I have a problem here too but it's blocking everything, no categories list anymore?

Hi Guys, already solved the problem. 1 - remove squid and squidguard (also remove manually all the files related to squid and squidguard) 2 - reinstall both package 3 - And just follow the tutorial at ( https://forum.pfsense.org/index.php?topic=73640.150) 4 - Its seem that the update of squidguard was affecting it performance 5 - Restart 6 - And ready to go

Zombie thread or not, this long-standing problem without a solution is crazy. With squid == websites broken Without squid == websites work Apparently browsers don't mind having dropped connections or whatever else is going on.  Why does squid cause a greater failure than apparently the source error? -Rob

Run: pkg update -f To update package lists.

Hello, see my topic: https://forum.pfsense.org/index.php?topic=115530.0

Solved for me: I am not sure exactly how, but finally I got the squid with default config. Several times in different sequence I made as follows: remove all about squid from <installedpackages></installedpackages>section of configuration file and restore pfSense configuration from modified configuration file install squid with or without squidguard uninstall (check/uncheck checkbox "Keep Settings/Data") squid and squidguard enable and disable squid and squidguard reboot pfSense manually remove files squid from filesystem (including *.txz files) (not sure) restore configuration from unmodified pfSense configuration file (with squid settings in <installedpackages></installedpackages>section)

@aGeekHere: For https you can use wpad. Sites that have popup loops are normally bad sites which can be blocked by squidguard and a block list. You can also enforce google safe search for all clients. Not that simple, although this is the beginning of the right approach. Explicit (meaning not transparent) proxy is mandatory otherwise HTTPS goes direct. (one could intercept even HTTPS in addition to SSL-Bump… this is another approach but not that simple) WPAD will, basic, get rid of the burden of manually configuring each and every device so this it relies on proxy. No more (not less) Then, second step, proxy.pac content will tell browser when to use proxy (and which ones) or not. Next step is proxy configuration: blacklists at Squidguard level will prevent to access unwanted domains (including proxies, redirectors...  :P) and direct IP  ;D ;D page content can not obviously be controlled for HTTPS flow (unless you enable SSL-bump, AKA MITM) ad-removal is partially done with blacklist too

good!!   +1

Do you have captive portal turned on? Because sometimes that can cause squid to crash or not work properly.

You can't account for torrent files, but you could throttle them to prevent people racking up bandwidth on these time wasting files.

I think you probably meant to post this question in the Cache/Proxy sub-forum and not the IDS/IPS sub-forum.  Perhaps you can get a moderator to move it for you. Bill

OK, here are the two ranges I use in the 'Bypass proxy for these destinations': 23.246.0.0/18 108.175.32.0/20 As I understand it Netflix uses different servers depending on where you live, so you will need to list the servers your Netflix is trying to use. I watched the logs for the IP when it got blocked. I looked these up on tcpiputils.com to find the IP Range, then entered this range into the Squid field. edit: This feature is under the 'Transparent Proxy' and it says it only works for the Transparent Mode which I use in addition to using WPAD. If you are not using this then looks like it wont work, you could try the ACL tab maybe.

can you go to squidguard then go to log then click on tab where it says filter log and what does it say?

not really sure what your trying to say? So if i understood correctly You want lets say your webpage which is hosted inside the same LAN as pfsense or sites which wont get filtered. Remember you need to edit proxy.pac wpad.dat and wpad.da for all of them to work. function FindProxyForURL(url, host) {     if (isPlainHostName(host) ||         shExpMatch(host, "*.local") ||         isInNet(dnsResolve(host), "192.168.3.0",  "255.255.255.0"))         return "DIRECT";         if (isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0" ))         { return "DIRECT"; }         if (isInNet(dnsResolve(host), "192.168.10.0",  "255.255.255.0" ))         { return "DIRECT"; }         if (isInNet(dnsResolve(host), "192.168.115.0",  "255.255.255.0" ))         { return "DIRECT"; }         if (isInNet(dnsResolve(host), "10.10.1.0",  "255.255.252.0" ))         { return "DIRECT"; }         if (isInNet(dnsResolve(host), "10.10.10.1",  "255.255.255.255" ))         { return "DIRECT"; } if (dnsDomainIs(host, "dane.gov.co") || dnsDomainIs(host, "www.dane.gov.co"))         return "DIRECT";;     return "PROXY 192.168.3.254:3128"; } As you can see the site dane.gov.co would not work whatso ever I had to add it to all the files above and ALSO add it on alias tab make a rule ABOVE the block the whole LAN for it to work. besides that all the other sites works fine

if your dns is handled by pfSense go to dns resolver and put in google and the IP of the safe search see picture do the same for youtube IF you run windows server with DNS i would recommend to use the root forwarder to pfSense as I had before safe search on windows but its more complicated [image: Clipboarder.2016.07.20-003.png] [image: Clipboarder.2016.07.20-003.png_thumb]

Please dont try MITM, Please use WPAD its much better sometimes MITM some pages wont load even with WPAD but in WPAD files You can bypass certain sites that wont load

https://forum.pfsense.org/index.php?topic=115357.0

jimp thanks for inspiring me to try again.  I swear I typed that command previously and it didn't work.  :P This time everything worked perfectly!  :) I just successfully reinstalled squid 0.4.21. Thanks again to everyone! -TAC