• Squid, Squidguard, Squidclamav with HTTPS/SSL Configuration Guide Needed

    4
    0 Votes
    4 Posts
    2k Views
    D

    @Ramosel:

    Oh well, when those who are prone to pithy responses suggest that "search is your friend" at least we can link back to this!

    https://forum.pfsense.org/index.php?topic=101502.msg566236#msg566236

    So… yeah, use the darned search, be it Google or this forum.

  • Error in LightSquid after 2.42 update

    5
    0 Votes
    5 Posts
    1k Views
    J

    Thanks for your help, you guys!

    Managed to upgrade all our pfSense boxes to 2.2.4 now, thanks to the info on these here forums.

    Now running the latest Squid and SG, and so far all are working as before… :)

  • Context based Switching

    2
    0 Votes
    2 Posts
    843 Views
    P

    Hi Sai Ravi,

    If you only want to use the gui options, then probably defining 2 backends, where the second backend only has one server could be an option.. Then create a second 'shared frontend' and give it an acl like 'path starts with: /index.php'.

    That said, you could probably easier to write it into advanced option in the backend something like this:

    use-server server1 if { path_beg -i /index.php }

    (untested)

    With the new changes comming in package version 0.33 it should be easier to do with gui options only.. 'use-server' is not yet in there though..

    Hope it helps, regards,
    PiBa-NL

  • upstream proxy

    1
    0 Votes
    1 Posts
    998 Views
    No one has replied
  • Transparent Proxy Settings Problem

    2
    0 Votes
    2 Posts
    968 Views
    P

    Hi did you open port 3129 for your lan Network in the firewall rules?
    If not, you cant use the Protocol ;)

  • Cannot access Blacklist page for proxyfilter squidguard

    2
    0 Votes
    2 Posts
    795 Views
    S

    seems like i have resolved it…

    i remvoed some packages that were to show interface statistics do not remember names .
    but if someone could point me towards  logs files from where i can extract those package name i will post them.

    i went to status and services and i couldnt start squid and squidfilter service. they would start and then shutdown automatically .. tried reboot no luck so i removed some packagtes and then started squid proxy service but still couldnt start proxyfilter service .. anyhow i quickly went to blaklist tab and luckily it worked.

  • Squid no cache dynamic images

    5
    0 Votes
    5 Posts
    5k Views
    T

    @aGeekHere:

    Lets take 2 better examples

    Two car images

    http://media.caranddriver.com/images/media/51/dissected-lotus-based-infiniti-emerg-e-sports-car-concept-top-image-photo-451994-s-original.jpg

    https://images.omkt.co/Files/402/15EAC0/19F78/8c2112737cfe4cd88779712a4906ef6d/0/hero_forte_2014–kia-1920x.png

    The first will cache.

    The second will not for me.

    Because the second link has header name: P3P. So I have no ideal for this, I'm searching for this case. May be Squid doesn't effect to P3P header

    Phungs-MBP:~ tquang$ curl -I https://images.omkt.co/Files/402/15EAC0/19F78/8c2112737cfe4cd88779712a4906ef6d/0/hero_forte_2014–kia-1920x.png
    HTTP/1.1 200 OK
    Content-Length: 2692395
    Content-Type: image/png
    Last-Modified: Thu, 05 Mar 2015 16:01:38 GMT
    Accept-Ranges: bytes
    ETag: "0dd6fa95d57d01:0"
    X-Frame-Options: SAMEORIGIN
    P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
    ServerID: 1435
    X-FRAME-OPTIONS: SAMEORIGIN
    Date: Sun, 25 Oct 2015 08:22:00 GMT

  • Captive portal issue with Squid proxy

    3
    0 Votes
    3 Posts
    1k Views
    A

    I tried to get the correct topic but I cannot.

    Could you help me and send the link if that topic?

  • Random crash after squid package update…

    10
    0 Votes
    10 Posts
    2k Views
    D

    The settings definitely do not get deleted with Squid. (And don't get deleted with most other packages either.) And yeah, uninstalling before upgrade is something I've always been doing, for pretty long time. (Among others to avoid the bugs with using cached install code from old versions for new ones.)

  • Squid3 transparent proxy upstream proxy configuration

    1
    0 Votes
    1 Posts
    859 Views
    No one has replied
  • Squid 2, CARP & WPAD

    15
    0 Votes
    15 Posts
    3k Views
    B

    As its been quite buggy and the current releases, whilst improving, still has this memory leak issue amongst others.
    And no its not trolling, not considering the rigmarole that myself and many others have had with it.
    Its not to devalue the work being done on it by the likes of doktornotor, but the fact remains is there are bugs, most of which cant be helped as the package version is either old, or not fixed upstream, but there are bugs.
    Hence, buggy.

  • Sarg not reporting

    6
    0 Votes
    6 Posts
    2k Views
    D

    In the fine Squid GUI. You are welcome to pay me a flight to find it for you.

  • Lightsquid generates error in Proxy Report

    7
    0 Votes
    7 Posts
    2k Views
    D

    2.42 is now merged. ;)

  • Squid3 0.3.9.2 with SSL-Man-In-the-Middle-Filtering not working

    8
    0 Votes
    8 Posts
    2k Views
    D

    @exograpix:

    You have to select lan.

    Thanks, fixed above…

    @OP: The interfaces MUST match. You have some wild mixture of Proxy Interface(s) vs. Transparent Proxy Interface(s) vs. SSL Intercept Interface(s). Make sure the thing match each other.

  • WPAD and safesearch

    5
    0 Votes
    5 Posts
    1k Views
    C

    @maverik1:

    How are you trying to enforce safesearch? Via url re-write or dnsmasq?

    This is most likely the right and ultimate question  8)

    There is something sometimes not well understood:

    one of the differences between transparent and explicit proxy is that transparent proxy doesn't resolve any name. Packets are intercepted at default gateway level once target is found, meaning after DNS resolution. Therefore workstation DNS settings are used here. On the other hand, when using explicit proxy, browser sends URL to proxy and name resolution is handled at proxy level. Depending on your configuration, this may show different result  ;)
  • Where to set WPAD DNS A record

    11
    0 Votes
    11 Posts
    5k Views
    M

    @Netizen1:

    If you're using XP still, then at least try to ditch IE for Chrome or Firefox…. Highest version of IE for XPSP3 is IE8 :-\

    IMO, XP machines should no longer have internet access. Whitelist specific applications only and block everything else. Definitely don't use IE6!

    Did you read my answer?
    My XP machines normally don't have web access - in this case it's just drunk science.

    In VMware i have XP Pro SP3 IE6, XP Pro SP3 IE7, XP Pro SP3 IE8, Vista IE9, Win 7 IE10, OS X El Capitan < all for playing around.

    And yes I also use XP on dedicated PCs. One example is MAME connected to a RGB CRT TV.
    I also have 2 DOS PCs, 1 Win95 and 1 Win98 running because 3dfx Voodoo and ols Games needs the right OS ;D

  • Squidguard and Squid Problem

    3
    0 Votes
    3 Posts
    1k Views
    A

    Dear Netizen1

    Thank you for your reply, I found the solution in the below topic.

    https://forum.pfsense.org/index.php?topic=90961.15

    BR,
    Ahmed

  • Can't isntall SquidGuard

    2
    0 Votes
    2 Posts
    830 Views
    SoloamS

    I solved the problem, somting to do with the config file. I downloaded the config file on Diagnostics > Backup/restore. I opened the config and releted all items os squid, squidguard and lightsquid. Loaded the new config and installed the packages.

    Thank you
    Best Regards

  • 0 Votes
    15 Posts
    2k Views
    C

    @dims:

    Suppose, I didn't configure domain manually but configured IP manually, i.e. not using DHCP. This means WPAD won't work then?

    As described in draft RFC about WPAD and also in RFC3040, DHCP is only one mechanism tat can be used, client side, to find proxy.pac file.
    Other mechanism exist and some should be implemented if you want to ensure that most clients benefit from WPAD.

    The resource discovery mechanisms utilized by WPAD are as follows:
          *  Dynamic Host Configuration Protocol DHCP
          *  Service Location Protocol SLP
          *  "Well Known Aliases" using DNS A records
          *  DNS SRV records
          *  "service: URLs" in DNS TXT records

    implementing DHCP, "well known alias", "DNS SRV records" and "service: URL" is pretty simple.
    You will find examples here and there easily.

    pfSense documentation covers some aspects. I tried to produce something with wider coverage (goal was more to focus on proxy design that WPAD) here. internet contains a lot of useful example

    What you need to understand (and that is not yet clear if I read correctly your posts) is that "well known alias" mechanism relies on your local domain configuration and therefore local DNS too.

    This mechanism, launched client side, relies on host FQDN.
    Say your workstation name is:
    workstation.sub_level2.sub_level1.domain.com
    well known alias mechanism will search first for:
    wpad.sub_level2.sub_level1.domain.com
    then for:
    wpad.sub_level1.domain.com
    then
    wpad.domain.com

    By configuring one of these entries in your local DNS, it will allow you browser to find web server hosting proxy.pac file.

  • Better reports for squid and squidguard

    1
    0 Votes
    1 Posts
    626 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.