Too bad that every time I find some time to spare to work on providing more logging options (the thing described here is pretty much a non-issue), it ends up like this: http://wiki.squid-cache.org/ Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator at webmaster@squid-cache.org to inform them of the time this error occurred, and the actions you performed just before this error. More information about this error may be available in the server error log. The Squid bugzilla has been giving me a database error for ~2 weeks without anyone there giving a damn.

Yeah, looks like that. There are bugs in the SquidGuard code rotting for years (see https://redmine.pfsense.org/projects/pfsense-packages/issues) – simply because noone can keep reading the code for more than a couple of minutes before developing a severe headache. The changes suggested here are a blatant waste of resources for most users, and adding options to the mess is not viable.

Ugh. No, not adding any such thing to the package. Needed for what? More complex code and more mess? (Beyond the fact that you could easily add it yourself to some of the advanced/custom confgi fields, what sense does this make on an appliance that provides a single, non-customizable partitioning scheme for everyone?)

Thanks, will do.

in last update squid now its good work but i dont update pfsense to 2.3.3-1

Never seen it. And no, apparently there's no way to fix it automatically, as you can see from the output.

We mark the "Remember my credentials" on the user/password prompt on Outlook and Remote Desktop Client, but don't works. It is very annoying for the users.

This really cannot be caused by Squid, Squid won't even run until it's configured and enabled via the GUI.

I'm using squid with domain authentication + squidguard , but if I enter the whitelist Skype does not work if I do I disable squidguard Skype works  :-\

thats what i was thinking, thank you

Hi, Why did you create another thread? It's best to just add your comment into an existing thread if it exists instead. Spreading the same issue in the forum decreases it's value and causes mod's / the people you want not to respond to it.

Transparent proxy will filter HTTP (port 80). It can only do content filtering for HTTPS with MITM and certificate installed on all clients.

Yeah, for reverse proxy HAproxy is strongly preferred. Much more flexible than Squid.

Squid is both Proxy and Reverse proxy. For what purpose do you want / need this combination? Why would you need a second machine? You probably didn't receive a proper response because you are asking a question that is far to generic and not pointing towards something you actually try to achieve.

Probably no-one responded to this because this is one of the main things you can do with PFSense using HAProxy and even Squid 3 Package. Go for HAProxy and dive deep into the Doc's and find examples. It's magic!

Hi Fluxx, It kindof depends on how professional your setup is. You will usually have a VIP when you i.e. have two firewalls in a redundant setup. If one fails the other one takes over and the both will normally have different IP addresses. For this reason a Virtual IP is used as a listening address. If one firewall fails the other firewall will start Listening on the VIP address causing all traffic to be routed through that firewall. If you have a single firewall setup; I'd forget about it. The WAN rule will need to be arranged depending on where you want it to listen on. If you're using a VIP; you'll want to be using the VIP to listen on. If not I'd advise to use WAN since This Firewall is in fact comparible to any IP the firewall serves (I believe even 127.0.0.1)