albtech See if this website can help WPAD PAC Proxy Configuration
• L

  Squid negative speed increase
  • lamle

  3
  0
  Votes
  3
  Posts
  392
  Views

  L

  @periko said in Squid negative speed increase: ng the proxy? Did u use auth? This squid server serve about 1200 to 1500 Users. I don't use auth, no error found, dns google work normal.
• L

  SSL Man In the Middle Filtering error "WindowsUpdate_80072F8F"
  • ld73

  2
  0
  Votes
  2
  Posts
  215
  Views

  L

  Hi guys! I understand that the solution to the current problem does not exist?
• T

  PfSense randomly blocking web sites
  • TomS

  5
  0
  Votes
  5
  Posts
  1197
  Views

  G

  All i can say, most possibly its your configuration.
• D

  Proxy and Traffic Graph
  • dotslashniks

  2
  0
  Votes
  2
  Posts
  200
  Views

  R

  @dotslashniks I think you should still be able to see LAN addresses under the Status/Traffic Graph/. Make sure the Interface selected is LAN. I personally don't find the traffic graph extremely useful. Try installing the ntopng package. It's a great package for checking traffic. Look it up on YouTube, there are great tutorials on what it can do.
• T

  Landing Page for Pfsense Proxy after User Authentication
  • tmkte

  1
  0
  Votes
  1
  Posts
  118
  Views

  No one has replied

• A

  HAProxy - Log host name
  • aeleus

  3
  0
  Votes
  3
  Posts
  172
  Views

  A

  @piba said in HAProxy - Log host name: @aeleus Use the 'Advanced pass thru' textbox to put that config setting into ? Thanks, Piba! That works.
• C

  Kodi Addon Cache Editting
  • christinamcadams

  1
  0
  Votes
  1
  Posts
  136
  Views

  No one has replied

• C

  Is it possible to use haproxy for DNS over TLS?
  • cwesterfield

  2
  0
  Votes
  2
  Posts
  219
  Views

  

  A client has to explicitly know it's using DNS over TLS, it isn't as simple as forwarding 53 to 853. Running that on 53 may just confuse clients. Even so I'm not sure HAProxy can be used to present a certificate and work with DNS over TLS. Maybe as a simple TCP frontend to a real DNS over TLS backend like Unbound. But if you want something local to answer on 53 and then send the requests out to an upstream DNS over TLS server, then the DNS Resolver on pfSense can handle that. It can also act directly as a DNS over TLS server. It's possible to do with the custom options for DNS Resolver but there are native GUI controls for it in 2.4.4.
• S

  Groups based access to certian websites
  • Snailkhan

  2
  0
  Votes
  2
  Posts
  168
  Views

  S

  any help in this regard ?
• S

  HAProxy 0.59_7 not working with SSL. :(
  • Smoothrunnings

  8
  0
  Votes
  8
  Posts
  272
  Views

  S

  @piba said in HAProxy 0.59_7 not working with SSL. :(: it does seem that backend-exch80_ipvANY isnt 'up' yet.. Have you checked what the stats page says in LastChk column That's the next thing I have to fix on the server side it seems. The server reports a 503 server when I do HTTP to it. I think in the past I had it setup to redirect to HTTPs but after CU10 it might have broke. So no worries right now. 443 works, so does the webserver on 443 and 80. autodiscover is on the same server as OWA so it too is broke on 80.
• R

  haproxy - not working with ProfileManager (certificate problem?)
  • regexaurus

  9
  0
  Votes
  9
  Posts
  465
  Views

  R

  @PiBa Yes, I can at least access the macOS Server portal / Profile Manager externally now. SCEP device enrollment isn't working externally for me, though it is internally. I'm not sure how important that is--I think that's (mostly) an enroll once kind of deal. It looks like someone else beat me to experiencing this trouble, and found at least a sledge hammer style workaround. ;-) Thanks for all your help!
• A

  Need to block email attachment
  • ayanbanerjee

  2
  0
  Votes
  2
  Posts
  149
  Views

  

  Hi, This is something that has to be implemented into the mail server. Every mail server. Thus impossible. Sending and retrieving mails is being done using SSL connections more and more often, so pfSense can't "see" in the data stream that it is an "email". And even if you pulled it off, people stopped using their fat mail client, to browse to their web mail, and then download or upload the attachment. All this will be done over https;//, leaving you out of the game completely. Read also, for example, https://security.stackexchange.com/questions/14120/open-source-tool-to-block-email-attachments edit : if you have people on your network(s) that are capable of downloading (or sending) unknown, potentially dangerous files as attachments, then you throw them on a captive portal and Wifi , using AP's with client isolating activated (== no more local network sharing) and if there is more then one AP, also enforce sharing among these AP's. Only then people (clients, visitors) can mess up badly, and only have their device being fckd up without exposing others on your local net(s).
• D

  Speed Test
  • dotslashniks

  3
  0
  Votes
  3
  Posts
  324
  Views

  D

  Ooohh. I see. Thank you, Periko
• F

  ICAP error casued by Squid AV
  • froglevelmc

  1
  1
  Votes
  1
  Posts
  135
  Views

  No one has replied

• D

  odd problem with squidguard and lan ip addresses
  • dgall

  1
  0
  Votes
  1
  Posts
  92
  Views

  No one has replied

• N

  Hard disk is getting full due to /var/log/c-icap/access.log
  • Nadzrul_11

  3
  0
  Votes
  3
  Posts
  189
  Views

  N

  Hi periko, Thank you for the advise. I am able to clear the log with the command suggested and my hard disk is now at 60%.
• 

  Squid Transparent Mode MITM doubt?
  • periko

  3
  0
  Votes
  3
  Posts
  231
  Views

  

  clean and simple, thanks _neok.
• S

  squidguard URL filtering not working
  • Su30MKI

  4
  0
  Votes
  4
  Posts
  197
  Views

  

  You need enable MIT feature. This link could be help you. https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense Hand up if it was useful. Gabriel
• K

  HTTP Health check backend with HAProxy package via GET request
  • Kirill2401

  3
  0
  Votes
  3
  Posts
  160
  Views

  K

  Hi, PiBa! Or perhaps you want to configure a 'port' option on the server to make it check on a different port than the regular traffic >>go's to? Could add that on the server-pass-thru option. This is exactly what I need! Thanks, it works for me with the server-pass-thru option :)