@nikpony said in Cannot operate with transparent option: DNS Forwarding or Resolve? I definitely recommend the Unbound resolver

@aGeekhere said in Squid's new SslBump Peek and Splice for https caching?: maybe QoS3 If the server, some proxy device and the client (browser) all install the needed modules .... It would become one hack of a standard before such a thing gets implemented. Typically, this will be needing 3 admins implementing software on their side,as end users often don't know what a 'proxy' is. @High_Voltage said in Squid's new SslBump Peek and Splice for https caching?: to scan with clamav the data in the ssl transmission, NOT just to cache it. That would be my main reason to centralize (== cache ?) downstream data. As far as I know, only 'mails' are handled like this these days. That is, if you run your own mail server (like running some proxy). This takes down a huge security issue already. Btw : You're happy, you control all your devices. Those you don't : they go into the non trusted network. When these need access to local trusted resources like NAS : it will be a case by case consideration.

@aGeekhere said in squid blocking things I want to access (access denied for inter-LAN devices): you can get the refresh patten here https://github.com/mmd123/squid-cache-dynamic_refresh-list/pulls I know, I'm the one that made that repo xD No, the problem is I forgot it needs to be run in custom MITM mode to actually work with caching things properly, and by the time I realized that last night it was like 2am, so I went to sleep, I'll be back to work on it later today @aGeekhere

@Derelict i think not tested yet but on the toDo list that the problem was that apache log format was not changed. so that either the gui option nor the advanced option was processed by apache so next step is to check if its workin without advanced setting. keep you posted NP

Anyone out there, tried to get the upload logs with actual file size? using any method?, please let me know

Some services or programs has connection issues when using a transparent proxy. So to solve this you use: WPAD to auto setup manual proxy Transparent proxy to catch the rest https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3/189

https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

Not sure if I did anything, but this randomly started working for me again. Only thing I can think of that changed is Transparent ClientIP is turned off now.

@xuti on web, even on this forum and on YouTube is plenty of how to about this. Sorry but I can't help you to learn this, no have time.

@johnpoz okay... I feel so stupid! I created a new frontend, selected shared frontend and it works now. Thanks for your help!

I know it's years after this post was made, but I found a solution that worked for me. You just configure a proxy on your phones APN, pretty much the same way you do on Windows. Here's a little tutorial I made for it. https://youtu.be/i7Q24BKJovo

@coffeelover I have finally found the problem. I have isolated a computer from the internal network which had a "Adobe Creative Cloud" client installed ant put in autostart. Every time that program launched it would crash squid. I was not able (i dodn't have the time) to investigate all that addresses that program was trying to reach. As soon as i uninstalled the program 9'o clock squid crash disappeared! I so over the internet similar problems with different sites but does did not manifest on my squid version. The squid crashed befor it could write in log the offending url and only with FW logging was to cumber stone to find out. Thank you again.

Good news, I got it working. . . mostly. Found a setup guide that showed me what I was doing wrong. Only have one small issue left. I can't get Emby to work on SSL. I have a certificate setup, but, I get this error in my browser when going https. (http works fine.) R_END_OF_FILE_ERROR From searching the web, it is common for proxies to give this error, but I can't figure out what I need to change if haproxy to correct it. Emby is using a letsenecrypt certificate, and is is running remote access through 443. Any help would be appreciated.