Update:

Not more than a minute after I posted this I found the solution.  Under the Group ACL tab and then under Target Rules is the following message:

ACCESS: 'whitelist' - always pass; 'deny' - block; 'allow' - pass, if not blocked.

Simply changing my target category to whitelist corrected the problem.

checked ,
Group 1 (192.168.0.230-192.168.0.254)

with Movies and other allowed

Group 2 192.168.0.2 -192.168.0.229

with movies blocked ,

now when there is two groups with first group in allow all  , squid guard filtering is not doing even thought squidguard is showing its running but its not blocking any sites

It all depends on your needs you have! If you don´t need Squid as a proxy you don´t need to
install squid for sure. It is like all other services, functions and features or options, if you don´t
need them really you don´t should install or activate them then.

It can be useful if there are children in a household and/or the family size is really big likes
5 till 10 persons in total. So you would be able to install Squid & SquidGuard with a user
authentication and then all things can be logged down the road what the whole family
was doing and it could also be regulated what they are all can do.

Hi,
Thank you for the reply,

Well..lets say I give that user access to 443 yes the Emails will come though but now he can navigate to https sites with no issue.

I was wondering if theres a way to force everything using NAT to redirect to squid ports

So after that all the programs would have to use port 3128

That being said bitdefender uses port 80 it works when i have transparent proxy and Yes if it comes to that I have gravity point and could just do it on the console with the proxy updates.

But I just dont like the fact blocking port 80/443 seems pretty radical

Sorry once again I failed to provide the version numbers…

pfsense 2.2.6-RELEASE (amd64)
SG 1.9.18
squid3 0.4.7

The integrations field contains the following:

url_rewrite_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0

I am not knowledgeable enough with squid to know what this does, so if you spot anything shady, please let me know!  At least, there is some references to squidguard..

I hope transparent proxy with squid works with 2.2.X otherwise whats the point of having the option to do so?  Plus it worked (somehow and not stable) in older versions of pfsense.

Regarding the antivirus, pfsense runs on a dual core CPU at 3.2GHz with 12GB RAM… So far it doesnt seem to be hindering bandwidth but I'll try to disable it to see if its faster.

Typically after you make changes and click save at the bottom of the associated page you are on (Common ACL if you changed target categories), go back to the General Settings page, and click Apply, once, no more, and it should reload the rules and work after a few moments.

Everything except HTTP, and if you have properly setup Squid to also handle HTTPS, will just pass through the firewall instead of squid… Squid is not meant for anything except traffic that goes over 80 and 443 in a typical environment.

Any idea?

Ok, figured I would update this post…  Had hoped someone would have chimed in by now though :(

I have HTTPS filtering working fully, I didn't realize that SquidGuard couldn't really intercept the connection, but will instead just break the tunnel, hence why I do not get the error page.

As for not accessing this forum, apparently when setting up my targets, I had accidently selected Forum instead of Fortune Telling... LOL

The only thing I have had trouble with since has been sgerror.php, since I followed that guide, and use HTTPS for webgui management, it seems I can't get the proper error page.  I attempted to copy the sgerror.php file over to the directory that is serving things, (I can serve an html file just fine!) but the browser just downloads the php file instead of generating a proper page with the block rule and such.

So, does anyone have any tips, or hints on how to get sgerror.php to work after having followed that guide?

Indeed:

from Squid perspective, relying on AD is nothing more than implementing LDAP support (although AD, as an LDAP server has some specific aspects) if you don't want to be prompted for authentication, Kerberos (especially in Microsoft domain environment) is the right solution. But this doesn't come out of the box because all browsers are not yet ready to support Kerberos.

This means you need Squid to support Kerberos (available since 2.6) and also your browser to be able to use such mechanism, which is not that obvious.

SquidGuard for sure wont 'interact' with HAProxy without some major work on lua scripting or development to haproxy to be able to call squidguard as a 'plugin' like squid does..

@alear:

I am using these packages. Squid is a transparent proxy. SquidGuard using int redirect default with custom block sgerror.php. All was working well. Once I configured whitelists it is failing. SquidGuard is still blocking bad sites but it is only displaying code 400 bad request now and has quit redirecting to my sgerror.php file. Tried other browser and got same results. I reinstalled the squidgaurd package and it will work correctly again but when I work in the whitelists I am back to failed redirect. Is the problem within squid itself?

Try disabling https for webui

pfsense - 2.2.6-RELEASE
They were installed using pfsense package management.

Assuming you have a block rule on LAN that prevents people from using ports 80/443 directly, just add a rule above that rule to allow those specific IP addresses out on 80/443.  This way those users don't have to go through squid at all.  This question would be better posted in the Cache/Proxy forum.

You have squidGuard but not squid?  squidGuard relies on squid and won't do much without it.  Did you search for the file using the command I gave you?  Weird that it wasn't in the default location.  You could try removing the package and then reinstalling it.  Worst case, me or someone else can upload the file for you to grab and put where it belongs.

@Duailibe:

Resolved my problem! Thank you!

Please, edit the first post and add [SOLVED] at the start or end of the title, so anyone else with your trouble knows that here is a solution.

Greetings!

This is for Lync but, it worked for skype too?
I'm having issues with skype from december (2015) until now. My pfSense has squid3+Squidguard+Lightsquid on transparent mode+Man in the Middle(hor http & https filtering). I'm trying to bypass the Skype servers IP address and nets but, until now, I had no luck…

"Unable to connect with Skype" shows when I open Skype. If I bypass from the proxy the IP of the PC where skype is running, Skype works without troubl; removed the bypass, the issue comes back.

Any advise or tip (or cheatsheet) are welcome :D

Thanks in advance.