Just use squid + squidguard, but set squid's Hard Disk Cache Size to 0 and the Hard Disk Cache System to null.  This is exactly how I use squid.

Hi , I recently installed and played with this squid and squidGuard on pfsense 2.3.2 (updated with 2.3.2_1). I ran through the same issue. I mean when ever I enabled squidGuard with common ACL CN in certificate issued by  squid is "http" which doesn't make any sense to me. I thought the problem is with patch So I installed pfsense 2.3.2 again and tried it worked fine. But the reason is not patch. I enabled "Do not allow IP-Addresses in URL" this is causing the issue in my case. I just disabled this and tried it is working fine but when ever i try enable this running into issues. But it should be fixed  if it is a real bug. If this works for anyone please let me know I will create this in pfsense bugs list. Thanks, Harry.

I just got the squid and squidguard working as it was before (fingers crossed as I still need to do some test) but again, I couldn't have done it without your help will keep the configuration backup suggestion in mind for next upgrade and I'll get a tab screen capture to redo the config which is not that bad. Thank you again! Cheers!

Ok, I managed to change my setup to use HTTPS instead, here's my config: global maxconn 1000 stats socket /tmp/haproxy.socket level admin uid 80 gid 80 nbproc 1 chroot /tmp/haproxy_chroot daemon listen HAProxyLocalStats bind 127.0.0.1:2200 name localstats mode http stats enable stats refresh 10 stats admin if TRUE stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000 frontend SharedFront bind 58.182.70.241:443 name 58.182.70.241:443  mode tcp log global timeout client 30000 tcp-request inspect-delay 5s acl ACL1 req.ssl_sni -i aaa.ddns.net acl ACL2 req.ssl_sni -i bbb.ddns.net tcp-request content accept if { req.ssl_hello_type 1 } use_backend aaa_https_ipvANY  if  ACL1 use_backend bbb_https_ipvANY  if  ACL2 backend aaa_https_ipvANY mode tcp log global timeout connect 30000 timeout server 30000 retries 3 option httpchk GET / server aaa 192.168.1.23:443 check-ssl check inter 1000  verify none backend bbb_https_ipvANY mode tcp log global timeout connect 30000 timeout server 30000 retries 3 option httpchk GET / server bbb 192.168.1.24:443 check-ssl check inter 1000  verify none Can someone help check if there will be potential issues?

HAProxy, hands down.

You need a program to look into the traffic - one possible solution is ICAP server - see https://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html

LDAP/RADIUS should work with 0.4.26. NT Domain auth is gone with 0.4.29.

ive updated packages to latest, reconfigured everything and jeeeh, now i get another error which i am not able to fix too: 1482081072.306      1 192.168.178.254 TAG_NONE/400 3795 NONE error:request-too-large - HIER_NONE/- text/html 1482081072.322    28 192.168.178.254 TCP_MISS/400 3858 GET http://blabla.myfritz.net:8080/ - HIER_DIRECT/192.168.178.253 text/html in browser i get squid error page: ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: error:request-too-large The request or reply is too large. ... config: http_port 192.168.178.253:8080 accel defaultsite=blabla.myfritz.net vhost cache_peer 10.10.55.10 parent 8080 0 proxy-only no-query no-digest originserver login=PASS name=rvp_pi_peer acl rvm_pi_uri url_regex -i ^http://blabla.myfritz.net:8080/.* cache_peer_access rvp_pi_peer allow rvm_pi_uri cache_peer_access rvp_pi_peer deny allsrc never_direct allow rvm_pi_uri http_access allow rvm_pi_uri its very frustrating  :o

Up :)

Avoid the clone button. https://redmine.pfsense.org/issues/6756 https://redmine.pfsense.org/issues/6511

Hi. I had the same problem and found solution. So go to “Diagnostics->Command Prompt“. Type the command below on “Execute Shell command” and click ‘Execute‘. pw useradd clamav -G wheel Type again the command below on “Execute Shell command” and click ‘Execute‘. pw usermod clamav -G wheel Now try to install squid again.  ;)

Thank you for testing it. Can anyone else also try it please. Accessing https://workshop.olacabs.com  with SSL bump in transparent mode. Thank you Ashima

Yes i follow the instruction but still not working..yes im using squidguard