You need clients certs for running squid in transparent mode.  When running in explicit mode, you only need to configure WPAD to allow most clients to auto-discover the proxy by themselves.

Sarg no longer exists so Lightsquid is your only built-in option.  You could also export your access.log and process it through any number of other log parsers.

@KOM:

Are you sure this is what's happening?  Squid, when running on transparent mode, will intercept all TCP 80/443 traffic and that's it.  Inter-LAN traffic doesn't even hit the firewall unless it's travelling between different interfaces.  I've been running squid & lightsquid for literally years now, and I've never seen anything like what you describe.  What are you looking at that makes you assume squid is even involved here?

My squid is not on transparent mode, I've run a group policy management to distribute proxies into the domain devices. Well if that has any effect on the monitor then it seems that we have a major problem.
If not, well I guess C0RR0SIVE might be right, I need to re-check my network schema.

Thanks!

No specific advice other than to upgrade your pfSense to current, which has newer version of squid plus bugfixes and security patches.

Thanks for all your answers.
I have a better understanding now and see your suggestions as the best solution.

Thanks for your reply, Ashime.

As soon as I made the pfSense webgui available over http instead of https, the issue was gone…
To me that's a pfSense error, but anyway, things work alright now.

rm -rf /usr/local/etc/c-icap
rm -rf /usr/local/include/c_icap
rm -rf /usr/local/share/c_icap
rm -rf /usr/local/lib/c_icap
rm -rf /usr/local/etc/c-icap
rm -rf /var/log/squid
rm -rf /var/squid/
rm -rf /usr/local/etc/squid

But btw, also tested a smaller subset, made no difference…

Sorry it took so long to get back to you on the upgrade yes it was I forget what ver I started with it upgraded like two or three times I cant remember right now but yes it was up grade.

I have taking the system back to the beginning of when I first got it up and running and am just doing with out the squid for now I am looking for new system to build or buy to redo pfsense I will be using the new ver I downloaded and burned to disk.

I hope that fixes the problem.

I  will keep you all up to date with my progress on getting it to work with new system. Thanks for the help so far though I would still be wondering around in the dark if it wasn’t for you folks so thank you so very much.

i usually use the SquidAnalyzer for these types of reports, here in the forum have some tutorials for this purpose.

I'm confused, how can you put anything broken in an IP alias?

It's literally a list of IP's you enter in the GUI.

I did seem to see similar issues with aliases in some of my firewall rules, but 99.9% of them are still built around aliases and work. But in some of them I had to explicitly write IP's directly to get traffic to move.

Hello there,

Having the same problem. Currently on 2.3.1 stable release, with squid 0.4.23_1 and squidGuard 1.14_4.

I am using aliases as recommended above, but still have the problem. Sometimes squidGuard will simply stop filtering and
allow everything, and cleaning the "Bypass Proxy for those source IP's" field and saving solves the problem.

Couldn't really find a workout, have to constantly check if filtering is active and wipe the bypass proxy field if
it doesn't. Maybe I should create a bug report?

Thank you!

Looks like the problem was indeed the name.
Well thanks, didn't think that could be it, but I suppose the name isn't just for clarity, it must be used in the conf !

I'll probably replace all of this with haproxy soon anyway, but at least for now it's working.

you wil definitely find answers to commercial antivirus products to run on FreeBSD/UNIX/Linux.

Huh, I had no idea.  You learn something new every day.

No it's not. If you're using a high end firewall with enough power, it will run.

I would rather not have some PC-class desktop as my firewall just so I can scan for viruses and malware that I don't have.  Most of my clients are Android, Apple and Linux.  The Windows boxes have their local AV clients.  I tried ClamAV a few years ago and it was dreadfully slow.  I agree with you when it generally comes to layered security, but AV on the firewall is too much of a performance tradeoff for me.

As I like to explain, from my own viewpoint, WPAD is the very last step in term of configuration.

you have to ensure that your proxy works when explicitly configured on your browser once this works, you deploy proxy.pac on some web server and ensure it works when manually configured browser side once and only once this works too, you can push WPAD using DNS, DHCP or whatever supported method.

Following this approach, you may discover that WPAD step is the easiest one and most of the time, it works  ;)

@dilu1:

In Sophos i use an option to block websites (facebook, twitter), this works for http and https.
https is configured as "URL filtering only", this has some disadvantages like no content or virus scanning on https sites but that doesn’t matter to much for this case,
I am only interested in blocking websites which works.

I'm very prone to learn how this would work  8)