you must configure the authentication in both now so that it works, you need to create an acl of groups with AD in the squidguard by changing the parameters of the example:

ldapusersearch ldap://192.168.0.100/DC=domain,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=domain%2cDC=com))

@_neok said in Squid + Squidguard + active directory + SSO:

This video is a bit old but the general outlines helped me make it work.

Yes this works, i have modified this package according to my requirement and works like a charm.

That is the solution that gives me a lot of troubles... When I point https://mydomin.com/media/ => https://media.local:2020/media/ I have to configure media.local to have a service running on a different path, and that brings a lot of problems. The easyest solution would be to mask the url and rewrite https://mydomin.com/media/ to https://media.local:2020 that way I don't need to mess with the destinations servers.

Thanks derelict
🌷

i know this pfsense chat but you seem very smart in this other stuff too i had another question if i have a unraid and it rsyncs to a freenas if data on teh unraid bit rots wont it bit rot the freenas or should i be scrapping unraid all together. i just like it its easier to use then freenas but i do like some things freenas has so there is no happy medium or best solution windows i guess lol

@brlamnr said in HAProxy TCP/use client ip and carp cluster problem:

@piba said in HAProxy TCP/use client ip and carp cluster problem:

@brlamnr
Can you check result of command 'ipfw show' ?

Following after activating client-ip:

00010 0 0 fwd ::1 tcp from 10.3.128.10 443 to any in recv cxl0.79
00011 108 20412 fwd ::1 tcp from 10.3.128.11 443 to any in recv cxl0.79
65535 48732381 4651172490 allow ip from any to any

It didn't work. Same behavior. Thanks.

Edit file /usr/local/www/sqstat/sqstat.php

change line

$res .= "$('#sqstat_updtime').html({$time}');";

to

$res .= "$('#sqstat_updtime').html('{$time}');";

If the destination ip/port is the pfSense ip with proxy port, then it's a direct connect.
If the destination ip/por is an valip ip address with port 80 or 443 then it's a transparent connection if transparent mode is configured.

The basic usage for tcpdump is:

tcpdump -ni YOUR_LAN_OR_WAN_INTERFACE host YOUR_CLIENT_IP

@cloudfw said in Squid as transparent HTTP/HTTPS whitelist only proxy:

@marcelloc But why is it working with HTTP then? same thing DNS lookup, then direct http to IP traffic. Have you had this HTTPS setup working?

Because http traffic is not encrypted, squid can see the packet content. With ssl in splice all mode, squid does not intercept the connection, it just tries to check the server certificate. before establishing a tunnel between the client and the server.

i'll give it a try.. thanks

@valnurat said in How do I know if it is working?:

Okay, but what metadata is cached?

I'm not using Squid, but I tend to say : all classic http (non-https) web access. Forget about SSL caching (check Google, he will tell you why).
Squid main goal isn't being a "cache", it's more a proxy thing.

That is not an official package for pfSense. If you want to ask about that, I suggest you start a new thread and put the name of the package in the title. Otherwise the chances are slim that anyone that touches that package will see this thread.