Hi there, I found it…..... hopefully it will helpful to you in case if  you are stuck. In squid guard you cannot put the IP address and username in the custom created Group ACL, it will only pick the username. So I have created a same ACL twice , one with the client source as username, and other with the client source as IP only. Regards, Deepak

Yeah I just felt uneasy seeing that. I believe nothing has to have +x except for those that need to be executed. Everything else should be only readable for those that need to read it.

@nib01: Am I missing something here? I don't think so, except perhaps to explain what is then the behaviour from client perspective. Any error message, time-out?

SquidGuard is not a service.  It's a helper app that gets called per URL by squid. If you're having problems with squidGuard, enable logging and then check the logs.

I made a test, and only worked on internet explorer… i dont know why firefox not apply blacklist, maybe some function not standard , someone know why this happening ???

A fix for local auth password handling. See https://redmine.pfsense.org/issues/6681

try pasting this "http://www.shallalist.de/downloads/shallalist.tar.gz" into "Blacklist URL" field, then save, go to "Common ACL's" Tab and expand Target Rules List with "+" button.

i have the same issue…once i start squidguard, squid will stop.... =do you mean squid -z to start squid or squidguard... thanks

I've noticed the same thing. Only with Facebook videos via the FaceBook app at the moment. YouTube, Plex, Netflix, TWC TV apps and accessing FB using Chrome have no issues playing video thru squid.  With that said, I'm thinking its a tweak that Facebook would need to do to their app to use a proxy connection.

As described in documentation (even on-line doc), load-balancing doesn't work for proxy deployed on pfSense itself. Reason is that fail-over and load-balancing rely on "GW group" that is configured as "policy routing" for FW rules, meaning then "per interface". If you define, e.g. one "HAGW" group and use it for FW rules defined for LAN, this will not be used by HTTP proxy running locally thus not using LAN.

Update to the latest squid package. I have put in a fix to properly handle longer passwords.

not only SquidGuard, but I can't seem to get even Squid Proxy server to work, regardless of settings I am trying to use.. have gone to bare-bones, no authentication etc, it just won't work. Just web site timeouts..

Go to console, run a shell and run: tar xv -C / -f /usr/local/share/pfSense/base.txz ./usr/bin/install

From my view point, Nginx is a better choice mainly because it is both faster and lighter than Apache. You will easily find plenty of HowTo e.g. this one.