• [2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting

    17
    4 Votes
    17 Posts
    10k Views
    jimpJ

    @eden said in [2.4.x] Squid/ClamAV: Fix for C-ICAP 0.5.x not starting:

    Hello all

    I am also having this issues with the ICAP service not starting. I have edited then config as requested above no joy. I then decided to reinstall the package but this did not make a difference. I have now uninstall the squid package completely and reinstalled it. Still the service will not start.

    If that is the case then your problem is not the same problem as this thread. Start a new thread with details about your configuration, any error messages from logs, etc.

  • RESOLVIDO

    1
    0 Votes
    1 Posts
    248 Views
    No one has replied
  • Package install error after latest patches

    4
    0 Votes
    4 Posts
    1k Views
    P

    OK fixed it..

    Here is how I did it...

    Have WAN connectivity assigned via DHCP

    dhclient bce0

    Update the pkg metadata

    pkg-static update -f

    Forcefully reinstall all packages

    pkg-static upgrade -fy

    Note: I have a broadcom NIC, thus BCE0, it might be different on your setup.

  • Update package Ha-Proxy Fails 0.59.11

    2
    0 Votes
    2 Posts
    505 Views
    P

    Fixed after upgrade tot 2.4.4

  • block all sites except some ones in squid

    1
    0 Votes
    1 Posts
    282 Views
    No one has replied
  • LDAP authentication with a Fusion LDAP server

    Moved
    3
    0 Votes
    3 Posts
    607 Views
    S

    I am doing LDAP authenthication with Zentyal AD 0_1537789755976_pfsense ldap.PNG

    Can anyone help.

  • Squid and OpenVPN - remote internet traffic proxying

    4
    0 Votes
    4 Posts
    6k Views
    T

    @zeureo1 said in Squid and OpenVPN - remote internet traffic proxying:

    add a FW rule on the OpenVPN iface to allow TCP/3128 from OpenVPN subnet to localhost.

    Can you please be clear on "adding a FW rule on the OpenVPN iface to allow TCP/3128 from OpenVPN subnet to localhost".
    I've been using pfsense for years and I don't believe I've heard of adding FW rule on OpenVPN

  • Bug in newest check_ip.php

    3
    0 Votes
    3 Posts
    897 Views
    M

    del /usr/local/bin/check_ip.php and use the following code. i solve

    #!/usr/local/bin/php-cgi -q <?php /* * check_ip.php * * part of pfSense (https://www.pfsense.org) * Copyright (c) 2016-2017 Rubicon Communications, LLC (Netgate) * Copyright (c) 2013-2016 Marcello Coutinho * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once("config.inc"); require_once("globals.inc"); error_reporting(0); global $g; // stdin loop if (!defined(STDIN)) { define("STDIN", fopen("php://stdin", "r")); } if (!defined(STDOUT)) { define("STDOUT", fopen('php://stdout', 'w')); } while (!feof(STDIN)) { $check_ip = trim(fgets(STDIN)); $dbs = glob("{$g['vardb_path']}/captiveportal*.db"); $status = NULL; foreach ($dbs as $db) { if(!strpos($db, "_radius")) { $status = squid_check_ip($db, $check_ip); if (isset($status)){ break; } } } if (!is_null($status)) { fwrite(STDOUT, "OK user={$status}\n"); } else { fwrite(STDOUT, "ERR\n"); } } function squid_check_ip($db, $check_ip) { exec("/usr/local/bin/sqlite3 {$db} \"SELECT ip FROM captiveportal WHERE ip='{$check_ip}'\"", $ip); if ($check_ip == $ip[0]) { exec("/usr/local/bin/sqlite3 {$db} \"SELECT username FROM captiveportal WHERE ip='{$check_ip}'\"", $user); return $user[0]; } } ?>
  • block upload file ext.

    Moved
    1
    0 Votes
    1 Posts
    250 Views
    No one has replied
  • my home pfsense block outlook

    Moved
    1
    0 Votes
    1 Posts
    249 Views
    No one has replied
  • Last version of Squidguard not read/write target rules access

    3
    0 Votes
    3 Posts
    548 Views
    C

    @fabricioguzzy said in Last version of Squidguard not read/write target rules access:

    You are probably talking about this issue

    Exactly this problem Fabrizio. Thank you.

  • squid real ip

    4
    0 Votes
    4 Posts
    610 Views
    H

    I don't think so. It's either thru the vpn or not.

  • Squid Filter shows blank page regardless of int error page setting

    1
    0 Votes
    1 Posts
    375 Views
    No one has replied
  • Trying AD authentication group based on Squid

    3
    0 Votes
    3 Posts
    2k Views
    R

    Hello,

    As per experience during implementation. There are 2 problems in pFSense Squid.

    Base domain can't use "DC=Domain,DC=local", you must use something like OU=something,DC=domain,DC=local . And OU needs to be the same one using in "Search Filter" The AD user needs exists in that OU, user accounts located from other OU, Container or anywhere. Even these accounts in Search filter group". Authentication remains fail
  • Squid causing isues connecting to secured sites

    Moved
    11
    0 Votes
    11 Posts
    2k Views
    T

    Had a problem again with SquidGuard again today trying to hit amazon web services. aws.amazon.com. SSL error. Disabled Squid and was able to hit the site.

    Did a little research online and changed the following:

    Services-->Squid Proxy Server: General
    changed SSL Certificate Deamon Children to 100.

    Keep in mind, the research online I have done on this about Squid says it's highest value can be no more than 32. However, when I change it to 100 pfsense (Squid) never tells me that value is not valid. My guess is it could still be 32 even though it says 100. Not sure though.

    Also changed the following in Services-->Squid Proxy Server: General-->Show Advanced Options

    In Integrations I replaced:

    url_rewrite_children 16 startup=8 idle=4 concurrency=0 with
    url_rewrite_children 100 startup=10 idle=10 concurrency=0

    Guess it's just a wait and see game now.

    I will say this. I have my home home network VLANed for Guest Wireless and I implemented Squid a while back and had to turn it off cause the ole Fortnite wouldn't work for the kid's laptop. I turned Squid and Squidguard back on this morning before leaving with all the changes in this post, and whattda ya know, Fortnite worked when I tested it. So we're definitely on to something here.

  • Block sites

    Moved
    6
    0 Votes
    6 Posts
    776 Views
    BBcan177B

    Try this tutorial:
    https://www.linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/

  • HAProxy SNI backend checkbox

    1
    0 Votes
    1 Posts
    256 Views
    No one has replied
  • Lightsquid username password

    2
    0 Votes
    2 Posts
    1k Views
    G

    My setup, like @alavend is a new SG-3100, running the current pfSense release. Squid is installed and running in transparent mode. Lightsquid is also installed and configured. The problem is that when I try to look at the Reports, Lightsquid prompts for username/password but doesn't like any / every combination I've tried (there have been many: default creds, not default creds, different ports, SSL, not SSL, etc. Windows, Mac, several browsers, etc.).

    Can someone please point me to the path/filename.xxx where the Lightsquid authentication creds are stored? I'd like to SSH in and check to make sure the creds I'm putting into the pfSense GUI are being correctly saved (although I guess they might be encrypted). Or the logs that would show the specific error as to why the authentication is failing? This has got to be something simple.

    Thanks,

  • How to install nxFilter on Netgate 3100

    1
    0 Votes
    1 Posts
    717 Views
    No one has replied
  • Squid NTLM Config Proxy Work with IP but no work with DNS (IE and Chrome)

    2
    0 Votes
    2 Posts
    596 Views
    J

    @j-sejo1 The problem was?

    IE and Chrome when use Proxy for DNS. the way auth is kerberos.

    When use Proxy for IP the way auth is Ntlm.

    Firefox by default use NTLM.

    Solved: In Propierties, option avanced, IE Disable: Integrations Autentication WIndows.

    The best practices: is: on Squid enable auth:

    Kerberos
    NTLM
    Basic

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.