• Run SARG on Another Machine to Analyze Squid Logs in pfSense 2.3.2

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Squid error

    3
    0 Votes
    3 Posts
    1k Views
    S

    Thank you.

  • Allow User To Authenticate and Bypass Filter

    5
    0 Votes
    5 Posts
    4k Views
    C

    @Willo:

    @chris4916, I'm wondering if the authentication couldn't be "transparent" by authenticating to either a local user database or AD?  So when they browse, it silently authenticates in the background?

    This wording is quite confusing especially when topic is proxy. Avoid "transparent authentication" wording, IMHO  ;)

    This said, technically, yes you can enable SSO (single sign on) at browser level and configure Squid (and your browser) to support Kerberos (because SSO is Kerberos based) but be aware that:

    1 - this is an extra level of complexity. Perhaps not the one to start with
    2 - Behaviour differs depending on browsers
    3 - This works with Squid / Squidguard but I don't know if pfSense packages allows such configuration
    4 - last but not least, this means to have Kerberos domain configured (and used). This is often achieved with Windows domain.

    I would suggest that you not try to achieve everything from scratch in one shot.

    Start with authentication and filter then once this works, you can think about changing your authentication mechanism and move to SSO

  • MOVED: FTP Problem

    Locked
    1
    0 Votes
    1 Posts
    615 Views
    No one has replied
  • Squidguard does not enforce Google Safe Search

    10
    0 Votes
    10 Posts
    3k Views
    r0utevv3R

    Your method doesn't work for me. I have already follow your instructions and still nothing. Please help!

  • Squid Reverse Proxy or HAProxy?

    16
    0 Votes
    16 Posts
    12k Views
    K

    Thank  you so much It was something with the acl i fixed see picture, Yea its version 1.5 Haproxy im still using pfSense 2.2.4

    Thank you

    Clipboarder.2016.10.01.png
    Clipboarder.2016.10.01.png_thumb

  • Cannot access Squid User Access Reports in ChromeOS (Chromebook)?

    2
    0 Votes
    2 Posts
    1k Views
    B

    Just cause it is a stupid mistake on my part…..

    you have to ADD port 7445 to the squid proxy server's ACL SSLPorts list...

  • No allowed http site

    2
    0 Votes
    2 Posts
    770 Views
    S

    I resolved, the problem was that he had in squidguard configuration about default !all
    thanks.

  • Lightsquid is nice but not good enough. I need to see DENIED Sites.

    1
    0 Votes
    1 Posts
    714 Views
    No one has replied
  • Group ACL in Squidguard behaving strangely

    9
    0 Votes
    9 Posts
    1k Views
    V

    @KOM:

    You have something very weird going on.  I couldn't even begin to guess at what it might be.  Please report back if you get to the bottom of it.

    Yes, I agree it is very strange. Thank you for trying to help.

  • Lightsquid hostname case sensitivity

    1
    0 Votes
    1 Posts
    861 Views
    No one has replied
  • Can't get Squid Authentication running

    5
    0 Votes
    5 Posts
    1k Views
    jimpJ

    @robertfranz:

    Was this broken all the way through 2.2.6 then?

    On older versions of squid it failed silently – It would accept a longer password but only check the first 8 chars. The newer version properly rejected that as a mismatch until the method was changed to used a password hash that allowed longer than 8 char passwords.

    So before it was even more insecure, but it was not obviously insecure.

  • Squid Proxy with ldap Authentication

    3
    0 Votes
    3 Posts
    3k Views
    R

    This going to sounds odd - but on the Squid Local Cache tab, at the bottom of the pager is a section labelled Dynamic and Update Content.

    In that section is a text box "Custom refresh_patterns"

    Apparently, there are a lot of options that can be passed here - I know I've passed log directives to change to combined and pipe it through syslog_ng.

    Quite possible that your code could be passed here, and it does survive reboots and (so far) upgrades.

  • Getting Lightsquid's IP Resolve -> DNS working

    2
    0 Votes
    2 Posts
    2k Views
    S

    I've also had a system where DNS resolving in LightSquid on pfSense 2.3.2 wasn't working correctly. Static leases and some (!) dynamic ones would display as host names, but all other hosts would display as IP adresses. Also, the same hosts that would display as IP adresses couldn't be resolved from the pfSense shell (!).

    The solution was, coming from mostly default settings, to set "System Domain Local Zone Type" to "Static" and "DNS Query Forwarding" to "Enabled" in the DNS Resolver general settings, and to Click the "Refresh Full" button on the LightSquid settings page. To be frank, I'm not quite sure what these settings do "behind the curtains" - I've researched the meaning of these settings some time ago, but can't remember exactly what they do (yes, I'm old (; ). Could be that setting "System Domain Local Zone Type" to "Static" is sufficient to make it work.

    Interestingly, clicking "Refresh Full" changed IP adresses to host names only in the "current day" report pages, not in the older reports (contrary to what the pfSense GUI says). I've been trying to get LightSquid to rebuild older reports by running "lightparser.pl" manually in the pfSense shell, but could't get LightSquid to rebuild older reports. I don't have the time to look deeper into this, maybe someone else could test and report back. I suspect there's a bug either in the way pfSense calls "lightparser.pl", or in the Perl script itself.

    Also, there seems to be a flaw in the way LightSquid is called in pfSense. I've set the "report generation interval" to 1h, and the last report of every day always has a time of "23:00" (hours). I think this means that, for every given day, the report is missing all data from 23:00 - 23:59 hours, as the next run is logically "the next day" (= after 24:00 or 0:00 hours, even if only a few seconds). I'm not 100 % positive on that, though.

    EDIT: I did some more digging, and it seems the "days before today"-stuff is connected to Squid log rotation. The GUI says "Defines how many days of logfiles will be kept. Rotation is disabled if left empty.". I assumed this means that the logs would rotate after the number of days I put in that field, but that assumption isn't correct. In fact, when entering any number in this field, the logs will be rotated every day, and logs with a higher "rotation sequence number" (appended to the log file name, like "access.log.x") will be deleted during log rotation. The number put into the GUI field is the number of logs that will be kept, not the number of days per se (it's only the number of days because pfSense "silently" rotates every 24 h). I think there should be two fields: "number of logfiles to keep" and "number of days to rotate the logfile after". The second field would have to change the "log rotate" cron entry in pfSense.

    Sorry for getting a little off topic. I'll watch this thread for any replies, and maybe open a new thread with all that "rotating stuff" if there's any interest in the matter.

  • HAProxy How to get the user real IP address

    2
    0 Votes
    2 Posts
    2k Views
    P

    Hi,

    There are a few ways to do that..

    https://gist.github.com/PiBa-NL/d826e0d6b35bbe4a5fc3#file-haproxy-sending-the-source-ip-to-the-webserver

    Options 1 and 3 are available in the webgui as a 'checkbox'.
    Option 2 can be set as textual in advanced option.

    Ill add that to my wiki shortly..

    Regards,
    PiBa-NL

    Edit:
    Added to wiki: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/haproxy_pass_clientip_to_webserver

  • SSL filtering works fine for everyone except Chromebooks

    1
    0 Votes
    1 Posts
    884 Views
    No one has replied
  • Squid, problems with transparant proxy, default cfg

    2
    0 Votes
    2 Posts
    925 Views
    N

    I face the same problem.

    If I configure Firefox to use proxy, the web filtering works fine. but the transparent proxy doesn't work alone (without proxy setup in Firefox)

  • Squid Blocks https only to the lan net

    1
    0 Votes
    1 Posts
    720 Views
    No one has replied
  • Changing Squid Config. Stops Activesync requests with Cert error.

    1
    0 Votes
    1 Posts
    786 Views
    No one has replied
  • Squid not working for my setup

    1
    0 Votes
    1 Posts
    752 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.