I didn't get you there.. What I'm trying to say is if I can somehow use the Groups in pfSense's User Manager in the Groups ACL section in SquidGuard

@cjbujold

Recently I've been trying pfSense for publishing and caching web servers; I was doing well with Varnish.
Pitifully, with the recent 2.3 upgrade this package is no longer available. So I tried Squid.

@cjbujold:

Went to the PFsense Advanced/ Tunables setting and create a new value for "portrange.reservedhigh with a value of 0.

Tried starting Reverse Squid and now I receive the error:

[ Squid is disabled. You must enable Squid proxy under Services - Squid Proxy Server - General.]

I do not want to use squid just the reverse proxy part.  The tutorials does not say we need to start this service.

Next step is I tried starting the Squid 3 service and now I'm getting the following error:

php-fpm[6517]: /pkg_edit.php: The command '/usr/pbi/squid-amd64/sbin/squid -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf' returned exit code '1', the output was '2016/04/01 10:11:44| FATAL: Invalid ACL type 'Help' FATAL: Bungled /usr/pbi/squid-amd64/local/etc/squid/squid.conf line 97: acl rvm_Remote Help url_regex -i remotehelp.accra.ca Squid Cache (Version 3.4.10): Terminated abnormally. CPU Usage: 0.011 seconds = 0.011 user + 0.000 sys Maximum Resident Size: 38032 KB Page faults with physical i/o: 0'

Instead of "portrange.reservedhigh" you have to set "net.inet.ip.portrange.reservedhigh" with the same value of "0".

After that you'll be able to configure "Reverse HTTP Port" (on "Squid Reverse HTTP Settings") to listen on port 80.

Then, you must enable Squid proxy under Services -> Squid Proxy Server -> General. Obviously you don't want to enable it as a Proxy Server but as a Reverse Proxy Server, aparently both use the same process, so you have to.

When you try to do this, it'll ask you to configure the "Local Cache", go to that tab, set your options, save the changes, and then try to "Enable Squid proxy" and save the changes.

You could verify if the "Squid" process is running on Status -> Services. And doing some "nmap -v -p 80 10.0.0.1" (<– your public IP or DNS here!) to check that your pfSense firewall is listening on port 80.

A firewall Rule have to allow traffic on port 80 to your public IP/virtual IP/CARP address; it's not necessary to set a NAT rule on your firewall (as far as I know), so if the Squid service is runnning there shouldn't be a problem to listen on port 80.

so by that way squid guard will not allow any listed Ips/Host by pass in Squid ?

try to reboot the pfsense and make sure you enable squid and squid gurad

Chrome for android has been automaticly direct proxy system by google.  ;D

@kiekar:

Hello,

The upgrade to 2.3 went relatively smooth but I do have currently one issue with the squid package after the upgrade.
Each time I start the squid service it will shortly afterwards stop. What I found in the cache log file is shown below.
Your help would be much appreciated.

Thanks,

Maximum Resident Size: 72544 KB
Page faults with physical i/o: 0
2016/04/16 16:48:13 kid1| Starting Squid Cache version 3.5.16 for amd64-portbld-freebsd10.3…
2016/04/16 16:48:13 kid1| Service Name: squid
FATAL: UFSSwapDir::openLog: Failed to open swap log.
Squid Cache (Version 3.5.16): Terminated abnormally.
CPU Usage: 0.026 seconds = 0.026 user + 0.000 s

You'd probably have to recreate the cache and swap files.

stop the squid service, login to shell

cd /var/squid/cache

rm -rf *

squid -z

Restart the squid service.

That is, if you are ok with deleting all the previous cache files.

Works for me.

Hi,

I've met the same problem, and solved it by editing /usr/local/www/classes/Form/Input.class.php and changing line 249 from :

if (strlen($this->_help) < 7620) {

to :

if (strlen($this->_help) < 4096) {

@jimp, thank you for fixing the problem that quick!

@moh10ly:

If not is it possible that it'll come on future versions of squid?  ???

thanks
Moh

Also in need of this feature.

Currently running pound on a separate VM but would like to have my reverse proxy on pfSense. I suppose I could always install pound on the pfsense box but it would be nice to be able to do multiple SSL reverse proxy configs it in the GUI.

I have received the access denied message in http access.

I too had this problem, in my case, I found /usr/local/libexec/lightsquid/ip2name.* non executable. chmod +x /usr/local/libexec/lightsquid/ip2name.* and force the update and everything is normal. I realize this doesn't help OP, but hope it may help someone else who looks at this thread.

hmm..allright lets start from the basic…

could you first try just one LAN segment to see if its working first?
Why dont you let WPAD run on pfSense? Did you add the 252 on the DHCP on windows server?

can you do nslookup WPAD? this is my WPAD

Also want to side note something about the VPN with OpenVPN theres issues see this...

https://forums.openvpn.net/topic21290.html

function FindProxyForURL(url, host) {     if (isPlainHostName(host) ||         shExpMatch(host, "*.local") ||         isInNet(dnsResolve(host), "192.168.3.0",  "255.255.255.0"))         return "DIRECT";     return "PROXY 192.168.3.254:3128"; }

Capture.PNG
Capture.PNG_thumb

Hi everybody,

I've a problem with  the captive portal authentication method for Squid.

When Squid authentification methode is "captive portal", my users can authenticate in my captive portal (captive portal with RADIUS AUTHENTIFICATION) but all the request in port 80 are blocked by the proxy. The Squid's logs (in Real TIme) say "TCP_DENIED/403" and the errors page with "access denied" appears…

When Squid authentification methode is "none", my users can authenticate in my captive portal and all the request in the port 80 are accept and the navigation is logged.

Please can you help me ?

I don't speak english very well, sorry... I'm french.

Thanks very much !

@pjust:

Hello,
I need to set up a user-agent to pfsense when HAproxy makes test.

Currently in the logs I find "undefined."

How can I do?

Hi guy,
on the server pool in the backend tab, you can specify the user agent in the "Http check version" for example "HTTP/1.1\r\nUser-agent:\ LB-Check"

After upgrading to PFSense 2.3 SQUID service doesn't start anymore.

I used this commands:

mv /var/squid/cache /var/squid/cache.old - SUCCESS

squid -z - ERROR

See attachment

rm -rf /var/squid/cache.old

Thank you in advance for your help.

Squid-z.jpg
Squid-z.jpg_thumb