yes, this I mean with the information from me that I pushed everytime the apply buttom after each change.

Hi,

After a workaround I found that addin append domain in squid fixed the issue.

Why this has changed ? I have been using squid pf for a year and had no issues.

Thnx

Any way to debug this rules?

I am seeing 127.0.0.1:8021 connection to destination ftp server on port 21.
Then another connection to my IP on random high pot ie. 35145 however no traffic seem to pass back me.
I would assume NAT isn't translating the traffic back to me.

I did traffic check on router and I got this connections:

WAN tcp WAN_IP:40578 (WAN_Virtual_IP:6304) -> ExternalFTPServer:21      ESTABLISHED:ESTABLISHED
LAN tcp ExternalFTPServer:61821 (ExternalFTPServer:53869) <- ClientIP:53088      FIN_WAIT_2:ESTABLISHED
WAN tcp WAN_Virtual_IP:38724 (ClientIP:53088) -> ExternalFTPServer:61821      ESTABLISHED:FIN_WAIT_2
LAN tcp 127.0.0.1:8021 (ExternalFTPServer:21) <- ClientIP:53087      ESTABLISHED:ESTABLISHED

So some traffic is going over proxy and extenral ftp server

Edit: Active mode works with this proxy, passive not. Tested with command line client on linux

Something like https://docs.diladele.com/faq/filtering/locked_policy.html ?

I am not sure why your .* regex does not work in blacklist - most probably the squid conf that is generated expects domain names and NOT domain regex. Then try to specify something like (not tested):

acl all_others dstdom_regex .*
http_access deny all_others

See http://wiki.squid-cache.org/SquidFaq/SquidAcl

Having the same problem with proxy not working on HTTP but HTTPS working since it is not setup for transparent proxy yet.

Running pfSense 5.6.5 2.3.5-DEVELOPMENT.
Setup SQUID with Transparent Proxy.

em0 wan
em1 lan, vlan10, vlan11, vlan12, vlan99, vlan100

I can see that ALL HTTP traffic is getting blocked.  Of course, websites with HTTPS are passing through the Transparent Proxy.
My understanding is that pfs would make all necessary firewall rules and/or NAT translations to pass port 80 requests over to 3128.

If I look at /tmp/rules.debug I see port 80 rules redirect to 3128 on the loopback interface.

Setup Squid proxy redirect

rdr pass on em1_vlan11 proto tcp from any to !(em1_vlan11) port 80 -> 127.0.0.1 port 3128
rdr pass on em1_vlan10 proto tcp from any to !(em1_vlan10) port 80 -> 127.0.0.1 port 3128
rdr pass on em1_vlan12 proto tcp from any to !(em1_vlan12) port 80 -> 127.0.0.1 port 3128
rdr pass on em1_vlan100 proto tcp from any to !(em1_vlan100) port 80 -> 127.0.0.1 port 3128
rdr pass on em1_vlan99 proto tcp from any to !(em1_vlan99) port 80 -> 127.0.0.1 port 3128

BUT FIREWALL log shows ALL port 80 requests getting blocked.

HINTS.  Mainly wondering what would not be setup since it is supposed to create the necessary rules and I understand some rules are HIDDEN.

Ng

Sophos had this error with chrome too, they were able to patch it. https://community.sophos.com/products/unified-threat-management/f/general-discussion/91085/https-scanning-web-protection-ssl-error-err_cert_common_name_invalid

Hi,

You'll may want to check this out.

http://bugs.squid-cache.org/show_bug.cgi?id=4005

Avast and their security scan are known to produce similar crap as well.

Almost always, the answer is the regular version. Development happens in -devel that can make it unstable at times. It could also be built against a newer version of haproxy but with the same frontend/GUI code.

The only time to use -devel is if you know for certain that -devel contains a feature you require that is not present in the regular version, and you are OK with possible instability.

I found solution with WPAD at the moment.
So, lets see how its work.

Hi,
I have faced same issue too. I found nothing so I performed a clean install. The strange thing in my case was that if open ACL lists everythink looked fine with all changes I performed,despite system was not accept my changes :-\

My situation is the same
in addition
When I make a change to squid or squidguard, the computer's processor is running at 100% for about 30-40 seconds.
At this time, users can not connect to the web.
Then the use of processors falls slowly
Then it is possible to connect to the web.

hi!
I know that this is very old old post
but I have the same issue…
download started for example I was downloading a 4 mb file and randomly it says 0 b/s no error just stay there :(
if I disable squid it finished ok....

thanks
Chris

On a system with <4 gigs of storage? Yes that most certainly should be removed, plus run

after that.

I do not know if I would downplay this package heh.

Does anyone have anyidea why SSL_RECORD_TOO_LONG happens with blocked sites?