Ok with

http://warning.mydomain.net/index.html?&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

the 404 is gone and i can see the source code in Firebug.

thanks for the info i tried this :
https://forum.pfsense.org/index.php?topic=84466.msg512965;topicseen#msg512965

and it seems to of worked not to sure what it changes but it works

Well of coursee the service was configured at once and always working, did not make any changes. HAVP was and is configured on Port 3125 as a parent for Squid that is running in transparent mode

Transparent mode does not need ipv6 enable or disable. The most common mistake i see is check loopback on listening interface and on transparent list too.

Go to Services - Proxy server - Local Cache - External Cache-Managers.  Put the LAN IP address of your pfSense box in here after the default entry.  Click Save at the bottom.  Mine looks like this:

10.10.4.1; 127.0.0.1

No idea.

What I do is create an alias for the proxy and an alias for the web ports (80, 443).  Then I create an Allow All pass rule at the top for the Proxy alias.  Under that, I put a block rule for All with dest ports being the Web Ports alias.  Save & done.

This bugs me for some quite some time, too.
Enabling transparent works for a couple of calls to websites - then it dies…
Scarry is the right description...

3.1.20 pkg 2.1.2 on pfsense 2.1.5
I have to say that the previous package (whichever that was!?) was running just fine!

Was the first thing I tried, However it did not work.

OK fix it, it was a few different ip's that i need to add

thanks marcelloc

ohhh never mind i got it sorry for the ignorance  :-[

https://doc.pfsense.org/index.php/Lightsquid_Troubleshooting

1 - Deny access to internet through your firewall except from proxy
2 - configure your proxy
3 - set up WPAD so that clients easily point to your proxy

With such design, you can configure policy routing that will apply and also benefit from proxy (squidguard) filtering.

BTW, from architecture standpoint, this design is better than services running on pfSense.

Hi Guys
I think I found a bug:
When the option "Enable logging" is ON and you specify exclusions of IP's through ACL's, these ACL's do not get honoured, BUT If you switch "Enable logging" OFF and you specify your logfile in your ACL, it gets excluded.

Actually, If you leave "Enable logging" is ON and specify your logfile in your ACL, the entry gets duplicated except for the excluded IP…

Example ACL:

acl IP-LIST src "/root/ip-list.txt" access_log /var/squid/log/access.log !IP-LIST

If the "Enable logging" OFF - You get one logfile entry in your logfile and the excluded IP's are excluded.

If the "Enable logging" ON - You get two logfile entries and the excluded IP's gets logged once.

So, it seems there needs to be some kind of "PRE PROCESSING" needed to exclude IP's from your logfile…

Please could someone confirm?
kind regards
cyber7 - AKA Aubrey Kloppers; Cape Town; South Africa

on pfsense 2.1.5-amd64  I am using squid3-dev with captiveportal authentication  flawlessly

Apparently you are the one in a million  8)

Thank For your answer and i will following your instruction if can't fix it.
:D :D

From a pure technical standpoint, you could do this:
(&((|(memberOf=cn=group_A,ou=staff,dc=domain,dc=co,dc=uk)(memberOf=cn=group_B,ou=staff,dc=domain,dc=co,dc=uk))(sAMAccountName=%s))

or use one single group in Squid that is matching one group in AD containing multiple AD groups. Does this work?

I'm also not using pfSense Squid package  ;) therefore I don't know the interface neither features that are exposed but Squid allows to create multiple rules. The first one matching will apply. Therefore you're not obliged to merge everything into one single LDAP search isn't? (unless pfSense implement brings some restrictions here  :-[)

Because "Disable Ping" wasn't available in 2.1?

Hi
Thank you PiBa, you were right, the problem was windows servers, that did not return the traffic, I talked to our windows and network administrator, and they corrected the routing.
now everything is working.
thanks

What we are talking about is getting reports on the captive portal users with their user ID instead of their IP address using the Squid captive portal authentication method.

Ahh ok now I understand it better!