• 0 Votes
    2 Posts
    3k Views
    KOMK
    Squid2 is old and should be avoided.  Squid 3.4.10 is what pfSense has.  If you need something newer, you will have to compile it yourself or use a separate *nix server to do it..
  • Squid3 crashes on 2.2.3

    16
    0 Votes
    16 Posts
    5k Views
    KOMK
    Both pfBlockerNG and Snort inject rules into the ruleset.  You might try disabling them, if possible, and see if that has any effect.
  • Squidguard redirect in pfsense 2.2.3

    7
    0 Votes
    7 Posts
    3k Views
    F
    Looks like I figured it out.  For us to be able to block ports 80 and 443 we had to create a custom error page in another server and configure squidguard to redirect the errors to it in Group ACL  > Redirect mode  set to ext url err page (enter URL) and on the redirect box http://other_server_ip/path_to_custom_error_page/index.php?clientAddress=%a&clientName=%n&clientUser=%i&clientGroup=%s&targetGroup=%t&clientUrl=%u I'm not the greatest at web pages but this is the code for the basic custom error page, once it is displayed you will realize that it is obviously based on the pfsense built in error page $clientAddress = $_GET['clientAddress']; $clientName = $_GET['clientName']; $clientUser = $_GET['clientUser']; $clientGroup = $_GET['clientGroup']; $targetGroup = $_GET['targetGroup']; $clientUrl = $_GET['clientUrl']; echo "\n"; echo "\n"; echo " ### Request denied by pfSense proxy: 403 Forbiden"; echo " \n"; echo " **Reason:** \n"; echo " * * * "; echo " **Client address:** "; echo "$clientAddress"; echo " \n"; echo " **Client group:** "; echo "$clientGroup"; echo " \n"; echo " **Target group:** "; echo "$targetGroup"; echo " \n"; echo " **URL:** "; echo "$clientUrl"; echo " \n"; echo " * * * "; echo "\n"; echo "\n"; #RESPONSE CODE http_response_code(403); ?>
  • Squid+Dansguardian with Active Directory (NTLM) Single Sign On WORKING!!!

    135
    0 Votes
    135 Posts
    137k Views
    D
    Great steps so far but im stuck at the point of joining the domain, i keep getting cannot join as standalone machine can anyone help with this?
  • Certificate sha256

    16
    0 Votes
    16 Posts
    5k Views
    S
    Yes its the version 3.4.10 available in the public Package Repository. If you would like to install the squid-3.5.3-… from the pfsense files then you have to "build" your own Custom Package Repository and manipulate the "pkg_config.10.xml". But be carefull, dont try it in a live environment. Also please read about "peak and splice" on the squid homepage. Here is the link to Creating a Custom Package Repository https://doc.pfsense.org/index.php/Creating_a_Custom_Package_Repository edit: BTW you could see the version of installed squid version by enabling ssh , and connect via ssh to your pfsense server and type squid -v. Then you see the build options and version number.
  • I can't start squidguard on pfsense 2.2.4

    5
    0 Votes
    5 Posts
    2k Views
    T
    For real though, Squid3 will both eliminate problems now and prevent future ones from happening. Just use it.
  • ESPN videos

    1
    0 Votes
    1 Posts
    631 Views
    No one has replied
  • Anti Virus.

    3
    0 Votes
    3 Posts
    813 Views
    ?
    Isnt there a option to enable auto update or do i have to make a cronjob for that? Or a script perhaps.
  • Transparent proxy not working

    10
    0 Votes
    10 Posts
    4k Views
    T
    @ganewbie: Well, Thanks to all for the great support, now I got squid3 working no issue however the squid-guard does not want to run. After searching on forums, I found out that you need to re-download the blacklist sites after each reboot. Not sure why? but in any case when I do that it works meaning, both services could show green and running under status–> Services. The interesting thing is when I deny for example Porn it does not do anything and you can still have access to Porn. Is there a special package or even some different approach to block or deny certain site categories? Thanks, I had the same issue on pfsense 2.2.1.  I solved the problem by putting one item into "target categories" at squidguard. Choose a name for the entrance and put one URL into the URL-List. Save the item and apply the changes. Download the blacklist again. After a reboot the blacklist is still active.
  • Recommendations

    Locked
    8
    0 Votes
    8 Posts
    1k Views
    B
    @chris4916: @bcpereiraa: As for ok hardware resources. the question now would be regarding the configuration. Is there something else I should do? Like what ? Pay attention to I/O (Assuming both CPU and memory are OK, which is quite easy nowadays): disk I/O will most likely be your bottleneck with 1000 HTTP users as far as cache is concerned. Then it also depends on additional services you intend to run: content filtering, antivirus, something else ? I would also suggest to have log and cache on different spindles (this is also true for SSD  ;)) Last but not least: do not assume that larger cache size will provide better performance. Thank you so much!
  • Squid - which interface?

    4
    0 Votes
    4 Posts
    1k Views
    stephenw10S
    Yes, if you've assigned the bridge and given that the interface address for the subnet then use that. However you would normally have that assigned as the LAN in that case so maybe you haven't. Steve
  • PFsense+Squid3-ssl bump cetificate signed only SHA1

    3
    0 Votes
    3 Posts
    2k Views
    S
    Same issue in thread https://forum.pfsense.org/index.php?topic=96984.0 . Please have a look at it.
  • HA Proxy Redirect Loop

    1
    0 Votes
    1 Posts
    447 Views
    No one has replied
  • SOLUTION: Squid3 - Exclude IP/IP-RANGE from access.log

    9
    0 Votes
    9 Posts
    3k Views
    cyber7C
    WOW…  :o
  • Squidguard blacklist redirect - how?, please help

    3
    0 Votes
    3 Posts
    979 Views
    X
    I don`t need to filter Access by Clients (Groups ACL or Common ACL), but by Target Categories (hosts, URLs). The blacklist redirection should be integrated in Target Categories or Blacklist tab some how, but it is not. So how to tell to blacklisted sites go to ext URL?
  • New version of Squid 3

    1
    0 Votes
    1 Posts
    814 Views
    No one has replied
  • Configure Options to secure SQuiD SSL connections (SQuiD 3.x)

    10
    0 Votes
    10 Posts
    19k Views
    D
    the wrong line inserted, problem solved, used this string to get Qualys grade A with https://forum.pfsense.org/index.php?topic=82914.15: some.domain.tld options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!AES256-GCM-SHA384:!AES128-GCM-SHA256:!AES256-SHA256:!AES128-SHA256:!AES256-SHA:!AES128-SHA:!DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4 dhparams=/usr/pbi/squid-amd64/local/etc/squid/dhparams.pem sslflags=NO_SESSION_REUSE it's for squid 3 reverse proxy
  • Dansguardian Blacklist

    2
    0 Votes
    2 Posts
    1k Views
    T
    You could try.. going to a website that should be blocked (IE: Pornhub) and see if it is blocked….
  • Modify default squid error html

    1
    0 Votes
    1 Posts
    710 Views
    No one has replied
  • Tcp_outgoing_address in squid proxy

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.