• Squid 0.4.0 … unable to clean settings

    14
    0 Votes
    14 Posts
    2k Views
    D
    NP :)
  • Squid3 not working anymore when squidGuard is enabled

    3
    0 Votes
    3 Posts
    1k Views
    L
    Hi, I already set the blacklist, but the thing with the dummy entry was new to me. That did it! Thank you very much!!!
  • Squid3 - New GUI with sync, normal and reverse proxy

    428
    0 Votes
    428 Posts
    554k Views
    P
    Ok, clear and understood.  8)
  • Crash report or programming bug after upgrading to squid3 0.3.8

    13
    0 Votes
    13 Posts
    3k Views
    J
    Resolved with the new version! Thank you doktornotor.
  • Dansguardian SSL Blocking not redirecting

    19
    0 Votes
    19 Posts
    9k Views
    H
    Hi Guys, i do not understand the behaviour of dansguardian wit NO ssl-interception. Fact is, that dansguardian has decided, that the required URl is inappropreiate. This must be a decission on behalf of URL, IP or something else OUTSIDE the SSL connection. So why should dansguardian not be able to redirect the request? This seems a bug in dansguardian for me. Greetings
  • 0 Votes
    2 Posts
    3k Views
    S
    I've also been getting a setup similar to yours up and running on my home network and have also run into similar issues with ssl and the app store/dropbox.  I have seen it reported that dropbox is using ssl pinning which is probably why the dynamic certs being created are being rejected.  To get around this and caching, I've been playing with these settings in the Custom ACLS (Before Auth) under advanced features for squid: acl nobump dstdomain .dropbox.com .apple.com ssl_bump none nobump acl alwaysdirect dstdomain .apple.com always_direct allow alwaysdirect cache deny alwaysdirect The first 2 are to avoid ssl bumping on those matching labels.  This has let the app store on iOS and the dropbox client to connect without error.  I believe that by enabling this you will loose the ability to do any path matching in squidguard on secure urls, but since you are direct connecting in your wpad config this is probably fine. The last 3 lines are to avoid having any results cached.  I'm getting mixed results with those, need to read more into the current documentation to make sure they are doing what I would expect.
  • HAProxy Detailed Logging How To?

    2
    0 Votes
    2 Posts
    2k Views
    P
    Currently still the best way is to setup a real syslog server and send logs over udp to it.. The usage of chroot prevents that haproxy still uses that syslog 'file' once it started up..
  • 0 Votes
    7 Posts
    2k Views
    D
    @dsefcik: Can you describe what it does? You seem to think we should not need to add this. http://www.squid-cache.org/Versions/v3/3.1/manuals/squid_ldap_auth.html -R        do not follow referrals Read this: LDAP Referrals, mainly: An LDAP referral is a domain controller's way of indicating to a client application that it does not have a copy of a requested object (or, more precisely, that it does not hold the section of the directory tree where that object would be, if in fact it exists) and giving the client a location that is more likely to hold the object, which the client uses as the basis for a DNS search for a domain controller. Either you are querying wrong DCs or there's something wrong with your setup really.
  • FTP Client Proxy Package Proxy Bypass: Source/Destination not working

    1
    0 Votes
    1 Posts
    712 Views
    No one has replied
  • Squid 0.4.0 set 'Finish transfer if less than x KB remaining' to -1.

    5
    0 Votes
    5 Posts
    2k Views
    technicalT
    @doktornotor: Stick this in there: --- a/usr/local/pkg/squid.inc      2015-10-12 20:05:23.939006529 +0200 +++ b/usr/local/pkg/squid.inc    2015-10-14 10:22:42.955506820 +0200 @@ -953,7 +967,7 @@         if (!empty($post['quick_abort_min'])) {                 $value = trim($post['quick_abort_min']); -              if ((!is_numericint($value)) && ($value !== -1)) { +              if ((!is_numericint($value)) && ($value != "-1")) {                         $input_errors[] = "'Finish when remaining KB' must contain a positive integer or '-1'.";                 }         } Leave everything at defaults and use the fine "Test" feature in there if unsure. thank you so much.
  • Squid3 0.3.9.2 Log Rotate Problem

    10
    0 Votes
    10 Posts
    2k Views
    V
    @doktornotor: I have already told you 3 times that it's a leftover from Squid3 before 0.3.6. Remove it and move on. I always did. Thanks.
  • Squidguard url-rewrite for Google safe search strange string !

    9
    0 Votes
    9 Posts
    3k Views
    A
    thanks for this tweak. it's ok when a make a search directly from www.bing.com. but i have a problem when i make a search with the integrate search bar in star menu in windows 8 or 10. it 's redirect to www.google.fr but with bing.com and some URL parameters. so i have and ssl certificat error that say me URL is not the same as URL in certificat. and finaly i have "404. That’s an error."  message from google that's say me page not found with this parameters :-(
  • Squid Kerberos SSO authentication against AD without Samba is working but

    3
    0 Votes
    3 Posts
    2k Views
    H
    Hi! You can use Shellcmd package to do it.
  • Upgrading and Squid data / logdirs

    4
    0 Votes
    4 Posts
    1k Views
    D
    Not really sure what "burn out" are you talking about. These days, the SSDs will handle hundreds of TiB of writes. If you want the thing managed by the package, simply mount things under /var/squid. You can still change it to whatever, just don't expect those dirs it to be maintained by the package (you'll get self-explanatory log warnings about that.) One accident with recursively changing permissions on / has been just enough.
  • Anit Virus Widget

    1
    0 Votes
    1 Posts
    581 Views
    No one has replied
  • Squid 0.3.9.2 ICAP protocol error.

    6
    0 Votes
    6 Posts
    3k Views
    P
    I actually managed to get it going by deleting all of the advanced feature .conf Stop&Start antivirus service and everything's fine. I must admit I didn't further investigate the issue but it's worth a try. By the way, great job doktornotor, seriously. Bye
  • Squid 0.3.9.2 wipes web server list

    3
    0 Votes
    3 Posts
    969 Views
    D
    Well… was about to suggest that. LOL. :)
  • Tryng to Configure Pfsense and Squid3 as a reverse proxy

    4
    0 Votes
    4 Posts
    2k Views
    M
    IT IS DONE  ;D The old TMG is now replaced with a PFsense box. Two things i miss from TMG though The External computer set. Makes creating firewall rules so much easier. Just do an allow anything to external and you got unrestricted internet access but no access to other networks on the "inside" like opt The grouping functionality. In tmg you can create a group and then collect rules in the group. For example i can place all rules for my webservers in one group and have the mail servers in another. Makes troubleshooting much faster since i know i only have to look in the mail group when troubleshooting mail
  • PfSense multiple WAN IP's - HTTPS issue

    9
    0 Votes
    9 Posts
    3k Views
    P
    Some questions: -Do you want all 4 site's to be reachable using https? (if its only required for 1 site there is no need for SNI or any other extra stuff..( -Are you testing access to website2 from 'outside' a client or 3/4g phone on the internet? As when testing from the LAN you might actually be accessing the pfSense webgui.?. Though that would still not explain the redirect to website1.. -Is it possible to visit website2 over https on the current IIS configuration? (ignoring the certificate error.?.) 1- VMs seem like a rather big solution to a small problem (+licences).. 2- Haproxy would allow you to configure 4 different certificates one for each domain / ip. You could even host all 4 sites on 1 external ip, in which case SNI is required to send the right server-certificate back to the client. 3- upgrade IIS of course technically possible, but might require a new windows version (+licence). 4- With the 'old' IIS version i think it might just be easiest to configure the webserver with 4 lan-ip's and change the portforwards to direct traffic to each of those ip's. Then also configure the 4 websites in IIS to bind to those lan-ip's. (you could also try with assigning different ports instead of 443 to the other https sites 1443 2443 3443, and forward traffic there, that would evade the multiple lan-ip requirement, but might lead the site to generate wrong url's containing the port.. something you would need to test.) I would probably prefer option 4 with multiple lan-ip's or ports, if that isn't possible option 2 or even the combination of both :).
  • Squid appears twice in "services" menu

    2
    0 Votes
    2 Posts
    827 Views
    B
    ok, found this:https://forum.pfsense.org/index.php?topic=88309.msg487607#msg487607
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.