I think you probably meant to post this question in the Cache/Proxy sub-forum and not the IDS/IPS sub-forum.  Perhaps you can get a moderator to move it for you.

Bill

OK, here are the two ranges I use in the 'Bypass proxy for these destinations':
23.246.0.0/18
108.175.32.0/20

As I understand it Netflix uses different servers depending on where you live, so you will need to list the servers your Netflix is trying to use. I watched the logs for the IP when it got blocked. I looked these up on tcpiputils.com to find the IP Range, then entered this range into the Squid field.

edit: This feature is under the 'Transparent Proxy' and it says it only works for the Transparent Mode which I use in addition to using WPAD. If you are not using this then looks like it wont work, you could try the ACL tab maybe.

can you go to squidguard then go to log then click on tab where it says filter log and what does it say?

not really sure what your trying to say?

So if i understood correctly You want lets say your webpage which is hosted inside the same LAN as pfsense or sites which wont get filtered.

Remember you need to edit proxy.pac wpad.dat and wpad.da for all of them to work.

function FindProxyForURL(url, host) {     if (isPlainHostName(host) ||         shExpMatch(host, "*.local") ||         isInNet(dnsResolve(host), "192.168.3.0",  "255.255.255.0"))         return "DIRECT";         if (isInNet(dnsResolve(host), "192.168.1.0",  "255.255.255.0" ))         { return "DIRECT"; }         if (isInNet(dnsResolve(host), "192.168.10.0",  "255.255.255.0" ))         { return "DIRECT"; }         if (isInNet(dnsResolve(host), "192.168.115.0",  "255.255.255.0" ))         { return "DIRECT"; }         if (isInNet(dnsResolve(host), "10.10.1.0",  "255.255.252.0" ))         { return "DIRECT"; }         if (isInNet(dnsResolve(host), "10.10.10.1",  "255.255.255.255" ))         { return "DIRECT"; } if (dnsDomainIs(host, "dane.gov.co") || dnsDomainIs(host, "www.dane.gov.co"))         return "DIRECT";;     return "PROXY 192.168.3.254:3128"; }

As you can see the site dane.gov.co would not work whatso ever I had to add it to all the files above and ALSO add it on alias tab make a rule ABOVE the block the whole LAN for it to work. besides that all the other sites works fine

if your dns is handled by pfSense go to dns resolver and put in google and the IP of the safe search see picture do the same for youtube IF you run windows server with DNS i would recommend to use the root forwarder to pfSense as I had before safe search on windows but its more complicated

Clipboarder.2016.07.20-003.png
Clipboarder.2016.07.20-003.png_thumb

Please dont try MITM, Please use WPAD its much better sometimes MITM some pages wont load even with WPAD but in WPAD files You can bypass certain sites that wont load

https://forum.pfsense.org/index.php?topic=115357.0

jimp thanks for inspiring me to try again.  I swear I typed that command previously and it didn't work.  :P

This time everything worked perfectly!  :) I just successfully reinstalled squid 0.4.21.

Thanks again to everyone!

-TAC

I got a way to make it works. I just added a Blacklist into Squidguard, but im not using it. After SG downloaded and applied the dropdown menu from each GroupACL came back to live.

Workaround ist to revert to http-protocol in System-Advanced-Admin Access-WebConfigurator.

Maybe this bug will be fixed.

looks like this issue has been posted in squid
http://bugs.squid-cache.org/show_bug.cgi?id=4477

Try this

https://forum.pfsense.org/index.php?topic=112335.0

Hi, did you find a solution for this issue, if so may you share it.

Check out the following:

https://forum.pfsense.org/index.php?topic=113092.new;topicseen#new

Using Squid ACLs turns out to not be a good choice as entire pages appear to be blocked when only some content loads from the undesirable domains.  Any suggestions to get it working in Squidguard?

" Any suggestions on correcting it?"

Your on the local lan right… then use the local IP, if you want to use the same public fqdn to access it then just setup a host override so that internal boxes resolve your public fqdn to your internal IP.