I have the same issue.  Clamd is working great (and taking external checks from our mail server), but the clamd.log remains at 0bytes.

I have no idea about any of your questions, sorry.

You need to use haproxy 1.5, 1.4 did not support ssl.

The config like you have should allow you to access the website with: https://192.168.172.251:443  , though i do find it strange that the frontend has a private ip, and your backend seems to point to a public ip.. The backend server is usually on the lan/dmz network and likely using a private ip.. The frontend should be listening on the wan-ip (or where you want to accept connections) firewall rule is needed to allow access to this port. Not sure if this answers your question..? I couldnt make complete sense of it.

:o  I found a work around for my problem. The Dansguardian inserts the user name in the log if the authentication mode is Proxy-Basic (Maybe other modes will do it).  I was using Proxy-NTLM.  (Authentication was successfull with NTLM and it was connecting to LDAP successfully also)

Yes, it's been like that as long as I can remember.

All right, I'll try the first option to see if it suits my needs :) Thank you for your help.

By default squid will only allow 5 connections to squidguard if u have more than 5 users at the same time u are doom.   Now that u are in your shell check cache.log and see if u have something like this: 2013/10/25 09:44:24| WARNING: All redirector processes are busy. 2013/10/25 09:44:24| Consider increasing the number of redirector processes in your config file. If this is your case, just remember a formula: of Squidguard threats x memory size each one=RAM memory for squidguard. Because squidguard depends on RAM that is why is fast. Hope this is your case and hope this helps!!!

Lets give a try I will let u know. Sorry, yes the main point is to use thundercache in the network protect by pfsense. Will be the main web proxy(Thundercache). Thanks.

@KOM: Will snort (lan) work with an access point connected directly to Pfsense? Sure, why not?  It's just a WLAN. I think Snort (lan) doesn't work if a switch is connected and the data is being sent directly to the other device through the switch and basically bypassing the firewall? Yes, that's kind of obvious.  Snort on pfSense can only scan the networks attached to it.  It your existing WLAN goes to a switch that's upstream from pfSense then pfSense isn't even path of the network path for your wireless clients. Thank you Kom, still a little new at this. Just to confirm, traffic between clients on a WLAN will pass through Pfsense (if directly attached)? Or does it work like a switch and traffic flows between wireless clients without passing through Pfsense?

Why don't you use a double firewall then? Leave the phone plugged into the first router (192.168.1.1), the PFSense box on the Wan interface can either be the IP you said or get a DHCP from the first router. Then on the LAN side make it a 10.x.x.x IP scheme so that none of the LAN side will even see the same subnet as the first router. Then put all your computers behind the second router (PFSense). I have that working here at home now. I think Dansguardian would be a better choice as it is a content filter not just a DNS URL blocker. You will still need to have the SSL man in the middle working or google won't get filtered. Jim

That sort of setup isn't possible currently. It would take a lot more code to allow the proxy to run multiple instances and use separate settings for each one. Probably more than double the code it has now, if not more. It's not likely to happen any time soon, the old style kernel FTP proxy may come back before that would happen.

ok looks like the problem was an intervace without IP config was inadvertedly selected under proxy interfaces on squid config page. Seems to be working now (at least service starts) these errors/warnings remain: php-fpm[71851]: /status_services.php: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was '2015/03/31 18:38:12| Warning: empty ACL: acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"' which came from "Cache Dynamic Content" being unselected while multiple options like "Windows Update" where selected below it… so enabling it again got rid of that warning above. hope it helps someone.

@reinaldo.feitosa: I found the problem! Yes, you did. Thank you very much for posting the fix. I applied it by patching the 2 new lines of code into my local version; it was a perfect diff save for those so I could also just have dropped your new file in. It worked perfectly on the following configuration: pfsense 2.2.1-RELEASE (amd64) squid3 3.4.10_2 pkg 0.2.6 Lightsquid 1.8.2 pkg v 2.35 Again, thank you very much.

I thought you were looking for sgerror.php for use with SquidGuard.

@Spix: Problem, publish with HAproxy removes host header information, the iis only sees a port80 request check the haproxy config again(I suggest Haproxy1.5) and check if you are testing it via ip or fqdn.

Yep, did a full re-install and installed squid3 and squidguard-devel and all is working, except antivirus on squid3. UPDATE: Clicked SAVE twice on antivirus settings of squid3, addressed stated config errors in red, and now antivirus is  working. Snort, Squid3, and Squidguard-devel help contribute to make pfSense one hell of a firewall.

Hi The proxy PAC file is provided by the filtering service provided to the school and nothing owrks without it. However, I may now have a way past this as I'm being sent a fixed proxy IP and port which pfSense will take. Thanks for respodning & trying to help.