hi

my box stopped the services squid and squidguard
i dont errase just ….

i do the nest script into ssh commands

My problems is gone after this steps:

mv /var/squid/cache /var/squid/cache.old
squid -z
rm -rf /var/squid/cache.old

thanks sir

ver
squid 0 4 37
and
squidguard1 16 2

thanks a lot to all you for your effort.... i have running my fw aggan working

I posted a similar problem here:
https://forum.pfsense.org/index.php?topic=132939.0
My problem had nothing to do with rules, but everything to do with certificates and Windows browsers detecting the Squid SSL filter!

@doktornotor:

Great. Now, did you configure anything on the clients? Because, with the proxy NOT being transparent, I cannot figure out how on earth you imagine the clients to be forced to use it?!?!  (And, BTW, if going through Squid is required, you'll need to block all IPv6.)

I know this is already an old post, but can I ask for your assistance, how do we block all IPv6?

TIA!

ast

I'm also new to pfsense, I believe you can do this via firewall rules and schedules.

The problem I Have is different.
Most of the websites work just fine. But some don't. especially Google websites and subdomains.
and another strange thing: when I search something in the browser without going to google.com (but using Google as default search engine) it never works with this setup.

That's not what I asked.

Uncheck it???

Sorry i read my reply again, and of-course the proposed change should have read "http-check expect status 403" so it sees that code as valid..
Anyhow if your willing to dig further into the problem, lemme know, ill try and help.

Unrestrict users bypass authentication, squid has integration with captive portal. So, it's possible.

take a look on resulting config and create your own acls to complete your configuration.

So it is not possible for the captive portal and squid in non-transparent mode to work together?

Having it like:
messages.mydomain.com to point to 192.168.1.1
clients.mydomain.com to point to 192.168.1.152
Should probably work nicely..

As for the frontends make sure to make them 'shared' as the webgui calls it. Or use just use one frontend it the gui, and use the acl+action to select the second backend for the second domain.

I find it useful, I get blocks every so often especially from the game sites my son browses to. It may not be the BEST a/v solution, but it is useful…

I am not using SSL intercepting / filtering at this time.  I wanted to get a better sense of the software before diving into that.