@interloper Do you have a guide on how you setup your google domain settings for your subdomains? I am trying to figure it out but having a hard time. Here is my open topic on this forum (https://forum.netgate.com/post/830593).

Thanks

@johnpoz said in Squidguard Filter: Allow only certain IPs without disabling "Do not allow IP-Addresses in URL":

x

My exact problem is
I want to block all web traffic without using domain names. But there's some chat apps in China use port 80 and ip address for communication. So, if I disallow "IP addresses in URL", that chat app fails to connect to servers.

@kom OK the problem comes from the DHCP. I didn't put the localdomain. Now it works. It was never mentioned in the guides I followed.

Thanks for your help!!!

@poenskop Para solucionar el error
Could not find report index file. Check and save sarg settings and try to force sarg schedule.

Lo que hice fue cambiar el directorio de salida del reporte de sarg en el archivo sarg.conf para que quedara de la siguiente manera:

Output dir (-o) = /usr/local/www/html/

después de esto en la consola crear un enlace simbólico hacia ese directorio

ln -s /usr/local/www/html /usr/local/sarg-reports

con esto se soluciono el problema ya pude ver el reporte y desapareció el mensaje

Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.

@michaelschefczyk
Recently (26-1-2019) haproxy itself removed the warning from their docs, the package on pfSense should get a little update to remove that warning as well..

"It was mentioned when releasing 1.8 but early bugs have long been
addressed"
http://git.haproxy.org/?p=haproxy.git;a=commit;h=1f672a8162eda18c404c6784dd749b6e061e2e4d

Afaik there are no issues anymore.. (Which in the early days used to included haproxy crashes and hangs spinning at 100% cpu usage of a core..)

@gertjan said in Squid HTTPS Interception not working?:

For https port 3129 could be used I guess - example : https://www.microlinux.fr/squid-https-centos-7/ (Squid version 3.5).
True, the official doc is hard to read.

Well, in order to get this working, I have the SSL interception running on port 3129 and the main proxy on 3128.

Pointing clients at 3129 for HTTPS results in no connectivity. However upon just telling clients to use 3128 for HTTP and HTTPS, I can see HTTPS Man in the middle working and the certificates are being issued by my CA as expected.

This suggests that PfSense+Squid is doing some sort of redirection internally to 3129 for HTTPS, or the seperate port setting for HTTPS does nothing, and it just listens on 3128 full stop.

@jason0
The HSTS cache can be a bit extra tricky to get rid of also.. Instructions for most browsers can be found though.

I think problem isn't with squid, rather with Windows 10 - system proxy settings doesn't enought, I don't know why. But with winhtt set proxy it works. Respect for your work, KOM and best regards.

@itbrain
Added the screenshots back..

Thanks KOM.

Verified cache is working by going to https://www.google-analytics.com/analytics.js.

Seeing TCP_MEM_HIT/200 when I go the javascript file hosted by Google.

thanks for the reply, i was checking the logs and your right something odd with the active directory but i ended up using the local authentication created all the users

@rggolbraich said in Squid/Clamav: Wrong redirect URL:

I know its an old post but here is my solution to the same problem.

Solution:
when I installed pfSense with all packages I use, I gave it a domain name.
After some while, i changed the domain name to my DC, somehow SquidClamAV keeps the old data so I get pointed to unavailable address.
To fix this issue I edited 2 files: (Diagnostics - Edit File)
/usr/local/etc/c-icap/squidclamav.conf
/usr/local/etc/c-icap/squidclamav.conf.pfsense

Why them both? because every time I edited the .conf file my settings get back to what it was. after changing them both pfSense kept the configuration and problem were fixed.

Thanks for this. Two years later and still a bug.

Glad its working for you now.