• 0 Votes
    3 Posts
    851 Views
    C
    @venom3: do you have a custom whiltelist setup? are the services running? As venom 3 said, yo need at least one custom category defined in "Target categories" with at least one domain, url or regular expression. May I suggest a "White_list" category, where you put the addresses you want to be accessed without any trouble (like google or similar)? Good luck!
  • ClamAV with Squid

    3
    0 Votes
    3 Posts
    895 Views
    C
    Do you have enabled the Squid Log?
  • SquidGuard Blackcategories is not working

    2
    0 Votes
    2 Posts
    648 Views
    C
    Hi!, seems that maybe yo have missconfigured something in the ACL. A pair of questions: ¿Are you using Explicit or transparent proxy? ¿Are you using a blacklist file (like shallalist.de) in squidguard? in case of yes, please indicate which. ¿Did you create a custom category? (the blacklist needs at least one custom category in "Target Categories") If you could attach a screenshot of your "Common ACL" Target categories section, it would be very helpful. Greetings!
  • Error INcounter installing squid and squid guard pfsense

    2
    0 Votes
    2 Posts
    440 Views
    D
    Simply upgrade your pfSense and don't use outdated buggy versions.
  • Squidguard not starting after package install

    4
    0 Votes
    4 Posts
    881 Views
    E
    Hi, installed SquidGuard again, it seems that it had preserved all my settings including the dummytarget … and its also not starting at the moment. Then i was searching the complete WebGUI inside the SquidGurad for the E2Guardian Options and what maybe could setup in there, but unfortunaly found nothing. Then i googled for E2Guardian. Ok, it seems to be a completely other thing ... instead of using SquidGuard  ;D ... which i can't install over the package manager. HiHi. I completely misunderstood ... never hadn't heard before about E2Guardian, sorry ... lol. So you mean it would better to let SquidGuard simply SquidGuard, not use it and have a look to E2Guardian, if its available as a package?! Then I'm deinstalling SquidGuard again and have a look, time to time, if E2Guardian is available in the future. Thx for the hint.
  • Traffic Shaping issue whith squid

    2
    0 Votes
    2 Posts
    609 Views
    G
    now lmiter is working protcol https I have found a temporary solution to this problem but it is not clean by using nat requests from port 443 to port 3129 and using rule limter nat proxcy 127.0.0.1 3129 but i want developers to fix this problem to make clean work im using pfsense 2.4 include vmawer esxi 6 [image: jjj.jpg] [image: jjj.jpg_thumb]
  • Chrome is bypassing squidguard

    5
    0 Votes
    5 Posts
    2k Views
    D
    Chrome is using system proxy settings. If misconfigured, it won't of course use any proxy at all. Also, if bypassing proxy is such a huge issue, you should either use transparent proxy, or block direct access via firewall.
  • SSL Man In the Middle Filtering not working - Please help.

    11
    0 Votes
    11 Posts
    2k Views
    V
    @doktornotor: @vielfede: Sorry Dok, Maybe I missed something… although i read every squid manual in this forum... but... I do not understand, how can I filter sites without SG? Could you exlpain briefly please? Well, it's briefly explained in the Squid GUI when you click the i next to SSL/MITM Mode. Sorry again… I'm quite confused... but I understand SG is needed in Splice All… Splice All: This configuration is suitable if you want to use the SquidGuard package for web filtering. All destinations will be spliced. SquidGuard can do its job of denying or allowing destinations according its rules, as it does with HTTP. You do not need to install the CA certificate configured below on clients. Content filtering (such as Antivirus) will not be available for SSL sites.
  • Squid ssl filter CA issues certificates for ip, not domain

    27
    0 Votes
    27 Posts
    6k Views
    reza3swR
    @doktornotor: Well I don't get the question really… that's the whole purpose of the feature. If you don't want it, do NOT make the proxy transparent (or whitelist stuff that's not supposed to get proxied). Again thanks for the guidance But to control some sites, I need to enable this option, and on the other hand, I have the problem
  • Enable eui squid

    2
    0 Votes
    2 Posts
    594 Views
    D
    Unsupported hack: https://forum.pfsense.org/index.php?topic=121387.msg670943#msg670943
  • SQUID SSL HTTPS AND Transparet Proxy

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • 0 Votes
    5 Posts
    702 Views
    D
    Well it simply never worked in pfSense, no idea whether it ever worked in FreeBSD but the 7+ years old hints about rdr don't produce any working result for anyone who tried.
  • Squid in a virtual machine and VPN

    1
    0 Votes
    1 Posts
    634 Views
    No one has replied
  • Haproxy redirecting 80 traffic to the management gui

    3
    0 Votes
    3 Posts
    1k Views
    M
    yes that was the problem. After I disabled it, it worked fine. Thank you
  • Is squid actually caching? Logs look strange.

    8
    0 Votes
    8 Posts
    2k Views
    H
    Thanks for your input KOM, Much appreciated! If anyone else can shed some light that would be fantastic! Cheers, Nick.
  • Squid with Proxy Authenticated users

    2
    0 Votes
    2 Posts
    488 Views
    D
    You cannot mess with squid.conf directly. There are at least 3 advanced fields for custom ACLs in the GUI (General tab, click the Show Advanced Options button) – may I suggest investigating the GUI configuration more thoroughly?
  • Caching a sharepoint library with HTTPS reverse proxy

    4
    0 Votes
    4 Posts
    988 Views
    O
    Found the right configuration with the help of the Squid Users mailing list. I had to add different options to ignore cache control and force the cache to keep and serve the content. But it's working now. For the record, I'm posting the working Squid Configuration below. http_port 10.10.10.10.108:3128 icp_port 0 digest_generation off dns_v4_first on pid_filename /var/run/squid/squid.pid cache_effective_user squid cache_effective_group proxy error_default_language en icon_directory /usr/local/etc/squid/icons visible_hostname pfSense Firewall cache_mgr pfsense@virtualdesk.cloud access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none netdb_filename /var/squid/logs/netdb.state pinger_enable on pinger_program /usr/local/libexec/squid/pinger logfile_rotate 7 debug_options rotate=7 shutdown_lifetime 3 seconds forwarded_for on uri_whitespace strip refresh_pattern -i \.(jpg|gif|png|txt|docx|xlsx|pdf) 30240 100% 43800 override-expire ignore-private ignore-reload store-stale cache_mem 128 MB maximum_object_size_in_memory 20480 KB memory_replacement_policy lru cache_replacement_policy lru minimum_object_size 0 KB maximum_object_size 50 MB cache_dir ufs /var/squid/cache 100 16 256 offline_mode on cache_swap_low 90 cache_swap_high 95 cache allow all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp:    1440  20%  10080 refresh_pattern ^gopher:  1440  0%  1440 refresh_pattern -i (/cgi-bin/|\?) 0  0%  0 refresh_pattern .    0  20%  4320 #ACL allow all acl allsrc src all http_access allow allsrc request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc # Reverse Proxy settings https_port 10.10.10.10.108:443 accel cert=/usr/local/etc/squid/599eae0080989.crt key=/usr/local/etc/squid/599eae0080989.key defaultsite=tenant.sharepoint.com vhost # cache_peer 13.107.6.151 parent 443 0 ignore-cc no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=rvp_sharepoint
  • Squid3 transparent proxy - commodo cert?

    21
    1 Votes
    21 Posts
    4k Views
    A
    Try this https://datalogus.blogspot.com/2016/06/pfsense-231-security-explicit-squid.html
  • Squid fatal error with SSL interception

    2
    0 Votes
    2 Posts
    5k Views
    D
    Noone read the GUI descriptions these days? Sigh… [image: xV1HYlFXR9e4HGcdW3hPZw.png] Stop ticking that checkbox or configure a valid CA certificate created in Cert. Manager.
  • Squid is blocking some sites.

    3
    0 Votes
    3 Posts
    1k Views
    NeoDudeN
    Disregard, turns out these sites were being blocked by Snort.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.