Thanks KOM for the info, we had to put the Project on ice for a time, other things :( but Will be starting up again soon. We will be looking for sending Proxy settings automatically or maybe have to set up Website on the Proxy to Redirect. We just have a WiFi and LAN that we want to provide Internet using a Login with mulitple (2) Internet connections. that was our purpose in choosing pfsense. Thanks again and any suggestions are appreciated. The biggest room in the world is the room for improvement.

And IE?  What URL specifically?

Cache size has already been experimented with, as has the RAM allocation. No difference either way with memory usage.

There's no MD5, there's DES. See crypt() docs It silently truncates passwords to 8 chars - read e.g. here: http://www.certpal.com/blogs/2010/05/crypt-des-and-8-character-truncated-passwords/ I cannot see how the patch here adding some MD5 salt nonsense to DES would work for anyone, just doesn't make sense. Perhaps if your replaced crypt() with md5(), it'd actually do something meaningful?!

Thank you very much doktornotor! It worked perfectly. His work is very important for the adoption of the platform. A big hug.

You'll really need to dig into the C-ICAP docs. If you figure out some working configuration, it can be put to the package, but I certainly don't have time to play with radios streaming ATM.

NP :)

Hi, I already set the blacklist, but the thing with the dummy entry was new to me. That did it! Thank you very much!!!

Ok, clear and understood.  8)

Resolved with the new version! Thank you doktornotor.

Hi Guys, i do not understand the behaviour of dansguardian wit NO ssl-interception. Fact is, that dansguardian has decided, that the required URl is inappropreiate. This must be a decission on behalf of URL, IP or something else OUTSIDE the SSL connection. So why should dansguardian not be able to redirect the request? This seems a bug in dansguardian for me. Greetings

I've also been getting a setup similar to yours up and running on my home network and have also run into similar issues with ssl and the app store/dropbox.  I have seen it reported that dropbox is using ssl pinning which is probably why the dynamic certs being created are being rejected.  To get around this and caching, I've been playing with these settings in the Custom ACLS (Before Auth) under advanced features for squid: acl nobump dstdomain .dropbox.com .apple.com ssl_bump none nobump acl alwaysdirect dstdomain .apple.com always_direct allow alwaysdirect cache deny alwaysdirect The first 2 are to avoid ssl bumping on those matching labels.  This has let the app store on iOS and the dropbox client to connect without error.  I believe that by enabling this you will loose the ability to do any path matching in squidguard on secure urls, but since you are direct connecting in your wpad config this is probably fine. The last 3 lines are to avoid having any results cached.  I'm getting mixed results with those, need to read more into the current documentation to make sure they are doing what I would expect.

Currently still the best way is to setup a real syslog server and send logs over udp to it.. The usage of chroot prevents that haproxy still uses that syslog 'file' once it started up..

@dsefcik: Can you describe what it does? You seem to think we should not need to add this. http://www.squid-cache.org/Versions/v3/3.1/manuals/squid_ldap_auth.html -R        do not follow referrals Read this: LDAP Referrals, mainly: An LDAP referral is a domain controller's way of indicating to a client application that it does not have a copy of a requested object (or, more precisely, that it does not hold the section of the directory tree where that object would be, if in fact it exists) and giving the client a location that is more likely to hold the object, which the client uses as the basis for a DNS search for a domain controller. Either you are querying wrong DCs or there's something wrong with your setup really.

@doktornotor: Stick this in there: --- a/usr/local/pkg/squid.inc      2015-10-12 20:05:23.939006529 +0200 +++ b/usr/local/pkg/squid.inc    2015-10-14 10:22:42.955506820 +0200 @@ -953,7 +967,7 @@         if (!empty($post['quick_abort_min'])) {                 $value = trim($post['quick_abort_min']); -              if ((!is_numericint($value)) && ($value !== -1)) { +              if ((!is_numericint($value)) && ($value != "-1")) {                         $input_errors[] = "'Finish when remaining KB' must contain a positive integer or '-1'.";                 }         } Leave everything at defaults and use the fine "Test" feature in there if unsure. thank you so much.

@doktornotor: I have already told you 3 times that it's a leftover from Squid3 before 0.3.6. Remove it and move on. I always did. Thanks.

thanks for this tweak. it's ok when a make a search directly from www.bing.com. but i have a problem when i make a search with the integrate search bar in star menu in windows 8 or 10. it 's redirect to www.google.fr but with bing.com and some URL parameters. so i have and ssl certificat error that say me URL is not the same as URL in certificat. and finaly i have "404. That’s an error."  message from google that's say me page not found with this parameters :-(

Hi! You can use Shellcmd package to do it.