@Ramosel:

Oh well, when those who are prone to pithy responses suggest that "search is your friend" at least we can link back to this!

https://forum.pfsense.org/index.php?topic=101502.msg566236#msg566236

So… yeah, use the darned search, be it Google or this forum.

Thanks for your help, you guys!

Managed to upgrade all our pfSense boxes to 2.2.4 now, thanks to the info on these here forums.

Now running the latest Squid and SG, and so far all are working as before… :)

Hi Sai Ravi,

If you only want to use the gui options, then probably defining 2 backends, where the second backend only has one server could be an option.. Then create a second 'shared frontend' and give it an acl like 'path starts with: /index.php'.

That said, you could probably easier to write it into advanced option in the backend something like this:

use-server server1 if { path_beg -i /index.php }

(untested)

With the new changes comming in package version 0.33 it should be easier to do with gui options only.. 'use-server' is not yet in there though..

Hope it helps, regards,
PiBa-NL

Hi did you open port 3129 for your lan Network in the firewall rules?
If not, you cant use the Protocol ;)

seems like i have resolved it…

i remvoed some packages that were to show interface statistics do not remember names .
but if someone could point me towards  logs files from where i can extract those package name i will post them.

i went to status and services and i couldnt start squid and squidfilter service. they would start and then shutdown automatically .. tried reboot no luck so i removed some packagtes and then started squid proxy service but still couldnt start proxyfilter service .. anyhow i quickly went to blaklist tab and luckily it worked.

@aGeekHere:

Lets take 2 better examples

Two car images

http://media.caranddriver.com/images/media/51/dissected-lotus-based-infiniti-emerg-e-sports-car-concept-top-image-photo-451994-s-original.jpg

https://images.omkt.co/Files/402/15EAC0/19F78/8c2112737cfe4cd88779712a4906ef6d/0/hero_forte_2014–kia-1920x.png

The first will cache.

The second will not for me.

Because the second link has header name: P3P. So I have no ideal for this, I'm searching for this case. May be Squid doesn't effect to P3P header

Phungs-MBP:~ tquang$ curl -I https://images.omkt.co/Files/402/15EAC0/19F78/8c2112737cfe4cd88779712a4906ef6d/0/hero_forte_2014–kia-1920x.png
HTTP/1.1 200 OK
Content-Length: 2692395
Content-Type: image/png
Last-Modified: Thu, 05 Mar 2015 16:01:38 GMT
Accept-Ranges: bytes
ETag: "0dd6fa95d57d01:0"
X-Frame-Options: SAMEORIGIN
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
ServerID: 1435
X-FRAME-OPTIONS: SAMEORIGIN
Date: Sun, 25 Oct 2015 08:22:00 GMT

I tried to get the correct topic but I cannot.

Could you help me and send the link if that topic?

The settings definitely do not get deleted with Squid. (And don't get deleted with most other packages either.) And yeah, uninstalling before upgrade is something I've always been doing, for pretty long time. (Among others to avoid the bugs with using cached install code from old versions for new ones.)

As its been quite buggy and the current releases, whilst improving, still has this memory leak issue amongst others.
And no its not trolling, not considering the rigmarole that myself and many others have had with it.
Its not to devalue the work being done on it by the likes of doktornotor, but the fact remains is there are bugs, most of which cant be helped as the package version is either old, or not fixed upstream, but there are bugs.
Hence, buggy.

In the fine Squid GUI. You are welcome to pay me a flight to find it for you.

2.42 is now merged. ;)

@exograpix:

You have to select lan.

Thanks, fixed above…

@OP: The interfaces MUST match. You have some wild mixture of Proxy Interface(s) vs. Transparent Proxy Interface(s) vs. SSL Intercept Interface(s). Make sure the thing match each other.

@maverik1:

How are you trying to enforce safesearch? Via url re-write or dnsmasq?

This is most likely the right and ultimate question  8)

There is something sometimes not well understood:

one of the differences between transparent and explicit proxy is that transparent proxy doesn't resolve any name. Packets are intercepted at default gateway level once target is found, meaning after DNS resolution. Therefore workstation DNS settings are used here. On the other hand, when using explicit proxy, browser sends URL to proxy and name resolution is handled at proxy level. Depending on your configuration, this may show different result  ;)

@Netizen1:

If you're using XP still, then at least try to ditch IE for Chrome or Firefox…. Highest version of IE for XPSP3 is IE8 :-\

IMO, XP machines should no longer have internet access. Whitelist specific applications only and block everything else. Definitely don't use IE6!

Did you read my answer?
My XP machines normally don't have web access - in this case it's just drunk science.

In VMware i have XP Pro SP3 IE6, XP Pro SP3 IE7, XP Pro SP3 IE8, Vista IE9, Win 7 IE10, OS X El Capitan < all for playing around.

And yes I also use XP on dedicated PCs. One example is MAME connected to a RGB CRT TV.
I also have 2 DOS PCs, 1 Win95 and 1 Win98 running because 3dfx Voodoo and ols Games needs the right OS ;D

Dear Netizen1

Thank you for your reply, I found the solution in the below topic.

https://forum.pfsense.org/index.php?topic=90961.15

BR,
Ahmed

I solved the problem, somting to do with the config file. I downloaded the config file on Diagnostics > Backup/restore. I opened the config and releted all items os squid, squidguard and lightsquid. Loaded the new config and installed the packages.

Thank you
Best Regards

@dims:

Suppose, I didn't configure domain manually but configured IP manually, i.e. not using DHCP. This means WPAD won't work then?

As described in draft RFC about WPAD and also in RFC3040, DHCP is only one mechanism tat can be used, client side, to find proxy.pac file.
Other mechanism exist and some should be implemented if you want to ensure that most clients benefit from WPAD.

The resource discovery mechanisms utilized by WPAD are as follows:
      *  Dynamic Host Configuration Protocol DHCP
      *  Service Location Protocol SLP
      *  "Well Known Aliases" using DNS A records
      *  DNS SRV records
      *  "service: URLs" in DNS TXT records

implementing DHCP, "well known alias", "DNS SRV records" and "service: URL" is pretty simple.
You will find examples here and there easily.

pfSense documentation covers some aspects. I tried to produce something with wider coverage (goal was more to focus on proxy design that WPAD) here. internet contains a lot of useful example

What you need to understand (and that is not yet clear if I read correctly your posts) is that "well known alias" mechanism relies on your local domain configuration and therefore local DNS too.

This mechanism, launched client side, relies on host FQDN.
Say your workstation name is:
workstation.sub_level2.sub_level1.domain.com
well known alias mechanism will search first for:
wpad.sub_level2.sub_level1.domain.com
then for:
wpad.sub_level1.domain.com
then
wpad.domain.com

By configuring one of these entries in your local DNS, it will allow you browser to find web server hosting proxy.pac file.