@Abdou-Ahmed said in Squid + https:

just add it in mikrotik

well, please specify this, please what kind of Mikrotik???
I'm pretty prepared in the "picture" - Mikrotik...
(all our CATV traffic is provided by Mikrotik devices)

@dealornodeal said in Can't login to skype after using squid proxy:

ofcourse it may be hardware mailfunction or just MS Windows added some crappy things into BIOS management system..

pfSense / FreeBSD, cannot change the BIOS this is the fact...

Under UEFI you can win, modification like EasyBCD...
https://neosmart.net/EasyBCD/

I was on summer break, hence the late reply. I guess I started with step 7.

Thanks for your reply! I will give it a try.

i have the same problem, but doesnt seem to what reza3sw said. though seen i found it to stop working, i have had a change in internet service provider, and having a dual wan, i edited 1 of those for the new service. i did have a config backup a couple mpnths old that in a test i uploaded that on the new pfsense version, and it works.

The proxy config snippet generated from the whitelist uses the acltype dstdom_regex

acl aclname dstdom_regex [-n] [-i] .foo.com ...
# regex matching server [fast]
#
# For dstdomain and dstdom_regex a reverse lookup is tried if a IP
# based URL is used and no match is found. The name "none" is used
# if the reverse lookup fails.

Even if it used dstdomain before, the asterisk character was invalid syntax and possibly ignored by the parser.

Short answer:
You have to adapt your whitelist or patch the code.

For adapting your whitelist:
The dot-Character has a special meaning in regex. If you want to include the '.' as in '.microsoft.com', you have to escape it: '.microsoft.com'
(and: squid knows the end of the domain name, you don't have to append the '.' in the end)

The correct migration would be:
*.microsoft.com. → .microsoft.com

Thanks for your help @PiBa everything is clear to me now!
Benoit

@moti4553 help @stephenw10 Dear we still present the problem, I already put DNS to IP 127.0.0.1, but the problem there is that I do not see my internal applications, please could you give me a light

@Simbad

Hi,

This is not a problem, in fact, they have been in this version for a long time.
AV filtering on the firewall doesn't really have a reason for existence, especially since it only applies to http

the daily.cld is updated and this is the essential momentum

http://database.clamav.net/main.cvd
http://database.clamav.net/daily.cvd
http://database.clamav.net/bytecode.cvd

https://www.freshports.org/www/squidclamav

ba5e4004-0758-414d-b052-89a06f592b7e-image.png

As soon as you have access to the full, decrypted data stream it's most probably possible to cache everything.

But :
The, for example, ccs style sheet file, can have a unique name - and won't be re used ever again, so it will get reloaded anyway.
The file creation date can be set to 'now' so the browser will request a fresh copy, even if the content didn't change at all.
etc etc .

See https://forum.netgate.com/topic/155280/squid-https/3

@High_Voltage said in new fun and odd issue with squid/wpad on pfsense with android!:
These
.microsoft.com .windowsupdate.com .akamaitechnologies.com .akadns.net
should not (never) be cached.
Example : if the windows update isn't guaranteed to from "the source" then every windows install is at risk. Microsoft couldn't tolerate that situation, it could kill the company overnight.

So this

acl splice_it ssl::server_name .reddit.com

handles everything going to / coming from is handled the same way.
( no need to read a a manual to understand that ^^ )