I solved the problem, somting to do with the config file. I downloaded the config file on Diagnostics > Backup/restore. I opened the config and releted all items os squid, squidguard and lightsquid. Loaded the new config and installed the packages. Thank you Best Regards

@dims: Suppose, I didn't configure domain manually but configured IP manually, i.e. not using DHCP. This means WPAD won't work then? As described in draft RFC about WPAD and also in RFC3040, DHCP is only one mechanism tat can be used, client side, to find proxy.pac file. Other mechanism exist and some should be implemented if you want to ensure that most clients benefit from WPAD. The resource discovery mechanisms utilized by WPAD are as follows:       *  Dynamic Host Configuration Protocol DHCP       *  Service Location Protocol SLP       *  "Well Known Aliases" using DNS A records       *  DNS SRV records       *  "service: URLs" in DNS TXT records implementing DHCP, "well known alias", "DNS SRV records" and "service: URL" is pretty simple. You will find examples here and there easily. pfSense documentation covers some aspects. I tried to produce something with wider coverage (goal was more to focus on proxy design that WPAD) here. internet contains a lot of useful example What you need to understand (and that is not yet clear if I read correctly your posts) is that "well known alias" mechanism relies on your local domain configuration and therefore local DNS too. This mechanism, launched client side, relies on host FQDN. Say your workstation name is: workstation.sub_level2.sub_level1.domain.com well known alias mechanism will search first for: wpad.sub_level2.sub_level1.domain.com then for: wpad.sub_level1.domain.com then wpad.domain.com By configuring one of these entries in your local DNS, it will allow you browser to find web server hosting proxy.pac file.

Hi chris, Sorry for late reply. By Block I meant I cann't browse. It says Connecting…. on title bar of browser and just wait... nothing on screen. I cann't even access pfsense box. I just get locked. I wish  someone can provide me step by step way to configure squid with captive portal authentication. regards, Ashima

Ok doktornotor, if ClamAV is a toy the only thing left is blocking. And here i see sometimes sites don't work if something (Ads) are blocked. So Adblock Plus is the better solution? But what about Ads on TVs, consoles or in-game Ads (Android, Windows Phones)? It's not that i don't have a Adblocker on Android but i want to check the possibilities. I saw somewhere it's possible to use the EasyLists in SquidGuard? If blocking Ads is better on the clients then there is from the Shalla's Blacklists left: Spyware (Trojans, phishing sites) and Tracker At the moment i pay for squidblacklist.org and want to get rid of it. I use from them: Malicious (Virus, botnet, malware, adware, apt, drive by, infectious) and Proxies (Http proxies users may attempt to use to bypass your filters) I guess it would make sense to block: Virus, Botnet, Malware, Adware, APT, Drive-By Download, Infectious, Espionage, hosts that perform IP tracking for media companies and associations like RIAA/MPAA, Http proxies users may attempt to use to bypass your filters If all this is not really usefull the only thing left is caching with Squid and i ask myself if all the hassle with getting wpad to work is worthwhile for a normal household?

You're very welcome

Thanks KOM for the info, we had to put the Project on ice for a time, other things :( but Will be starting up again soon. We will be looking for sending Proxy settings automatically or maybe have to set up Website on the Proxy to Redirect. We just have a WiFi and LAN that we want to provide Internet using a Login with mulitple (2) Internet connections. that was our purpose in choosing pfsense. Thanks again and any suggestions are appreciated. The biggest room in the world is the room for improvement.

And IE?  What URL specifically?

Cache size has already been experimented with, as has the RAM allocation. No difference either way with memory usage.

There's no MD5, there's DES. See crypt() docs It silently truncates passwords to 8 chars - read e.g. here: http://www.certpal.com/blogs/2010/05/crypt-des-and-8-character-truncated-passwords/ I cannot see how the patch here adding some MD5 salt nonsense to DES would work for anyone, just doesn't make sense. Perhaps if your replaced crypt() with md5(), it'd actually do something meaningful?!

Thank you very much doktornotor! It worked perfectly. His work is very important for the adoption of the platform. A big hug.

You'll really need to dig into the C-ICAP docs. If you figure out some working configuration, it can be put to the package, but I certainly don't have time to play with radios streaming ATM.

NP :)

Hi, I already set the blacklist, but the thing with the dummy entry was new to me. That did it! Thank you very much!!!

Ok, clear and understood.  8)

Resolved with the new version! Thank you doktornotor.

Hi Guys, i do not understand the behaviour of dansguardian wit NO ssl-interception. Fact is, that dansguardian has decided, that the required URl is inappropreiate. This must be a decission on behalf of URL, IP or something else OUTSIDE the SSL connection. So why should dansguardian not be able to redirect the request? This seems a bug in dansguardian for me. Greetings