There's no squid3-dev on pfSense 2.2; install squid3. Also, messing with pkg has absolutely no effect, that's not what is used.

Hi all I am bumping up this topic again because I made a few observations. I have determined that Squid has an issue with multi segment downloading/Multithread downloading. Testing with downthemall for firefox and metalink for chrome downloading a test file http://mirror.internode.on.net/pub/test/ When port 80 and 443 are blocked and all traffic is going through squid the download is limited to 1 segment resulting in slow download speed. However when not going through squid then the segments are not limited to 1, resulting in being able to download 10x faster (because now I can connect to 10 segements). I have also found that some software update programs which use multi segment downloading/Multithread downloading become slow at downloading. Now this is the strange part, squid does support multi segment downloading/Multithread downloading, when downloading from youtube you are able to connect to multi segments and get full bandwidth. So I guest the big question is is this a pfsense squid package issue or a squid-cache.org issue? Where should I post this bug/issue?

Afraid I won't be much of an assistance here, beyond a couple of notes: Don't use the default QNAP certificates, pretty much the same like having no encryption at all. Anyone can get the private key. Literally every howto that deals with running OwnCloud on QNAP suggests to move the QNAP admin webgui our of port 443. Other than that, all QNAP boxes here are running Debian.

Hi doktornotor, thanks for the links. I imagine to get a logfile with Timestamp , Username or Vouchercode, URL to log the guests activities in our WiFi network. So do you know, where the pfsense creates a logfile with Timestamp, Voucher and associated IP Adress so i can figure out, who had which IP Adress at Date / Time XY and accessed which URL?

The User has all the rights , because if i connect to the FTP server without the proxy it connects without any problems. There should be an exception list where you could set an entry, that then this FTP would not be any more filtered by the Proxy thats it. @doktornotor how could i stop proxing the FTP ? It is the most insecure protocol in the Internet, sends in plain text! So with S/FTP or FTP/S you would be providing more security and all would be fine for you. Otherwise could you set up one or more VPN connections to the pfSense firewall and then the users could get access to the really insecure FTP but also over an encrypted line or tunnel! And this would be the best way to go these days as I see it right.

@roccor The netflix player uses IP address to pull content, so your ACL's by domain name may not work once the player gets going. See my reply in a similar thread about Netflix streaming and how to find the CIDR range to bypass in squid: https://forum.pfsense.org/index.php?topic=94812.0

Make sure when you import your cert to Firefox that the "Authorities" tab selected.  It works.

@Ramosel: Oh well, when those who are prone to pithy responses suggest that "search is your friend" at least we can link back to this! https://forum.pfsense.org/index.php?topic=101502.msg566236#msg566236 So… yeah, use the darned search, be it Google or this forum.

Thanks for your help, you guys! Managed to upgrade all our pfSense boxes to 2.2.4 now, thanks to the info on these here forums. Now running the latest Squid and SG, and so far all are working as before… :)

Hi Sai Ravi, If you only want to use the gui options, then probably defining 2 backends, where the second backend only has one server could be an option.. Then create a second 'shared frontend' and give it an acl like 'path starts with: /index.php'. That said, you could probably easier to write it into advanced option in the backend something like this: use-server server1 if { path_beg -i /index.php } (untested) With the new changes comming in package version 0.33 it should be easier to do with gui options only.. 'use-server' is not yet in there though.. Hope it helps, regards, PiBa-NL

Hi did you open port 3129 for your lan Network in the firewall rules? If not, you cant use the Protocol ;)

seems like i have resolved it… i remvoed some packages that were to show interface statistics do not remember names . but if someone could point me towards  logs files from where i can extract those package name i will post them. i went to status and services and i couldnt start squid and squidfilter service. they would start and then shutdown automatically .. tried reboot no luck so i removed some packagtes and then started squid proxy service but still couldnt start proxyfilter service .. anyhow i quickly went to blaklist tab and luckily it worked.

@aGeekHere: Lets take 2 better examples Two car images http://media.caranddriver.com/images/media/51/dissected-lotus-based-infiniti-emerg-e-sports-car-concept-top-image-photo-451994-s-original.jpg https://images.omkt.co/Files/402/15EAC0/19F78/8c2112737cfe4cd88779712a4906ef6d/0/hero_forte_2014–kia-1920x.png The first will cache. The second will not for me. Because the second link has header name: P3P. So I have no ideal for this, I'm searching for this case. May be Squid doesn't effect to P3P header Phungs-MBP:~ tquang$ curl -I https://images.omkt.co/Files/402/15EAC0/19F78/8c2112737cfe4cd88779712a4906ef6d/0/hero_forte_2014–kia-1920x.png HTTP/1.1 200 OK Content-Length: 2692395 Content-Type: image/png Last-Modified: Thu, 05 Mar 2015 16:01:38 GMT Accept-Ranges: bytes ETag: "0dd6fa95d57d01:0" X-Frame-Options: SAMEORIGIN P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" ServerID: 1435 X-FRAME-OPTIONS: SAMEORIGIN Date: Sun, 25 Oct 2015 08:22:00 GMT

I tried to get the correct topic but I cannot. Could you help me and send the link if that topic?

The settings definitely do not get deleted with Squid. (And don't get deleted with most other packages either.) And yeah, uninstalling before upgrade is something I've always been doing, for pretty long time. (Among others to avoid the bugs with using cached install code from old versions for new ones.)

As its been quite buggy and the current releases, whilst improving, still has this memory leak issue amongst others. And no its not trolling, not considering the rigmarole that myself and many others have had with it. Its not to devalue the work being done on it by the likes of doktornotor, but the fact remains is there are bugs, most of which cant be helped as the package version is either old, or not fixed upstream, but there are bugs. Hence, buggy.

In the fine Squid GUI. You are welcome to pay me a flight to find it for you.