It is hard to keep in mind all nuances in all threads :D
I never had to use that guide, but as I can see - this exactly what you need, working OVPN as one of backends and X-Forwarded for web requests.

You are using a domain name instead on an IP.

as I remeber filtering was working. I had lan interface aitting in default vlan while other interfaces in different vlans an different subnet, requests from that subnets was filtered but not badwidth. bandwidth was my problem. squid was listening to lan interface in default vlan. forget to mention that on lan interface was tagged other vlans not to other physical interfaces.

I have the same problem, the server have internet conection and the time its ok, but i can't install anything
help pls.

Yes, Facebook has multiple IPs and FQDN. If I use the Firewall Alias option I can just load up the Alias (facebook.com fb.com www.facebook.com www.fb.com). The alias blocks fine.

I have not tried to keep cycling the service. I was taking for granted the 'Apply' under Squid Filter was refreshing the config and clearing the cache. Does any one know for sure?

@KOM:

You should probably post your question in the forum for your native language, if it exists, because your questions don't make much sense.  You would access those web resources using their URLs just as you have put them.  Squid isn't going to intercept anything on port 7001 without you adding an ACL to Squid's Custom ACLS section.  To intercept HTTPS on transparent proxy, you need to enable Man in the Middle SSL filtering and install pfSense certificate son every client.

KOM, Thank you very much, you solved my problem!

Can someone confirm the problem or is it just me?

Hi jimp,

thanks for your reply. :)

I tried to give Squid the Custom config
tcp_outgoing_address 87.199.9.9
in the field "Custom ACLS (After Auth)".
But the IP did not change.. The "WAN Address" is still shown to the public.

If i put that line in "Custom ACLS (Before Auth)" i am getting the squid error page while loading a website "The System answered [No Error]".
I also get the error page when i put the line in the "Integrations" field.

The IPs are configured as IP Alias.
Any more hints? :)

Greets

@ajnozari:

when you save Squid stops then re-starts to reload the configuration.

Why is pfsense not using the reload function/option instead of a restart? Atm you can't make any changes in a live environment. I have to wait until everyone has finished work to make any changes.

Thanks

"Bypass Proxy for Private Address Destination" did the job

The https://hostname/HAproxy_listeners.php never existed on 2.3.x versions.. (or at least it wasnt supposed to..) All the php package files for haproxy package where moved to a subfolder https://hostname/haproxy/HAproxy_listeners.php ..

It might have been that some old 2.2.x files remained or that old menu references where still present in the config file..

Anyway good that a reinstall of package fixed it..  :D

Hi,

getting the cert error that a cert is issued to "http" seems for me to be related to a squidguard target category or a blacklist which contains "unallowed" characters.
I have no problems with the "shallalist.de" blacklist. So I would suggest to determine which Target Categorie is leading to this problem to disable them all, click first "Save" and the "Apply" und squidguard General page and try again. If it is working then try to add target categories one after another with the same steps as long as it stops working.

Then if you have identified the target category causing the problem, then try to find the problematic characters or symbols and the with this information open a bug report on reminde.pfsense.org.
I did not found the causing characters until now.

Regards.

Here is some more information to try and clarify the issue.

Here is the following screen that is received when trying to navigate to the website hosted inside the network (behind pfsense/squid) when squid is turned on.

As from my previous post, the example url that I gave was http://git.gitserver.com. As from the image above, the URL has now turned into https://git.gitserver.com for no apparent reason.

Is there something that I'm missing because this site is hosted behind pfsense and squid? Why would squid automatically redirect the site to https if the site was never configured to accept https connections?

Thanks,
Uh_Hey

squid is/should be in the 'available packages' list on 2.3.1