• Squidguard whitelist

    4
    0 Votes
    4 Posts
    1k Views
    KOMK
    Uncheck it???
  • Adding hard drive only for cache?

    1
    0 Votes
    1 Posts
    473 Views
    No one has replied
  • HAProxy is running, but backend is down in stats and cannot access server

    4
    0 Votes
    4 Posts
    31k Views
    P
    Sorry i read my reply again, and of-course the proposed change should have read "http-check expect status 403" so it sees that code as valid.. Anyhow if your willing to dig further into the problem, lemme know, ill try and help.
  • [squid auth] transparent with mix of anonymous + authenticated users

    2
    0 Votes
    2 Posts
    699 Views
    marcellocM
    Unrestrict users bypass authentication, squid has integration with captive portal. So, it's possible. take a look on resulting config and create your own acls to complete your configuration.
  • Captive portal and squid non transparent

    11
    0 Votes
    11 Posts
    3k Views
    J
    So it is not possible for the captive portal and squid in non-transparent mode to work together?
  • HAproxy for sub pages?

    5
    0 Votes
    5 Posts
    1k Views
    P
    Having it like: messages.mydomain.com to point to 192.168.1.1 clients.mydomain.com to point to 192.168.1.152 Should probably work nicely.. As for the frontends make sure to make them 'shared' as the webgui calls it. Or use just use one frontend it the gui, and use the acl+action to select the second backend for the second domain.
  • Clam antivirus

    2
    0 Votes
    2 Posts
    835 Views
    A
    I find it useful, I get blocks every so often especially from the game sites my son browses to. It may not be the BEST a/v solution, but it is useful…
  • Squid blocking mobile app

    3
    0 Votes
    3 Posts
    1k Views
    D
    I am not using SSL intercepting / filtering at this time.  I wanted to get a better sense of the software before diving into that.
  • Squid AV Yara Rules

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Disable RC4 DES/3DES in HAproxy

    3
    0 Votes
    3 Posts
    7k Views
    K
    in case anyone else has trouble there is two ways to do this.  the first is from the front end the alternative is globally.  1.  front end - edit - advanced settings - advanced pass thru 2.  settings - Global Advanced pass through - custom options I also have a rule in my global advanced pass through settings to explicitly deny SSL 3.0 and TLS1.0. ssl-default-bind-options no-sslv3 no-tlsv10 even with that I was not getting good results when I would scan my subdomains using https://www.ssllabs.com/ssltest.  it noted many deprecated ciphers were in use.  I found some posts by others who were doing something close to what i wanted to do. Ex: http://wolfspyre.com/?p=207 This was close but I still found that I was having trouble with the 3DES cipher on TLS 1.1 and 1.2. https://www.ssllabs.com/ssltest, directed me to use the cipher list that mozilla outlined (https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations).  Because all of my remote devices are newer i opted to use the Modern cipher assortment.  I added a lin underneath my default bind options eliminating support for SSL 3.0 and TLS1.0.  it is the following: ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 Currently, these ciphers seem to rule out TLS 1.0 and force TLS1.2 only.  This could be a problem for older browsers and smart devices.  SSLLabs' ssltest does a pretty good job of enumerating which systems are likely to have trouble.  I have confirmed that all my devices work without issue given my configuration.
  • Transparent squid-0.4.36_3 not working. Any help appreciated.

    14
    0 Votes
    14 Posts
    3k Views
    fabricioguzzyF
    @vielfede: @Pontiac_CZ: vielfede: I have read that thread but I am still sorf of confused. What was the key setting for getting the squid to work in transparent mode? Sorry, my mistake! I missed to clear proxy settings in client pc, hence I was suposed to use transparent mode. Indeed it does not! Or better: splice all + transparent mode: http works, https sometimes works and sometimes it does not, no idea about the causes splice all + NON transparent mode works (flawlessly) http+https (you have to set proxy client settings) Vielfede, What about the "block page" while using HTTPS/Non-Transparent mode? Is it showing your "block page" normally? do you have your pfsense web-console using Https as well? Thanks! fabricio.
  • Installing SquidGuard 1.14_4 pfsense 2.3.2(amd64)

    16
    0 Votes
    16 Posts
    3k Views
    fabricioguzzyF
    It seems the old known problem ( http://https* ) is still present on version 2.3.4 Also, for some reason, when using HTTPS for pfsense console, Squidguard is not redirecting the error page for Https, but http. Still investigatin it here…
  • Https filtering using WPAD questions

    4
    0 Votes
    4 Posts
    1k Views
    marcellocM
    @techbee: What I understood was, if I choose splice all, I dont need to install the CA cert to clients, am I right? Yes, that's it. @techbee: On the other hand, I dont know how to push dns suffix using dhcp or maybe I get it the wrong way. take a look or search for dns dhcp options. BTW, if you're going to configure squid splice all, it can be in transparent mode. this way, you do not need a wpad file. Mobile devices ignores wpad configuration too.
  • Squid Proxy and av

    1
    0 Votes
    1 Posts
    735 Views
    No one has replied
  • [Solved] Squid 3.5 Reverse Proxy and Exchange 2010 - can't send e-mail

    5
    0 Votes
    5 Posts
    5k Views
    S
    I had the same problem, this fixed it. Thank you very much for sharing. Steve
  • Squid proxy basic setup for cache.

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Change squid gateway

    5
    0 Votes
    5 Posts
    2k Views
    C
    i'm encountering the same issue as well, IPsec requests are going towards WAN gateway instead
  • Issues with WPAD not working for me.

    14
    0 Votes
    14 Posts
    4k Views
    C
    I got it working now. I had to use the unofficial WPAD package marcelloc created using nginx and it actually started working as it should. Thanks fellows!
  • Proxy unable to reach IPsec peers

    1
    0 Votes
    1 Posts
    426 Views
    No one has replied
  • Https Do not allow IP-Addresses in URL not work

    1
    0 Votes
    1 Posts
    502 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.