Please see: https://forum.pfsense.org/index.php?topic=119934.0

Ok it means i need to get this SquidVideoBooster plug-in, for caching youtube videos and extras. it will cost $1000 per year for this. Not 100% open source smellin ios/mac  ;)

Hello guys,
I am Brazilian and I am with this same problem, I am wanting to block this automatic download of Windows Update, and here I have some O.S Win7 and Win10, and wanted to make this block via squid. Could anyone help? Thanks for help.

There seems to be a problem with Yahoo sites - see http://lists.squid-cache.org/pipermail/squid-users/2016-June/011220.html (it is about flickr but the issues on all sites of yahoo)

Problem seams to be solved! I'll test with SquidGuard, but so far so good!

Thank You KOM

if there is only a step by step procedure how to maintain it, i will volunteer.

This is still an issue with that latest pfSense (2.3.2-RELEASE-p1) and Squid 0.4.23_1) Packages.  Every time I make a change to anything squid/clamav/reverse proxy I have to add the entry back into squid.conf.

Is this going to be fixed?

rm -rf /usr/local/etc/squid/

wipe the directory and try again

Hi,

here i have a similar problem.

I have squidguard and squid3 running 2.3.2.

1. i added a domain in squid3 to ACL whitelist
2. i added the the limit target in squidguard, which is allowed in the commonACL.

But the request is always answered with the redirect info page, showing it's denied by the second target.

Any ideas?
stegbth

@mrhub:

Hello.
I beleive that in SARG you could click a domain and se all the urls, is that possible to do with lightsquid?
Right now it shows only the topdomain, but I need to see the specific pages that has been visited, and if I check the access log from squid it is there…

Any update on this? I also need full URLs. (:

Not sure about squid.. maybe it can..
As for haproxy it can decrypt the traffic and use an acl on the url path. and then forward the traffic unencrypted to the desired backend servers. The big question with that always is will the webapplications properly handle the traffic without sending a https redirect, or including absolute links pointing to a http://my-domain.com/image.jpg or javascripts or other page links.. Haproxy will not rewrite the 'body' of a webserver response. It can modify headers, but that doesnt always make the webapp work.

I have no experience with subsonic nor calibre so can tell anything specific to those environment.. For wordpress for example there are some 'manuals' online that tell how to configure it when hosting it behind a reverse proxy.

Is there any traffic in access.log from any of these ghost users?  No log data usually means they either aren't using the proxy or aren't using the web.

I've never used captive portal so I can't help you there.

any suggestion where the problem !!!!!

Hello

same problem here.

2016/10/31 21:40:33| Processing: acl allowed_subnets src 172.28.1.0/24 172.28.2.0/24 172.28.3.0/24 172.28.4.0/24 172.28.5.0/24 172.28.6.0/24 172.28.7.0/24 172.28.8.0/24 172.28.9.0/24 172.28.10.0/24 172.28.12.0/24 172.28.13.0/24 172.28.14.0/24 172.28.15.0/24 172.28.16.0/24 172.28.17.0/24 172.28.18.0/24 172.28.19.0/24 172.28.20.0/24 172.28.21.0/24 172.28.22.0/24 172.28.23.0/24 172.28.24.0/24 172.28.25.0/24 172.28.26.0/24 172.28.27.0/24 172.28.28.0/24 172.28.29.0/24 172.28.30.0/24 172.28.31.0/24 172.28.32.0/24 172.28.33.0/24 172.28.34.0/24 172.28.35.0/24 172.28.36.0/24 172.28.37.0/24 172.28.38.0/24 172.28.39.0/24 172.28.40.0/24 172.28.41.0/24 172.28.42.0/24 172.28.43.0/24 172.28.44.0/24 172.28.45.0/24 172.28.46.0/24 172.28.47.0/24 172.28.48.0/24 172.28.49.0/24 172.28.50.0/24 172.28.51.0/24 172.28.52.0/24 172.28.53.0/24 172.28.54.0/24 172.28.55.0/24 172.28.56.0/24 172.28.57.0/24 172.28.58.0/24 172.28.59.0/24 172.28.60.0/24 172.28.61.0/24 172.28.62.0/24 172.28.63.0/24 172.28.64.0/24 172.28.65.0/24 172.28.66.0/24 172.28.67.0/24 172.28.68.0/24 172
2016/10/31 21:40:33| Processing: .28.69.0/24
2016/10/31 21:40:33| /usr/local/etc/squid/squid.conf:73 unrecognized: '.28.69.0/24'

I requiere this to exclude 172.28.11.0/24, for me is no use to 172.28.0.0/16

Any suggerest??

I wonder if you don't mix-up "captive portal authentication sent to proxy" and "squid support for radius based authentication". Its no clear to me what you really want to achieve.

Why don't you, for testing purpose and if possible, stop using captive portal and focus on "Squid + radius" authentication?
For this, Squid wiki will still help.
Once this works, you can go back to the initial config stacking Captive portal and Squid.

This aside, I've to admit that I don't really understand what's the added value of having stack of authenticated captive portal plus authenticated HTTP proxy.
What would the first one bring to the other? Is there something I miss here ?

From the GUI.  Look under Services for Squid Proxy Server.