A fix for local auth password handling. See https://redmine.pfsense.org/issues/6681

try pasting this "http://www.shallalist.de/downloads/shallalist.tar.gz" into "Blacklist URL" field, then save, go to "Common ACL's" Tab and expand Target Rules List with "+" button.

i have the same issue…once i start squidguard, squid will stop....
=do you mean squid -z to start squid or squidguard...

thanks

I've noticed the same thing. Only with Facebook videos via the FaceBook app at the moment. YouTube, Plex, Netflix, TWC TV apps and accessing FB using Chrome have no issues playing video thru squid.  With that said, I'm thinking its a tweak that Facebook would need to do to their app to use a proxy connection.

As described in documentation (even on-line doc), load-balancing doesn't work for proxy deployed on pfSense itself.

Reason is that fail-over and load-balancing rely on "GW group" that is configured as "policy routing" for FW rules, meaning then "per interface".

If you define, e.g. one "HAGW" group and use it for FW rules defined for LAN, this will not be used by HTTP proxy running locally thus not using LAN.

Update to the latest squid package. I have put in a fix to properly handle longer passwords.

not only SquidGuard, but I can't seem to get even Squid Proxy server to work, regardless of settings I am trying to use.. have gone to bare-bones, no authentication etc, it just won't work. Just web site timeouts..

Go to console, run a shell and run:

tar xv -C / -f /usr/local/share/pfSense/base.txz ./usr/bin/install

From my view point, Nginx is a better choice mainly because it is both faster and lighter than Apache.
You will easily find plenty of HowTo e.g. this one.

Thanks cmb,

Now its working.

@mepstein:

Hi,
In Squid 3.5, ssl_bump server-first all is deprecated and can't be used (at last in transparent mode) for sni sites. This must be fixed by the pfsense developments.

Insert the following code in Custom ACLS (Before Auth) and test navigating to this site: https://sni.velox.ch/

acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all

For me, this is working very well with gmail.com and other sites using sni.

thank you so much mepstein. this solved it nicely.

Thanks hollister, problem is resolved.

Yes - thank-you. I was just about to begin directory diving. I would have moved the 'install' from my pfSense appliance. This saved me a lot of work. Lots of good info here. I am very glad to know more about the tarball.

I can confirm that the workaround works great. Without any errors.

That's the issue here.
https://redmine.pfsense.org/issues/6643

To work around it, run:

tar xv -C / -f /usr/local/share/pfSense/base.txz ./usr/bin/install

see here: http://www.itnotes.eu/?p=3218

I have a problem here too but it's blocking everything, no categories list anymore?