I only block porn.

Another post relevant question. Is there a way to white list a domain? Perhaps this will circumvent the above issue. I tried : Services -> SquidProxy ->  ACL -> Whitelist: *facebook.com but that does nothing. perhaps the syntax is wrong or this is not what it's for? Thanks,

The .crt I was referring to WAS exported from pfSense self-signed CA i created exactly for use with squid SSL. Isn't custom website the only way to have client easily interact with that certificate (install it). I mean that involves making said website available, which I am not sure exactly easier. Please correct me if I am wrong.

thanks, the troubleshoot web page helped Found issue and corrected. CJB

Unchecking the 'transparent client ip' feature solved my problem. Thank you very much, Regards, Joe

thanks, good point. Ill experiment more with this.

http://downforeveryoneorjustme.com/www.eletrobraspiaui.com It's actually down, or appears to be down.

No idea The squid config General page has an Advanced Options button that you can use to expand the section that allows you to enter custom parameters. If the squid package isn't to your liking then I don't know why you don't just spin up a Linux box, compile squid with whatever options you need and then just use that.

@Nachtfalke: Status –> System Logs --> Settings Dsiable "Log packets matched from the default pass rules put in the ruleset" OR Create a specific Firewall rule with destination "127.0.0.1" , action=allow and port=any and source=any and siable logging. So traffic will match this specific rule and will be allowed but not logged. Well, your first suggestion stops all pass logging it seems. The second suggestion didn't work. I'm guessing since the traffic is on the lo0 interface?

Thats true the WPAD ignores that IP goes though for a moment I thought it was WPAD now that I have been doing a deep analyze its not it. Not even sure what to do now…

I found how to fix Captive Portal, so now I may try to use CP for squid authentication. For anyone that read this thread, DHCP can be run on the Domain and CP will still work, it is not required to have DHCP in pfsense.

@jetberrocal: @jetberrocal: @chris4916: 2 - As I previously wrote, configure captive portal (without authentication) and display page explaining that proxy needs to be manually configured. This page will not be reached but in any case, for devices not WPAD aware, this may help This is an idea that I could try.  I will write down the outcome after trying. OK.  It worked nicely.  I did not use the default CP page as it includes authentication fields, I loaded a ngnix sample test page and it work as expected Thank you for the idea.  I was trying CP with authentication before and it did not work. (But that is another thread) Just one more question.  With this I do not need the block rules anymore? I answer my self the block rule question.  I removed them to test and it work without them.

Thank you for your reply I tried two methods which are manually configuration and WPAD but neither chrome nor firefox don't works as expected although i was sure that chrome or firefox used proxy configuration. I captured traffic and could see the CONNECT www.facebook.com but squid didn't logged domain in log file. Strange thing which i don't understand is if i close chrome or firefox, it works as expected. Best regards

Dear All, Please help on above. Regards,

Yes, that gets the socket file created with the correct ownership and everything seems to be working perfectly for me now. Thank you for the help PiBa.  You're awesome!

Apologies all… Google Foo was not playing well this morning... Thread with info I need is here:  https://forum.pfsense.org/index.php?topic=83236.0

The main problem with OpenDNS is that you can't segregate between blocked and non blocked clients You can in a way via firewall rules.  Non-blocked clients can get direct access out via port 53 to whatever DNS they choose.  Blocked clients will have their DNS requests captured and handled by pfSense.

on the backend i have added the following line to "Backend pass thru" reqrep ^([^\ :])\ /Automation/(.)    \1\ /\2 This seems to work is it possable to drop off the last forward slash / ? Cheers Rich