• Squid without Certificate is it Possible

    2
    0 Votes
    2 Posts
    2k Views
    KOMK

    You need clients certs for running squid in transparent mode.  When running in explicit mode, you only need to configure WPAD to allow most clients to auto-discover the proxy by themselves.

  • Monitoring squid

    2
    0 Votes
    2 Posts
    748 Views
    KOMK

    Sarg no longer exists so Lightsquid is your only built-in option.  You could also export your access.log and process it through any number of other log parsers.

  • How to stop Squid proxy server from monitoring the inside LAN activity

    4
    0 Votes
    4 Posts
    1k Views
    A

    @KOM:

    Are you sure this is what's happening?  Squid, when running on transparent mode, will intercept all TCP 80/443 traffic and that's it.  Inter-LAN traffic doesn't even hit the firewall unless it's travelling between different interfaces.  I've been running squid & lightsquid for literally years now, and I've never seen anything like what you describe.  What are you looking at that makes you assume squid is even involved here?

    My squid is not on transparent mode, I've run a group policy management to distribute proxies into the domain devices. Well if that has any effect on the monitor then it seems that we have a major problem.
    If not, well I guess C0RR0SIVE might be right, I need to re-check my network schema.

  • Where is cachemgr.cgi?

    5
    0 Votes
    5 Posts
    5k Views
    D

    Thanks!

  • Squid reverse proxy. how to deny all others URL, not listed in rules?

    1
    0 Votes
    1 Posts
    699 Views
    No one has replied
  • Quicken Login Blocked

    1
    0 Votes
    1 Posts
    588 Views
    No one has replied
  • One Particular site giving 503 error with SSL bump

    5
    0 Votes
    5 Posts
    1k Views
    KOMK

    No specific advice other than to upgrade your pfSense to current, which has newer version of squid plus bugfixes and security patches.

  • Transparent proxy not working as expected

    11
    0 Votes
    11 Posts
    3k Views
    N

    Thanks for all your answers.
    I have a better understanding now and see your suggestions as the best solution.

  • Blocked pages won't load

    3
    0 Votes
    3 Posts
    3k Views
    N

    Thanks for your reply, Ashime.

    As soon as I made the pfSense webgui available over http instead of https, the issue was gone…
    To me that's a pfSense error, but anyway, things work alright now.

  • Error on Squid After Upgrade to 2.3.2-RELEASE-p1

    2
    0 Votes
    2 Posts
    2k Views
    U

    rm -rf /usr/local/etc/c-icap
    rm -rf /usr/local/include/c_icap
    rm -rf /usr/local/share/c_icap
    rm -rf /usr/local/lib/c_icap
    rm -rf /usr/local/etc/c-icap
    rm -rf /var/log/squid
    rm -rf /var/squid/
    rm -rf /usr/local/etc/squid

  • SquidGuard causes timeouts

    4
    0 Votes
    4 Posts
    840 Views
    N

    But btw, also tested a smaller subset, made no difference…

  • My Squid proxy

    9
    0 Votes
    9 Posts
    2k Views
    W

    Sorry it took so long to get back to you on the upgrade yes it was I forget what ver I started with it upgraded like two or three times I cant remember right now but yes it was up grade.

    I have taking the system back to the beginning of when I first got it up and running and am just doing with out the squid for now I am looking for new system to build or buy to redo pfsense I will be using the new ver I downloaded and burned to disk.

    I hope that fixes the problem.

    I  will keep you all up to date with my progress on getting it to work with new system. Thanks for the help so far though I would still be wondering around in the dark if it wasn’t for you folks so thank you so very much.

  • Pfsense and squid proxy certificate sha1 issue

    Locked
    17
    0 Votes
    17 Posts
    8k Views
    jimpJ

    @andikovaci:

    I try bat have an isue!

    pbi_add –no-checksig -f squid-3.5.3-amd64.pbi
    pbi_add: Command not found.

    pfSense 2.3 does not use PBIs, the information in this thread is for 2.2.x and perhaps 2.1.x. Your issue, whatever it may be, is unlikely to be related to this thread. Start a new thread stating your problem in detail and someone can attempt to help from there.

  • Lightsquid logs Timestamps

    2
    0 Votes
    2 Posts
    1k Views
    F

    i usually use the SquidAnalyzer for these types of reports, here in the forum have some tutorials for this purpose.

  • FTP client proxy can't use aliases.

    7
    0 Votes
    7 Posts
    1k Views
    K

    I'm confused, how can you put anything broken in an IP alias?

    It's literally a list of IP's you enter in the GUI.

    I did seem to see similar issues with aliases in some of my firewall rules, but 99.9% of them are still built around aliases and work. But in some of them I had to explicitly write IP's directly to get traffic to move.

  • 0 Votes
    6 Posts
    3k Views
    R

    Hello there,

    Having the same problem. Currently on 2.3.1 stable release, with squid 0.4.23_1 and squidGuard 1.14_4.

    I am using aliases as recommended above, but still have the problem. Sometimes squidGuard will simply stop filtering and
    allow everything, and cleaning the "Bypass Proxy for those source IP's" field and saving solves the problem.

    Couldn't really find a workout, have to constantly check if filtering is active and wipe the bypass proxy field if
    it doesn't. Maybe I should create a bug report?

    Thank you!

  • [SOLVED] HTTP and HTTPS backends switching

    9
    0 Votes
    9 Posts
    2k Views
    U

    Looks like the problem was indeed the name.
    Well thanks, didn't think that could be it, but I suppose the name isn't just for clarity, it must be used in the conf !

    I'll probably replace all of this with haproxy soon anyway, but at least for now it's working.

  • Squid/Squidguard and commercial Antivirus

    4
    0 Votes
    4 Posts
    4k Views
    KOMK

    you wil definitely find answers to commercial antivirus products to run on FreeBSD/UNIX/Linux.

    Huh, I had no idea.  You learn something new every day.

    No it's not. If you're using a high end firewall with enough power, it will run.

    I would rather not have some PC-class desktop as my firewall just so I can scan for viruses and malware that I don't have.  Most of my clients are Android, Apple and Linux.  The Windows boxes have their local AV clients.  I tried ClamAV a few years ago and it was dreadfully slow.  I agree with you when it generally comes to layered security, but AV on the firewall is too much of a performance tradeoff for me.

  • Wpad problem

    6
    0 Votes
    6 Posts
    1k Views
    C

    As I like to explain, from my own viewpoint, WPAD is the very last step in term of configuration.

    you have to ensure that your proxy works when explicitly configured on your browser once this works, you deploy proxy.pac on some web server and ensure it works when manually configured browser side once and only once this works too, you can push WPAD using DNS, DHCP or whatever supported method.

    Following this approach, you may discover that WPAD step is the easiest one and most of the time, it works  ;)

  • Block HTTPS site without WPAD or installing a CA certificate.

    3
    0 Votes
    3 Posts
    1k Views
    C

    @dilu1:

    In Sophos i use an option to block websites (facebook, twitter), this works for http and https.
    https is configured as "URL filtering only", this has some disadvantages like no content or virus scanning on https sites but that doesn’t matter to much for this case,
    I am only interested in blocking websites which works.

    I'm very prone to learn how this would work  8)

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.