@nikpony said in Cannot operate with transparent option:

DNS Forwarding or Resolve?

I definitely recommend the Unbound resolver

@aGeekhere said in Squid's new SslBump Peek and Splice for https caching?:

maybe QoS3

If the server, some proxy device and the client (browser) all install the needed modules ....
It would become one hack of a standard before such a thing gets implemented.
Typically, this will be needing 3 admins implementing software on their side,as end users often don't know what a 'proxy' is.

@High_Voltage said in Squid's new SslBump Peek and Splice for https caching?:

to scan with clamav the data in the ssl transmission, NOT just to cache it.

That would be my main reason to centralize (== cache ?) downstream data. As far as I know, only 'mails' are handled like this these days. That is, if you run your own mail server (like running some proxy). This takes down a huge security issue already.

Btw : You're happy, you control all your devices.
Those you don't : they go into the non trusted network. When these need access to local trusted resources like NAS : it will be a case by case consideration.

@aGeekhere said in squid blocking things I want to access (access denied for inter-LAN devices):

you can get the refresh patten here https://github.com/mmd123/squid-cache-dynamic_refresh-list/pulls

I know, I'm the one that made that repo xD

No, the problem is I forgot it needs to be run in custom MITM mode to actually work with caching things properly, and by the time I realized that last night it was like 2am, so I went to sleep, I'll be back to work on it later today @aGeekhere

@Derelict

i think not tested yet but on the toDo list
that the problem was that apache log format was not changed.

so that either the gui option nor the advanced option
was processed by apache
so next step is to check if its workin without advanced setting.
keep you posted NP

Anyone out there, tried to get the upload logs with actual file size?

using any method?, please let me know

Some services or programs has connection issues when using a transparent proxy.
So to solve this you use:
WPAD to auto setup manual proxy
Transparent proxy to catch the rest
https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3/189

https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

Not sure if I did anything, but this randomly started working for me again. Only thing I can think of that changed is Transparent ClientIP is turned off now.

@xuti on web, even on this forum and on YouTube is plenty of how to about this. Sorry but I can't help you to learn this, no have time.

@johnpoz okay... I feel so stupid!

I created a new frontend, selected shared frontend and it works now.
Thanks for your help!

I know it's years after this post was made, but I found a solution that worked for me. You just configure a proxy on your phones APN, pretty much the same way you do on Windows.

Here's a little tutorial I made for it.
https://youtu.be/i7Q24BKJovo