Just because you are getting a message from Squid when using Squid doesn't mean it's a Squid problem. Squid got a connection reset from the server (or from something else in the way). That's all. Go figure why the server is resetting the connections. Perhaps they use some "helpful" IDS/IPS in place doing this when someone accesses WP admin via a proxy (yes, I have seen those).

Squid isn't doing anything here. It simply received RST before it expected that to happen.

Another example: https://wiki.squid-cache.org/SquidFaq/TroubleShooting#What_does_.22sslReadClient:_FD_14:read_failure:.28104.29_Connection_reset_by_peer.22_mean.3F

The reason why SMTP stopped working? I don't Know…
How I solved it? In "Services" -> "Squid Proxy Server" -> "ACLs" i went to the field "Unrestricted IPs" and set my LAN net in CIDR Format (192.168.1.0/24), then I went to the field "ACL SSLPorts" and set this "2096 587 443 563"
After saving, aplying and a reboot, the SMTP was working again.

Greetings!

It should work for all devices using pfSense as their gateway.  I assume you have tcp 80/443 blocked on all LANs to force the proxy use?  Your wireless network is on the same subnet as LAN?  Otherwise you might have to include that network in squid's ACLs - Allowed subnets section.

Read this:

https://wiki.squid-cache.org/Features/CustomErrors?highlight=%2528faqlisted.yes%2529#Custom_error_pages_not_displayed_for_HTTPS https://redmine.pfsense.org/issues/6777#note-2

Not a Squid issue. This is how browsers are implemented.

**.**windowsupdate.com

P.S. Google the difference between URL and domain.

Good question!

Ive been looking at HAProxy and reading some instructions

I would like to find the same example for  Squid Reverse proxy!

;D
Thanks will do so!

@reza3sw:

Hello

HTTP/1.1 400 Bad Request
Server: squid
Mime-Version: 1.0
Date: Fri, 08 Sep 2017 21:19:17 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3948
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from pfsense
X-Cache-Lookup: NONE from pfsense:3128
Via: 1.1 pfsense (squid)
Connection: close

Why does this error message occur in Windows and mobile apps?
When I enable ssl filttering in squid?
And some apps do not connect to the Internet on Windows and on Android.

But it is connected to the Internet browser.

Hello to all friends

My problem with the IP Telegram and (as well as the programs that have this problem) was solved in Bypass squid

In this way, IPs that come in bypass pass through the web proxy

Do NOT multipost.

https://forum.pfsense.org/index.php?topic=136383.0

@venom3:

do you have a custom whiltelist setup?
are the services running?

As venom 3 said, yo need at least one custom category defined in "Target categories" with at least one domain, url or regular expression. May I suggest a "White_list" category, where you put the addresses you want to be accessed without any trouble (like google or similar)?

Good luck!

Do you have enabled the Squid Log?

Hi!, seems that maybe yo have missconfigured something in the ACL.
A pair of questions:
¿Are you using Explicit or transparent proxy?
¿Are you using a blacklist file (like shallalist.de) in squidguard? in case of yes, please indicate which.
¿Did you create a custom category? (the blacklist needs at least one custom category in "Target Categories")

If you could attach a screenshot of your "Common ACL" Target categories section, it would be very helpful.

Greetings!

Simply upgrade your pfSense and don't use outdated buggy versions.

Hi, installed SquidGuard again, it seems that it had preserved all my settings including the dummytarget … and its also not starting at the moment. Then i was searching the complete WebGUI inside the SquidGurad for the E2Guardian Options and what maybe could setup in there, but unfortunaly found nothing.

Then i googled for E2Guardian. Ok, it seems to be a completely other thing ... instead of using SquidGuard  ;D

... which i can't install over the package manager. HiHi. I completely misunderstood ... never hadn't heard before about E2Guardian, sorry ... lol. So you mean it would better to let SquidGuard simply SquidGuard, not use it and have a look to E2Guardian, if its available as a package?!

Then I'm deinstalling SquidGuard again and have a look, time to time, if E2Guardian is available in the future. Thx for the hint.

now lmiter is working protcol https

I have found a temporary solution to this problem but it is not clean by using nat requests from port 443 to port 3129 and using rule limter nat proxcy 127.0.0.1 3129 but i want developers to fix this problem to make clean work

im using pfsense 2.4 include vmawer esxi 6

jjj.jpg
jjj.jpg_thumb

Chrome is using system proxy settings. If misconfigured, it won't of course use any proxy at all.

Also, if bypassing proxy is such a huge issue, you should either use transparent proxy, or block direct access via firewall.

@doktornotor:

@vielfede:

Sorry Dok, Maybe I missed something… although i read every squid manual in this forum... but... I do not understand, how can I filter sites without SG? Could you exlpain briefly please?

Well, it's briefly explained in the Squid GUI when you click the i next to SSL/MITM Mode.

Sorry again… I'm quite confused... but I understand SG is needed in Splice All…

Splice All: This configuration is suitable if you want to use the SquidGuard package for web filtering. All destinations will be spliced. SquidGuard can do its job of denying or allowing destinations according its rules, as it does with HTTP. You do not need to install the CA certificate configured below on clients. Content filtering (such as Antivirus) will not be available for SSL sites.