I'm using squid with domain authentication + squidguard , but if I enter the whitelist Skype does not work if I do I disable squidguard Skype works  :-\

thats what i was thinking, thank you

Hi, Why did you create another thread? It's best to just add your comment into an existing thread if it exists instead. Spreading the same issue in the forum decreases it's value and causes mod's / the people you want not to respond to it.

Transparent proxy will filter HTTP (port 80). It can only do content filtering for HTTPS with MITM and certificate installed on all clients.

Yeah, for reverse proxy HAproxy is strongly preferred. Much more flexible than Squid.

Squid is both Proxy and Reverse proxy. For what purpose do you want / need this combination? Why would you need a second machine? You probably didn't receive a proper response because you are asking a question that is far to generic and not pointing towards something you actually try to achieve.

Probably no-one responded to this because this is one of the main things you can do with PFSense using HAProxy and even Squid 3 Package. Go for HAProxy and dive deep into the Doc's and find examples. It's magic!

Hi Fluxx, It kindof depends on how professional your setup is. You will usually have a VIP when you i.e. have two firewalls in a redundant setup. If one fails the other one takes over and the both will normally have different IP addresses. For this reason a Virtual IP is used as a listening address. If one firewall fails the other firewall will start Listening on the VIP address causing all traffic to be routed through that firewall. If you have a single firewall setup; I'd forget about it. The WAN rule will need to be arranged depending on where you want it to listen on. If you're using a VIP; you'll want to be using the VIP to listen on. If not I'd advise to use WAN since This Firewall is in fact comparible to any IP the firewall serves (I believe even 127.0.0.1)

Hmm make sure to setup a proper ACL and get to know regular expressions (www.regexr.com) Example for mysite: [image: 2v3qyhv.jpg] And ACL [image: 2113pm8.jpg] And Actions [image: 2irm15w.jpg]

Squid users have really nothing in common with captive portal users nor with users set up in System - User Manager. Completely confused about what you are trying to do there.

@aGeekHere: ah thanks was a bit hard to find https://doc.pfsense.org/index.php/Package_Port_List @aGeekHere: with https://github.com/pfsense/FreeBSD-ports/commits/devel/www/pfSense-pkg-squidGuard i get Sorry, this commit history is taking too long to generate GitHub sucks.

@emammadov: Then keeping ClamAV Antivirus turned on doesn't make sense? "Content filtering (such as Antivirus) will not be available for SSL sites"

The backend "Frontend3-offloading" under the header "offloading backend with special check" is sending traffic to the second 1443 frontend.

Just because you can, doesn't mean you should. Put the hostname in an alias, put the alias name in the squid settings. That will (a) stop a bad hostname from tanking squid and (b) allow pfSense to update the alias if the results of the hostname resolution changes.

@doktornotor: The problem probably is that you switched the error messages locale to NL but the state of Squid localization sucks goats nuts, to put it mildly. Leave that at English, unless you'd like to finish the translations and submit them upstream. Hello doktor, Thanks! Nothing to worry about then. Can you tell me where I can change this? Logging settings for squid (access.log) is turned off.