You should shut down squid first,  then rm -r the cache dir, then run squid -z to recreate it.

Yes there is a possibility to install the latest version of squid in pfSense, but its difficult because you have to build your own .pbi and modify some path links (and so on) to keep the possibility to perform an update later via the webinterface and the full features of the web interface. I use a pcbsd for these, I read that it should be easier with the tools repo (link see below) or you could post a bounty. tools repo https://forum.pfsense.org/index.php?topic=76132.0 Bounty https://forum.pfsense.org/index.php?board=34.0

Both of those sites work for me, and I'm using squid and squidguard.  In Services - Proxy server - General - Logging Settings, what do you have for X-Forward Mode and Disable VIA?  Try setting X-Forward to Delete and check the Disable VIA box and try again.

You have already posted about this here.  Posting several times about the one problem will not get it fixed any faster.

Thanks for the reply, I want to clarify that, when we are blocking http site, squidguard block message is shown, but as soon as we block https site, no block message is shown but the only site not found. Also when I try to configure anti virus in squid 3 it start giving icap error and pfsense web page  doesn't open.

just did a another clean install of 2.2.4 x64 and i guess the packages were updated, but everything is working now

Alright lets first check something does your NIC support Limiting? When you go to traffic limiter and go to by interface does it show WAN and LAN? Next what do you want to accomplish on squid? block only http sites or block https? If you want to block certain IP from the internet why not just create an Alias with a group lets say ex: 192.168.1.5-192.168.1.10 then use that alias on the firewall rules. Or do you want to limit certain IP speeds?

what is your total internet speed on speedtest? Have you checked your speed after turning off squid and squidguard? Are you running transparent proxy?

In Proxy server: Cache management Post your config.

That's never been the correct path with the PBI crap. https://github.com/pfsense/pfsense-packages/pull/1062

Dear PiBa, Thank you very much. The OCSP issue was indeed caused by a problem in StartCom's infrastructure, as StartCom's friendly certmaster did confirm. It is gone at present and I hope that it will remain OK in the future. Thanks for following up with the OpenSSL issue. It would be good to move from npn to alpn before major providers and their browsers (Chrome) will make the switch, probably by the end of 2015, if they stick to their announcements. Nevertheless all of us should practically take it as it is. Regards, Michael

Guess its working, when I add Anonymous Only, that works. Guess I'll mess with it… maybe I'll get something to click

did you remember to reboot?

Frankly, the Squid* stuff is beyond repair. Perhaps, if someone makes a decision what's gonna be the deal with 2.3 packages, people can start reworking those from scratch, without the tons of legacy, buggy and messy code bloat. Regarding the changes you mentioned, the only stuff touched there were completely broken cronjobs handling and boot checks. Finally, there's been a change regarding the pinger helper permissions that didn't work due to idiotic chmod() implementation in PHP and - mainly - couldn't have broken anything because it never worked in the first place, due to permissions being screwed by the package code from the very beginning. (https://github.com/pfsense/pfsense-packages/pull/1056). I cannot see how's that causing any other breakage anywhere, except that the whole package is just bunch of badly broken code that only works when the moon phase is right and the butterflies wave their wings carefully enough, plus the generic issues with upgrades mentioned above plus the generic issues with the PBI idiocy well known by anyone who touched the packages code. I've requested input regarding the cron changes from marcelloc on GitHub. Received absolutely none. Assume he's just dropped the ball due to all that PBI shit. Not surprised and don't blame him.

I have similar problems, this time with fresh install. Strange this is that c-icap binds only to IPv6 socket: netstat -na | grep 1344 tcp6      0      0 *.1344                .                    LISTEN Is it the same on every installation? Can I enforce to bind it to ipv4? Same problem here - squid is unable to communicate with icap.

Welp. No success, so I changed the cache directory to /var/hddcache, and suddenly it works. So there's what you need to do folks.

Make a config.xml backup and then try again by installing from scratch then restore your config.xml.  For me, squid never works after any upgrade until I reboot the box or stop & restart the squid service.