• Squid proxy server and OCSP responders

    1
    0 Votes
    1 Posts
    977 Views
    No one has replied
  • Select loop Error. Retry 1

    1
    0 Votes
    1 Posts
    285 Views
    No one has replied
  • Squid Proxy working on some networks and not others

    1
    0 Votes
    1 Posts
    374 Views
    No one has replied
  • Squid guard does not work

    3
    0 Votes
    3 Posts
    675 Views
    D

    Hello, I have already configured it in transparent mode but it still does not block the squid guard, I do not know if I have something wrong configured, now with what you say about HTTPS, the CAs certificate I believe it, I import it because it shows me a form to create import and if I do not configure that it does not let me enable the Enable SSL filtering option.

    ![squid guard.png](/public/imported_attachments/1/squid guard.png)
    ![squid guard.png_thumb](/public/imported_attachments/1/squid guard.png_thumb)
    ![squid guard 2.png](/public/imported_attachments/1/squid guard 2.png)
    ![squid guard 2.png_thumb](/public/imported_attachments/1/squid guard 2.png_thumb)

  • Blocked page by Squid Proxy is not Squid's default page

    5
    0 Votes
    5 Posts
    2k Views
    emammadovE

    Thank you for your reply. I leave it as it is.
    In TCP Port, section is empty. Default 80 for HTTP, 443 for HTTPS. How can I add two port in the same section? It only allows one port number. If I add for example 445, then it should apply both?

  • Blacklist not downloading in pfsense 2.3 SquidGuard

    29
    0 Votes
    29 Posts
    22k Views
    C

    @zehcolmeia:

    @milou:

    Try more 5 click in 2 seconds, and download begin.

    unbelieveble…. work this...

    I am not very sure how many time i clicked, but i click very fast around 30 times in 2 second, and it just work like a magic!
    Thankssssssssssssssssssss guys :D

  • Captive Portal makes HA Proxy unfunctional

    1
    0 Votes
    1 Posts
    338 Views
    No one has replied
  • How get Squid + SquidGuard to clear Client Browser Cache

    4
    0 Votes
    4 Posts
    962 Views
    KOMK

    When you make your changes, do you remember to go back to the General settings tab and click Apply?  If you don't do that, your changes will not take effect.

  • Squid + MAC adresses + mailreport

    1
    0 Votes
    1 Posts
    409 Views
    No one has replied
  • Google and Gmail.com issue

    3
    0 Votes
    3 Posts
    724 Views
    rodrigoinfocasper.com.brR

    Boa tarde,

    Conseguiu resolver amigo, estou passando por essa dificuldade.

  • Squid MITM SquidGuard Not Showing Default Error Page?

    5
    0 Votes
    5 Posts
    3k Views
    T

    Here is the answer I think, but I can't decipher it:

    Delayed error responses
    When Squid fails to negotiate a secure connection with the origin server and bump-ssl-server-first is enabled, Squid remembers the error page and serves it after establishing the secure connection with the client and receiving the first encrypted client request. The error is served securely. The same approach is used for Squid redirect messages configured via deny_info. This error delay is implemented because (a) browsers like FireFox and Chromium do not display CONNECT errors correctly and (b) intercepted SSL connections must wait for the first request to serve an error.
    Furthermore, when Squid encounters an error, it uses a trusted certificate with minimal properties to encrypt the connection with the client. If we try to mimic the true broken certificate instead, the user will get a browser error dialog and then, if user allows, the Squid error page with essentially the same (and possibly more detailed/friendly) information about the problem. Using a trusted certificate avoids this "double error" effect in many cases. And, after all, the information is coming from Squid and not the origin server so it is kind of wrong to mimic broken origin server details when serving that information.
    Squid closes the client connection after serving the error so that no requests are sent to the broken server.
    It is important to understand that Squid can be configured to ignore or tolerate certain SSL connection establishment errors using sslproxy_cert_error. If the error is allowed, Squid forgets about the error, mimics true broken certificate properties, and continues to talk to the server. Otherwise, Squid does not mimic and terminates the server connection as discussed above. Thus, if you want users to see broken certificate properties instead of Squid error pages, you must tell Squid to ignore the error.

    from https://wiki.squid-cache.org/Features/MimicSslServerCert

  • SQUID proxy wont work HTTPS? SOLVED

    9
    0 Votes
    9 Posts
    2k Views
    K

    Dont worry hope you get better "winter is coming" but what did the trick was ticking Resolve DNS IPv4 First with that it worked everything so odd i have never seen this before

    Thank you

  • SquidGuard…

    2
    0 Votes
    2 Posts
    567 Views
    KOMK

    Whenever you make a change to squidguard, you have to remember to go back to the General settings tab and click Save then Apply.

  • I think squid whitelist is being wrongly documented or badly configured

    6
    0 Votes
    6 Posts
    4k Views
    M

    Yes I know that this is "dstdomain" format but for demonstration purpose it works.
    Correct format is something like this:
    (.).yahoo.com
    ..yahoo.com
    .yahoo.com

    To be honest I would prefer to have a choice in squid module implemented in pfsense which format of whitelist/blacklist will be used.
    On my linux squid boxes I use dstdomain everywhere.

  • Squid possible memory leak

    3
    0 Votes
    3 Posts
    1k Views
    B

    Nope.  Didn't work.

    Still extremely unstable.  Sigh…..

    Looking into memory pools now and certificate memory issues.  Any ideas welcome still....

  • HAProxy URL based forward

    2
    0 Votes
    2 Posts
    515 Views
    D

    I found the ways using the belows.
    I need to change backend not frontend.  :)

    https://forum.pfsense.org/index.php?topic=121730.0
    https://www.digitalocean.com/community/tutorials/how-to-use-haproxy-as-a-layer-7-load-balancer-for-wordpress-and-nginx-on-ubuntu-14-04

  • Install squid package without internet access directly

    3
    0 Votes
    3 Posts
    2k Views
    M

    Finally, i resolved my problem.

    I downloaded the repository to a computer, later i install an apache server and put inside the repositoty.
    With Winscp yo must connect to pfsense server and modify the file: pfsense-Repo.conf  in /usr/local/share/pfSense and /usr/local/share/pfSense/pkg/repos . Change https by http and put in tha line your apache site ip

    FreeBSD: { enabled: no }

    pfSense-core: {
      url: "pkg+http://YOUR APACHE IP/pfSense_v2_3_4_amd64-core",
      mirror_type: "srv",
      signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg",
      enabled: yes
    }

    pfSense: {
      url: "pkg+http://YOUR APACHE IP/pfSense_v2_3_4_amd64-pfSense_v2_3_4",
      mirror_type: "srv",
      signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg",
      enabled: yes

  • Can't seem to get Squid Cache + ClamAV to work

    15
    0 Votes
    15 Posts
    3k Views
    N

    Have you looked at this post:
    https://forum.pfsense.org/index.php?topic=117017.0

  • SquidGuard - resetting package

    5
    0 Votes
    5 Posts
    984 Views
    M

    I get an "403 Access denied" - the message is generated by my pfSense (browser bar's IP address if the pfSense).

    As for common ACL - I see

    "Test" (which is a blacklist for www.youtube.com only. (Used, you guessed it, as a test only)
    Default access "All"  which is "Deny"

    Wouldn't EVERYTHING be blocked according to this above?

  • [Squid] How to apply SSL squid to just some of the LAN computer?

    4
    0 Votes
    4 Posts
    713 Views
    S

    Actually this is one worked better for me

    https://forum.pfsense.org/index.php?topic=139939.0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.