Thanks a lot dear for quick help.
You made my weekend good :)

Even though there have been tons of fixes in the Squid3 package meanwhile - there are still MANY use cases that would be handled much easier and with a whole lot less overhead with things like pfBNG - especially now with the pfBlockerNG 2.0 version that has DNSBL functionality.

Sorry but I don't think that network design makes much sense. If you're trying to use transparent proxy, then you can't have the netgear as your default gateway, it must be pfsense. Best you give up on the transparent proxy and use WPAD or statically define the proxy server settings.

go back to the drawing board with your design, it just won't work.

doktornotor: please, leave the attitude at the door, or just leave. Your positive contributions are very much appreciated, but the jackassery like this thread reflects badly on all of us.

Hello,

I had both HTTP and HTTPS servers behind squid reverse proxy. All was working well until a few days ago.
Suddenly, HTTPS stopped working, redirecting to pfsense login page.
Tried to reboot, upgrade to last version, but still blocking…

Any hint ?

hi thx, problem is solved, my issue was some exclusions in squidguard.

Interesting results on the hourly squid hang can be found here:

https://forum.pfsense.org/index.php?topic=96472

hi!
      Above error.
      I try to remove squid cache file (rm -fR /var/squid) and then reinstall squid package, It is Ok!

Anyone?

You have the code and process linked in this post, yet you go again and again and again, instead of reading it.

Other than that - it works for everyone else. Perhaps call ghostbusters. (The install of course gets logged to the same place where you grabbed the "template not found" stuff.)

Hi Michael,

It would indeed be a step further, but i think its a rather 'dangerous' option if i understand it correctly..If you dont think it through you might loose access to http only sites on the same domain that you/someone forgot where running as well.. Ill put it on my todo list though.

Regards,
PiBa-NL

Hi I had searched and banged my head for a while and finally figured out a way to authenticate users on squid3 using group authentication

for eg:- a group in ldap INTERNET having few members will get internet access rather then all of them.

auth_param basic program /usr/lib/squid/ldap_auth -v 3 -ZZ -b "dc=intra,dc=example,dc=com" -f uid=%s -h ip/hostname of ldap
external_acl_type ldapgroups ttl=5 %LOGIN /usr/lib/squid/squid_ldap_group -v 3 -ZZ -b "dc=intra,dc=example,dc=com" -f "(&(cn=%g)(memberUid=%u))" -h ip/hostname
acl ldapgroup external ldapgroups internet
auth_param basic children 200
auth_param basic realm test-Web Squid3 Proxy Server
auth_param basic credentialsttl 1 minute
acl ldap-auth proxy_auth REQUIRED

http_access deny !ldapgroup
http_access allow ldap-auth
http_access allow localnet
cache_peer localhost parent 3129 0 no-query proxy-only login=*:nopassword
http_access deny all

rm -rf /usr/local/sarg-reports ln -s /usr/pbi/sarg-amd64/local/sarg-reports /usr/local/sarg-reports

This will fix the missing index file error.

@doktornotor:

Yeah, it won't work without the INC file. Simply try again.

I tried 3-4 times, with the same result. I'll try it again later this week. Maybe the internet is just annoyed with me today. :)

EDIT: I tried it AGAIN, and it worked this time. Thanks for confirming that I wasn't doing anything obviously wrong.

Beginning package installation for Lightsquid .
Downloading package configuration file… done.
Saving updated package information... done.
Downloading Lightsquid and its dependencies...
Checking for package installation...
Downloading https://files.pfsense.org/packages/10/All/lightsquid-1.8_2-amd64.pbi ...  (extracting)
Loading package configuration... done.
Configuring package components...
Loading package configuration... done.
Additional files... done.
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...done.
Executing custom_php_resync_config_command()...done.
Menu items... done.
Integrated Tab items... done.
Writing configuration... done.

Installation completed.
Lightsquid setup instructions:
Please visit Status - Squid Proxy Reports - Settings and read the configuration and usage instructions.
Jason Bottjen

doktornotor - Thank you for the info.

How long will it be before E2guardians is finish?

If it is too long I install Squid3 but I want E2guardin, seems to be the best to use with pfsense.

That seems ot be the case when you upgrade squid/squidguard.  You have to either reboot or restart the squid service.

I doubt NTLM authentication generates this amount of CPU requirement, unless there is something wrong.
Did you try to temporarily deactivate "black list" rules and filtering as well as anti-virus. These can be very CPU demanding.