• SquidGuard ext url * redirect not working

    9
    0 Votes
    9 Posts
    10k Views
    K
    Dont want to overpost here but I know this is an old post but not sure if this applies or if anyone had solved it So i keep getting UPGRADE WARNING: URL rewriter reponded with garbage ' 192.168.3.3/- - GET'. Future Squid will treat this as part of the URL. where 192.168.3.3 is my IP but Not sure what the upgrade warning means? should be concern? or let it be? Im running transparent mode +WPAD so i leave the option rewrite to int blank page and that annoying pinger: initializing ICMP PINGER....
  • Groups ACL - LDAP Group Filter

    1
    0 Votes
    1 Posts
    743 Views
    No one has replied
  • Reverse proxy fo Exchange 2013

    11
    0 Votes
    11 Posts
    7k Views
    D
    For the win2k12r2 web application proxy to work it needs to communicate with an adfs server, during installation and configuration of the wap you'll be asked to set this up. So yes, I'm afraid you'll need 2 servers: DMZ win2k12r2 wap Internal network win2k12r2 adfs
  • HAProxy

    3
    0 Votes
    3 Posts
    1k Views
    J
    Hello. Thanks for the info. OK, If there is a web server in the LAN/DMZ this is the good solution. Regards
  • Squid3& ClamAV Virus Check does not Prevent Download

    1
    0 Votes
    1 Posts
    668 Views
    No one has replied
  • SquidGuard 2 LAN's - IP interface redirect error msg

    1
    0 Votes
    1 Posts
    547 Views
    No one has replied
  • Buggy squidGuard on a so called high end firewall, yea right! Please HELP

    5
    0 Votes
    5 Posts
    1k Views
    I
    That gets rid of the errors, but also defeats its purpose. Why should I do that? Thank you
  • Posible DDOS

    3
    0 Votes
    3 Posts
    989 Views
    B
    Are you saying refresh patterns periodically redownload the content? If so I guess I misunderstood the usage. Is there a good guide that explains use and parameters of the refresh patterns?
  • WPAD Help

    14
    0 Votes
    14 Posts
    3k Views
    K
    But you know whats odd…If i put pfSense as HTTPS internet explorer keeps blocking the sites but not chrome or firefox soo odd..but anyway Also which computers exactly are not auto detecting? WPAD is pretty powerful and forces all client to the proxy ONLY IF the auto detect proxy settings is checked
  • Restrictive rules on OPT1 with squid on LAN & OPT1

    3
    0 Votes
    3 Posts
    1k Views
    M
    Hello cmb, thank you very much for your very quick reply (and sorry by the way as I created that topic in the firewall forum's instead of the proxy's one). So, I've tried to do what you told me, unfortunately, I can't make it to work as my pfsense box is setup to be used with HTTPS (and transparent proxy can only handle HTTP). So, if i'm logged in on the wireless interface and type 192.168.0.1 in my address bar, it will redirect me to https://192.168.0.1 even if I ask squid to not allow that. Also, sorry for that, my previous post isn't clear about my rules, so here is a screenshot (easier to see the rules i set up). [image: UIIzdECp9rJv.png] As you can see on that picture, I first block eveything to the LAN network. Then, it's OK, i cannot access https://192.168.0.1, but as a downside effect, websites don't show properly or take ages to load (I think it's because elements blocked by the proxy show a white pixel located on the pfsense box accessible through 192.168.0.1. To make websites load properly I have to set it up that way. [image: 9zXP9kKhiSnn.png] But, the downside effect is that I can access the pfsense login page (and I don't want people I don't know connecting through WIFI to be able to access or see that page). And, I think I finally find a workaround. It seems to work fine, but you guys might find a better way of doing it. I just changed the block rule to LAN to reject like this: [image: qAc4pPiJiXPW.png] Now, websites show normally (quickly as it should), and I cannot access my pfsense through the LAN IP 192.168.0.1 or pfsense.domain.com. It seems that computers connected to the WIRELESS network are still able to access the login page though the WIRELESS gateway 10.0.0.1. I'll look for a firewall rule. Or, is there a way to tell pfsense to allow login only through the LAN interface and not any other one? Also, what do you think of that firewall setup, does it look restrictive enough for you? Is there an easier method of achieving the same goal? Thanks a lot again for your help. I'll let you know :)
  • URL Filtering Question

    3
    0 Votes
    3 Posts
    996 Views
    K
    sure So let me get this: A group of users to ignore the squid proxy? A group of users to use squid proxy and block pages? LDAP? yikes :( I would rather just create a grey list
  • after New Main.cvd clamav stop update

    1
    0 Votes
    1 Posts
    580 Views
    No one has replied
  • Setting up a Website reverse proxy?

    1
    0 Votes
    1 Posts
    732 Views
    No one has replied
  • [SOLVED] Where to configure squid log format please

    2
    0 Votes
    2 Posts
    4k Views
    D
    Well I found, so here's the ugly hack. In local cache, activate Cache Dynamic Content and add the following in Custom Refresh Patterns logformat special %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %ss:%sh<br="">access_log /var/squid/logs/access.log special</st> There are already predefined logformats like the special here so you could actually just add access_log /var/squid/logs/access.log common but in my case, I can play with the format. Also, log into ssh and launch service squid.sh restart to see whether there are error messages or not.
  • Shallalist alternative?

    5
    0 Votes
    5 Posts
    12k Views
    D
    There's a French University list which is quite complete out here: http://dsi.ut-capitole.fr/blacklists/ They have a special pfSense version (english language categories so it won't break pfSense's squid) here: http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense.tar.gz Regards, Ozy.
  • Squidguard and blacklist

    2
    0 Votes
    2 Posts
    2k Views
    A
    Try cleaning it up. Go to /var/db/squidGuard/ and do a 'rm -rf' Then download your blacklist again. Once it is done, it should populate back all the folders in this location. Next, clean up your old ACL. /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf - Scroll to the bottom and find a section called acl. Change the 'pass xxxx' line to 'pass all' Go to squidGuard's first page and click apply, then go back to your 'common' to select the categories you want to block.
  • Squid3 cache test?

    9
    0 Votes
    9 Posts
    3k Views
    K
    So i think i might have figured out a workaround not the best but its something. I created a !ignore list for ONLY users that need to connect to another site that is running OpenVPN in my case its only 1 person because hes a programer and connects to other sites that also have pfSense. Theres no need for him blocking sites either because hes a freelancer and He still gets the transparent proxy working also. EDIT: NVM…It was working because i uncheck the automatic proxy settings  :'( [image: Clipboarder.2016.03.19-007.png] [image: Clipboarder.2016.03.19-007.png_thumb]
  • Squid3 cannot bind to OpenVPN client interface ?

    3
    0 Votes
    3 Posts
    1k Views
    M
    What mode of OpenVPN connection are you using?
  • Too many pinger process

    2
    0 Votes
    2 Posts
    1k Views
    C
    That's not gateway monitoring, it's part of Squid. Moved to that board.
  • [SOLVED]Problem squidguard GUI

    3
    0 Votes
    3 Posts
    1k Views
    vallumV
    @japr: I've solved the problem, I found the solution in a similar post only have to apply this code killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui You have 2 ways: The first is through the SSH console (if you have it enabled) you put your username and password, then selects the option 8 "SHELL" and executes the code the second is using a monitor and keyboard connected to pfsense server and do the same procedure as above (select option 8 "SHELL" and run the code). The server works perfect again, I hope it is helpful to many here in the forum You can select Option 11 i.e Restart webConfigurator . It will work.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.