Anybody found a solution to this? I am trying to get SQUID to work with CP authentication but cant! Help will be appreciated

@shyaminayesh: any updates on this ? No because it is not a bug, it's working in the only way that it can with SSL/TLS.

wow how the time passed posting this more then a year ago :0 Well i tried the redirect URL but I just gave up and when a user cant get in a website they notify me and i fix it,

Bump? anyone?

Help, I got same issue. After rebooting the machine, it works. Cant afford to keep restarting the machine, needing permanent fixed. Any advised?

You cannot just redirect HTTPS unfortunately. Might have more luck with actually changing contents - like https://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html (not verified with transparent intercept option like you desire).

force google and bing into safe search mode and block the rest. https://forum.pfsense.org/index.php?topic=112335.0

Never mind. Just found the solution. For anyone else having this issue: change your "Http check method" to "GET" Thanks anyway!

@paullibin07: Hi There, We are using Squid proxy with Pfsence to filter logs and Light Squid to show the reports. In reports it showing IP based reports but as we are using DHCP we can not relay on the IP based reports, Is there any option to generate Mac based reports so can easily identify the user details. Can you guys help me for that.

Wow that's a lot of RAM, are you even utilising all of that? I find that squid although helps in some cases, in this day and age it doesn't work as well as you'd expect. Due to content being dynamic, and sometimes changing from download to download. And of course the fact that sites are moving to HTTPS.

@vielfede: tutorial seems ok… Did you check the system logs? are services started? Squid only has 3 log files available and they don't seem to tell alot about network traffic.. Here they are anyways: (3 cache log files) cache.log.0.txt cache.log.1.txt cache.log.txt

@dexener: This is a feature from squidproxy  :P Here you can find my conf.  (no mitm just web filtering) although with squid package version 0.4.37 I noticed some improvement but There is still some problems (see topic). https://forum.pfsense.org/index.php?topic=132719.0 Indeed the only one flawlessly working conf for web https proxy filtering is aGeeekHere's one (using splice all+wpad+transparent): https://forum.pfsense.org/index.php?topic=112335.0 I hope in a new better package…

I still have issues with Squid SSL proxy filtering and after some searching discovered several threads in which some claim to have fixed the SSL ERROR 92 issue when visiting some sites. I now realize I have to self test my pfsense setup for rules and blocking after finding some proposed fixes which whilst enabling Squid SSL filter, left Squid not filering at all! The same was true of SquidclamAV and testing if DNS cache was actually working or not. Here are my simple tests: 1. Squid SSL filter ERROR 92 website blocked. https://ami.com You need this site for important BIOS files! 2. SquidclamAV HTTP & HTTPS anti virus; http://www.eicar.org/download/eicar.com If you can download the SSL test file your Squid SSL filter is broken! 3. Ad blocking with pfblockerNG (e.g Cameleon) disable local browser Adblock: Try www.008.free-counters.co.uk If you get their server page, Ad blocking isn't working. If the page is black, it's working. Download and save the txt files for your DNSBL feeds, extract sites in the list and test they are blocked. Also try www.aol.com - plenty of ads there to block. 4. Is squid proxy server cacheing after initial setup? From the pfsense box console option 8 shell: du -sh /var/squid/cache/00 Check the folder size, browse to sites you haven't been to, resend the above command. If the folder size increases, squid proxy cache is working. Browse back to sites you have been to, resend the command line and check the folder size hasn't changed. I still can't get Squid SSL proxy filtering to work for all sites, whilst correctly rejecting the eicar.com SSL download. It isn't related to local browser CA because the error screen comes from Squid.  Any suggestions please or am I a muppet?