I had try both, looks like pfsense+squid+squidguard have something wrong with this part. ???

4Gb's ram is more realistic as long as you don't go overboard with your configuration.

Ok, I have HTTPS Reverse Proxy working, I get a valid ssl connection to my services that are being handled by the Proxy.

Adding a new question to the previews post. I can see a valid ssl connection to my service in chrome, but this is the connection between my pc and the proxy correct? How can I validate that the proxy is making a valid ssl connection with the service?

Thank You

I hate me sometimes…

I hate inconsistent interfaces.  The way squidguard does this is completely different from every other part of pfSense.  No other option makes you go back to a different page to apply the settings like squidguard.  It catches people all the time like it did to you.

I got this working by simply binding squid to the two interfaces that made up the bridge (in my case). Eg rather than Bridge0, I used LAN and OPT1 (ath0). I have an atheros wireless card in the netgate box so this is really the only way to get it all working. Doesn't miss a beat.

Iae pessoal!

Consegui liberar o Whatsapp no pfsense 2.4.2 A25, fiz o seguinte:

Criei 4 Alias

1º Nome = "whatsapp", Tipo = "host's", IP ou FQDN = "web.whatsapp.com"; - (Este fará a liberação do site inicial).

2º Nome = "web_whatsapp_com", Tipo = "Rede's", Rede ou FQDN = "31.13.85.51/32, 2a03:2880:f205:c5:face:b00c::167/128, mmx-ds.cdn.whatsapp.net/32" - (Estes endereços foram obtidos pela Ferramenta de Diagnostico DNS Lookup - OBS: essas informações foram obtidas para o Brasil, faça o DNS Lookup caso esteja em outro pais, pois, os ips podem ser diferentes).

3º Nome = "whatswss", Tipo = "Host's", IP ou FQDN = "w1.web.whatsapp.com, w2.web.whatsapp.com, w3.web.whatsapp.com, w4.web.whatsapp.com, w5.web.whatsapp.com, w6.web.whatsapp.com, w7.web.whatsapp.com, w8.web.whatsapp.com - (Este fará a liberação do socket wss).

4º  Nome = "w2_web_whatsapp_com", Tipo = "Rede's", Rede ou FQDN = "169.55.74.45/32, 169.55.74.36/32, 158.85.224.179/32, 158.85.224.174/32, 169.55.74.56/32, 169.55.69.156/32, 158.85.224.173/32, 169.44.84.154/32, dyn.web.whatsapp.com/32 " - (Estes endereços foram obtidos pela Ferramenta de Diagnostico DNS Lookup para liberação do socket wss - OBS: essas informações foram obtidas para o Brasil, faça o DNS Lookup caso esteja em outro pais, pois, os ips podem ser diferentes).

Como meu escopo é liberado por grupos, ex: "Engenharia, Financeiro, Compas, TI e Gerência", utilizei uma Expressão Regular para limitar os acessos, ex:

Criei uma Categoria LiberaWhats, no campo Expressão Regular digitei o seguinte "./web.whatsapp.com/.|whatsapprede|.*/w.web.whatsapp.com/.|.rsdf$"
São 3 expressões, uma para o site inicial, outra para permitir a o java script e outra para o socket wss,  após cria-lá vá no grupos ACL no meu caso o grupo Gerência a categoria ficou como Allow, já nos demais deixei como Deny, assim fica liberado somente para um grupo.

OBS: Estou utilizando proxy transparente.

Make sure you have the unofficial repo added  and make sure you've got that CA generated for SSL MITM. After setting that up in E2G settings, it should work fine.

The 'Use "forwardfor" option' in the frontend might help?

Otherwise use a 'action' to perform a "http-request header set" with name: X-Forwarded-Proto and fmt: https

Depends a little bit what kind of file you would like to use.. It is possible to use "Source IP matches IP or Alias" as a acl.. for which you then can create a alias in pfSense with IP's and subnets to match against.. But if you want to specify a domain>certificate or domain>backend 'list' or some other option that needs loading from file (besides a few things like lua and errorfiles..). Then the webgui is the thing that doesn't really 'support' it..

Haproxy binary itself is should have most if no all features described in the manual..

Also noticed opening HTTPS 443 still allows HTTP on 80

Hey!

Thanks for the help man!
For some reason when I switched the firewall to another network it started working, but thanks for the help!

Over a year later, I, too, am getting the same error but haven't found a solution yet.
Antivirus is disabled so I don't know what else to try.

I remember when I built my first pfsense.  I just started adding every feature that looked cool and later realized that most of it I didn't need at home.  Squid and clam av were among those that I found not very useful for my home scenarios.  My clients were either windows which had far superior AV or linux systems which need no AV.  So, I don't use those now.

There are scenarios where it is useful though.  For me, I used it to control what my kids could see on the net.

Later when they reached their teen years I turned it off…