@jbhowlesr
There are also two books out:
pfsense the definitive guide
Squid Proxy Server 3.1: Beginner's Guide

It may helps you faster go deep into the things

@TheLimey:

See here for update: https://forum.pfsense.org/index.php?topic=87526.msg537585#msg537585

This is good news!  I would be willing to test it if it wouldn't mess up the GUI package management down the road.

So allow any port to the webhoster's FTP server only, if they insist on restricting other traffic. If they send their credentials like this, they'll just have the website defaced sooner or later.

Hmm I'll compare package versions and see if that figures in.

At general to talk about your amount of RAM, a safe number is 10 MB RAM for every 1 GB of cache space on disk.
Please have also a look to all other services that should be running smooth, like Snort, like pfSense it selfs,…....

Squid Package Tuning would be a good
point to start.

Squid Proxy Server 3.1: Beginner's Guide & pfSense: The Definitive Guide Version 2.1
I think this two books would be also really interesting for you if you want to dive deeper in the
material, for longer winter's evenings.

WPAD Autoconfigure for Squid

This is the 3rd time I've linked to this for you.  Read it.  It's not hard.

Dear, good morning, I arrived at the forum by a concern for days (not to say weeks) brings me headaches.
I need to mount squid web cache.
I currently have a fortigate 80c makes content filtering, validated by Active Directory user (This ad group has permission to enter Facebook and such other does not).
The problem is that putting squid (transparent mode or not) I become user filter that makes me fortigate (I assume for some issue that makes me nateo squid, correct me if I'm wrong).
Currently I have installed 2.2.3-RELEASE (amd64) with squid3.
Someone might throw me a line about how you can do so squid does not make me any change in the source IP or the user who is making the request, so that in this way the filter can continue to operate and fortigate page caching ?
I also read configure WCCP theme, but my fortigate (humble) has no more available ports that the 2 wan and internal, which if not working.

Anyone have any suggestions?

Thank you in advance and I look forward to your life.

Regards.

This may be related to empty blacklist after a reboot.

this script created by carlospicture placed on /usr/local/etc/rc.d may help:

#!/usr/local/bin/php -f     $incl = "/usr/local/pkg/squidguard_configurator.inc";     if (file_exists($incl)) {         require_once($incl);         sg_reconfigure_blacklist( "http://www.shallalist.de/Downloads/shallalist.tar.gz", "" );     }     exit; ?>

Start from the beginning.  Which version of pfSense, squid, squidguard?  Start with squid first.  Get it to the point where it's processing properly by shelling in and checking /var/squid/logs/access.log in realtime.  Once you know squid is processing, then install and configure squidguard.  Don't use transparent mode, use explicit mode with WPAD instead.

Add this rule at the top of our lan network. Please refer the screenshot.

The ports Aliases is nothing but to disable the direct access on port 80 and 443.

Capture.JPG
Capture.JPG_thumb

i have the same problem this morning.

i resolve my issue by doing the ff:

goto>services>proxyserver
remove the "custom options" hit save and apply.
you will notice your squid service is now UP.

to start your squidGuard service.
shell this command: squidGuard -c all -d

check your services and squidGuard is now Up.

I hope it helps.

I re-installed and re-configured everything from scratch almost identically and now it is working on the fresh setup. I no longer see the drastic latency increase and bandwidth decrease with squidGuard. I believe I had a completely broken setup. I was using Captive Portal along side Squid which is known to be broken last I check. No idea if this was the issue and no idea how I even got it to work at all. Anyway, the original problem of this post is gone and I have since disabled captive portal and replaced it with squid3 / RADIUS authentication / squidGuard. Works nicely.

Are you sure you don't have corrupt incomplete download served by some proxy over and over again? Other than that, as a random idea, if you only see this on 2.2.3, try

mount -o nosync /

Honestly, I forgot about it.

I've added a NAT rule to change the destination CARP address to the firewall address and that seems to make it work.

Hi!
Thank you for your response SisterOfMercy. Today I've read your reply and the post, and tried the following:
On Proxy Filter (Squidguard) -> Target Categories
I've created a new category called "white_list" (I didn't used "whitelist" to avoid future mistakes) and added the following domains:

msftncsi.com 131.107.255.255

also added to the regular expression box the following:

msftncsi

saved the changes, applyed the config on General Settings and tried (disconnect the cable and reconnect)

The result?

The network icon displayed a yellow triangle for an instant, but then the triangle dissapeared and now all is completely all right!

So thank you all for your help, I've added the text "[SOLVED]" at the topic's tittle so it can be helpful to others.

Greetings and thank you again!  ;D

as it turns out, its best just to leave pfsense alone and have any other contents be on another computer.