OK, it works! Thank you doktornotor.

@JStyleTech: Possibility #1 - If your caching currently works and your SSL is setup correctly, there might just be a limitation with the "Maximum object size" under the "Local Cache" Tab of Squid.  If you want to cache a 100Mb file this setting should be at least "100000" as it represents kilobytes.  I currently have mine set to 300000. richie1985 allready post his squid.conf and "maximum_object_size" is set to  512000 KB @JStyleTech: Possibility #2 - perhaps you have an proxy exception rule applied to either an IP address or URL which could be linked to a hosted CDN.  If you don't use any proxy exception rules then you can ignore this, but if you do you might try disabling the rule temporarily and simply retest. I've personally setup two Aliases for this specific reason "Proxy_Bypass_Hosts" and "Proxy_Bypass_Ranges".  I use these specifically to whitelist sites, IP's and/or IP Ranges using ARIN and Robtex when addressing problem applications or services. Cand find anything that point to an exeption in the squid.conf

@azharkov: @doktornotor: Not until pfSense 2.3 is out, for sure. Check https://forum.pfsense.org/index.php?topic=99141.msg556045#msg556045 Hey thanks bro  ;D

well this thread also have same issue like me https://forum.pfsense.org/index.php?topic=87493.msg480628#msg480628

WPAD would probably be the way to go. I've just spend some time configuring it on my network. You might have to manually configure mobile devices. Android doesn't appear to be too user friendly just yet with wpad.  You might be able to specify a personal acl that points to a list of sites you want blocked. I don't know how exactly to implement this with pfsense.  Generally squid has a .conf file where you can specify this but I am not seeing one here.

thanks PiBa-NL for your reply and suggestions.

Ok some logs When I stop and start squid I get Sep 22 10:27:31 squid[22754]: Squid Parent: (squid-1) process 23039 started Sep 22 10:27:31 squid[22754]: Squid Parent: will start 1 kids Sep 22 10:27:22 php-fpm[84775]: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2015/09/22 10:27:17| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl" squid: No running copy' Sep 22 10:26:48 php-fpm[67812]: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2015/09/22 10:26:42| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl" In squid real time if I do squidclient -h 192.168.1.1 -p 3128 mgr:info I get 22.09.2015 10:33:03 192.168.1.244 TCP_DENIED/403 127.0.0.1:59243 - - 22.09.2015 10:32:12 192.168.1.244 TCP_DENIED/403 127.0.0.1:59243 - - 22.09.2015 10:32:01 192.168.1.1 TCP_MISS/403 cache_object://192.168.1.1/info - 192.168.1.1 22.09.2015 10:31:46 192.168.1.1 TCP_MISS/403 cache_object://192.168.1.1/info - 192.168.1.1 22.09.2015 10:31:43 192.168.1.1 TCP_MISS/403 cache_object://192.168.1.1/info - 192.168.1.1 22.09.2015 10:31:40 192.168.1.1 TCP_MISS/403 cache_object://192.168.1.1/info - 192.168.1.1 22.09.2015 10:31:22 192.168.1.1 TCP_MISS/403 cache_object://192.168.1.1/info - 192.168.1.1 22.09.2015 10:29:59 192.168.1.244 TCP_DENIED/403 127.0.0.1:59243 - - 22.09.2015 10:26:28 192.168.1.244 TCP_DENIED/403 127.0.0.1:59243 - -

I don't understand the problem.  If you don't care about URL filtering, why do you care about what is sitting in the cache?

Stop using Transparent proxy in the first place.  It's nothing but a hassle with HTTPS.  Implement it properly in explicit mode w/ WPAD and you won't have this problem

In the end will be a pain for all Android devices / users that want to use your wifi… I was on the same road like you to filter https and after first 4 mobile devices I disabled wpad, one of them did not had te option to enter proxy, other did not worked properly... ( now wait for pfblocker until it will replace squid with filtering by IP using available blocking lists.)

You should shut down squid first,  then rm -r the cache dir, then run squid -z to recreate it.

Yes there is a possibility to install the latest version of squid in pfSense, but its difficult because you have to build your own .pbi and modify some path links (and so on) to keep the possibility to perform an update later via the webinterface and the full features of the web interface. I use a pcbsd for these, I read that it should be easier with the tools repo (link see below) or you could post a bounty. tools repo https://forum.pfsense.org/index.php?topic=76132.0 Bounty https://forum.pfsense.org/index.php?board=34.0

Both of those sites work for me, and I'm using squid and squidguard.  In Services - Proxy server - General - Logging Settings, what do you have for X-Forward Mode and Disable VIA?  Try setting X-Forward to Delete and check the Disable VIA box and try again.

You have already posted about this here.  Posting several times about the one problem will not get it fixed any faster.

Thanks for the reply, I want to clarify that, when we are blocking http site, squidguard block message is shown, but as soon as we block https site, no block message is shown but the only site not found. Also when I try to configure anti virus in squid 3 it start giving icap error and pfsense web page  doesn't open.

just did a another clean install of 2.2.4 x64 and i guess the packages were updated, but everything is working now

Alright lets first check something does your NIC support Limiting? When you go to traffic limiter and go to by interface does it show WAN and LAN? Next what do you want to accomplish on squid? block only http sites or block https? If you want to block certain IP from the internet why not just create an Alias with a group lets say ex: 192.168.1.5-192.168.1.10 then use that alias on the firewall rules. Or do you want to limit certain IP speeds?

what is your total internet speed on speedtest? Have you checked your speed after turning off squid and squidguard? Are you running transparent proxy?