• Lightsquid generates error in Proxy Report

    7
    0 Votes
    7 Posts
    2k Views
    D
    2.42 is now merged. ;)
  • Squid3 0.3.9.2 with SSL-Man-In-the-Middle-Filtering not working

    8
    0 Votes
    8 Posts
    2k Views
    D
    @exograpix: You have to select lan. Thanks, fixed above… @OP: The interfaces MUST match. You have some wild mixture of Proxy Interface(s) vs. Transparent Proxy Interface(s) vs. SSL Intercept Interface(s). Make sure the thing match each other.
  • WPAD and safesearch

    5
    0 Votes
    5 Posts
    1k Views
    C
    @maverik1: How are you trying to enforce safesearch? Via url re-write or dnsmasq? This is most likely the right and ultimate question  8) There is something sometimes not well understood: one of the differences between transparent and explicit proxy is that transparent proxy doesn't resolve any name. Packets are intercepted at default gateway level once target is found, meaning after DNS resolution. Therefore workstation DNS settings are used here. On the other hand, when using explicit proxy, browser sends URL to proxy and name resolution is handled at proxy level. Depending on your configuration, this may show different result  ;)
  • Where to set WPAD DNS A record

    11
    0 Votes
    11 Posts
    5k Views
    M
    @Netizen1: If you're using XP still, then at least try to ditch IE for Chrome or Firefox…. Highest version of IE for XPSP3 is IE8 :-\ IMO, XP machines should no longer have internet access. Whitelist specific applications only and block everything else. Definitely don't use IE6! Did you read my answer? My XP machines normally don't have web access - in this case it's just drunk science. In VMware i have XP Pro SP3 IE6, XP Pro SP3 IE7, XP Pro SP3 IE8, Vista IE9, Win 7 IE10, OS X El Capitan < all for playing around. And yes I also use XP on dedicated PCs. One example is MAME connected to a RGB CRT TV. I also have 2 DOS PCs, 1 Win95 and 1 Win98 running because 3dfx Voodoo and ols Games needs the right OS ;D
  • Squidguard and Squid Problem

    3
    0 Votes
    3 Posts
    1k Views
    A
    Dear Netizen1 Thank you for your reply, I found the solution in the below topic. https://forum.pfsense.org/index.php?topic=90961.15 BR, Ahmed
  • Can't isntall SquidGuard

    2
    0 Votes
    2 Posts
    862 Views
    SoloamS
    I solved the problem, somting to do with the config file. I downloaded the config file on Diagnostics > Backup/restore. I opened the config and releted all items os squid, squidguard and lightsquid. Loaded the new config and installed the packages. Thank you Best Regards
  • 0 Votes
    15 Posts
    2k Views
    C
    @dims: Suppose, I didn't configure domain manually but configured IP manually, i.e. not using DHCP. This means WPAD won't work then? As described in draft RFC about WPAD and also in RFC3040, DHCP is only one mechanism tat can be used, client side, to find proxy.pac file. Other mechanism exist and some should be implemented if you want to ensure that most clients benefit from WPAD. The resource discovery mechanisms utilized by WPAD are as follows:       *  Dynamic Host Configuration Protocol DHCP       *  Service Location Protocol SLP       *  "Well Known Aliases" using DNS A records       *  DNS SRV records       *  "service: URLs" in DNS TXT records implementing DHCP, "well known alias", "DNS SRV records" and "service: URL" is pretty simple. You will find examples here and there easily. pfSense documentation covers some aspects. I tried to produce something with wider coverage (goal was more to focus on proxy design that WPAD) here. internet contains a lot of useful example What you need to understand (and that is not yet clear if I read correctly your posts) is that "well known alias" mechanism relies on your local domain configuration and therefore local DNS too. This mechanism, launched client side, relies on host FQDN. Say your workstation name is: workstation.sub_level2.sub_level1.domain.com well known alias mechanism will search first for: wpad.sub_level2.sub_level1.domain.com then for: wpad.sub_level1.domain.com then wpad.domain.com By configuring one of these entries in your local DNS, it will allow you browser to find web server hosting proxy.pac file.
  • Better reports for squid and squidguard

    1
    0 Votes
    1 Posts
    628 Views
    No one has replied
  • WEB configurator port

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Squid3 in non Transparent mode with wpad autoconfigure

    5
    0 Votes
    5 Posts
    2k Views
    A
    Hi chris, Sorry for late reply. By Block I meant I cann't browse. It says Connecting…. on title bar of browser and just wait... nothing on screen. I cann't even access pfsense box. I just get locked. I wish  someone can provide me step by step way to configure squid with captive portal authentication. regards, Ashima
  • SquidGuard & ClamAV for protection really useful?

    4
    0 Votes
    4 Posts
    2k Views
    M
    Ok doktornotor, if ClamAV is a toy the only thing left is blocking. And here i see sometimes sites don't work if something (Ads) are blocked. So Adblock Plus is the better solution? But what about Ads on TVs, consoles or in-game Ads (Android, Windows Phones)? It's not that i don't have a Adblocker on Android but i want to check the possibilities. I saw somewhere it's possible to use the EasyLists in SquidGuard? If blocking Ads is better on the clients then there is from the Shalla's Blacklists left: Spyware (Trojans, phishing sites) and Tracker At the moment i pay for squidblacklist.org and want to get rid of it. I use from them: Malicious (Virus, botnet, malware, adware, apt, drive by, infectious) and Proxies (Http proxies users may attempt to use to bypass your filters) I guess it would make sense to block: Virus, Botnet, Malware, Adware, APT, Drive-By Download, Infectious, Espionage, hosts that perform IP tracking for media companies and associations like RIAA/MPAA, Http proxies users may attempt to use to bypass your filters If all this is not really usefull the only thing left is caching with Squid and i ask myself if all the hassle with getting wpad to work is worthwhile for a normal household?
  • Solution: Squid Transparent Proxy and Apple App Stores OSX & iOS Problems

    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • Squi 0.4.0 Reverse proxy for Exchange 2013

    21
    0 Votes
    21 Posts
    5k Views
    S
    You're very welcome
  • Transparent Mode with User Validation

    7
    0 Votes
    7 Posts
    1k Views
    S
    Thanks KOM for the info, we had to put the Project on ice for a time, other things :( but Will be starting up again soon. We will be looking for sending Proxy settings automatically or maybe have to set up Website on the Proxy to Redirect. We just have a WiFi and LAN that we want to provide Internet using a Login with mulitple (2) Internet connections. that was our purpose in choosing pfsense. Thanks again and any suggestions are appreciated. The biggest room in the world is the room for improvement.
  • Error in yahoo.com

    4
    0 Votes
    4 Posts
    1k Views
    KOMK
    And IE?  What URL specifically?
  • Squid 3 memory usage

    31
    0 Votes
    31 Posts
    6k Views
    B
    Cache size has already been experimented with, as has the RAM allocation. No difference either way with memory usage.
  • PfSense 2.2 : squid3 3.4.10_2 pkg 0.2.6 - Local Auth problem

    9
    0 Votes
    9 Posts
    2k Views
    D
    There's no MD5, there's DES. See crypt() docs It silently truncates passwords to 8 chars - read e.g. here: http://www.certpal.com/blogs/2010/05/crypt-des-and-8-character-truncated-passwords/ I cannot see how the patch here adding some MD5 salt nonsense to DES would work for anyone, just doesn't make sense. Perhaps if your replaced crypt() with md5(), it'd actually do something meaningful?!
  • "squidGuard" and "Proxy filter" not found when creating groups.

    6
    0 Votes
    6 Posts
    2k Views
    J
    Thank you very much doktornotor! It worked perfectly. His work is very important for the adoption of the platform. A big hug.
  • Blacklist issue

    Locked
    16
    0 Votes
    16 Posts
    6k Views
    M
    I've got the same issues it seems. I am running the latest version of pfsense, squid and squidguard.  In squidguard under common acl tab I have selected "Do not allow IP-Addresses in URL"  I notice that this causes facebook mobile chat not to connect as I am seeing the following logs: 15.10.2015 19:18:01  10.0.2.11/android-58e1c12f4ef215d8.syndicate.com 31.13.77.5:443  Request(default/in-addr/-) -CONNECT  REDIRECT. In target categories I created a new rule allowing access to the following domain:  31.13.77.5  I called the rule facebook_chat.  Back in common acl under target rules I have selected "allow" for this facebook_chat rule and above that area that rule is at the front just after the dummy rule that allows squidguard to function properly. Did I miss something? TIA
  • Problems using TuneIn.com with transparent squid + squidclamav

    10
    0 Votes
    10 Posts
    3k Views
    D
    You'll really need to dig into the C-ICAP docs. If you figure out some working configuration, it can be put to the package, but I certainly don't have time to play with radios streaming ATM.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.