i have the same problem, but doesnt seem to what reza3sw said. though seen i found it to stop working, i have had a change in internet service provider, and having a dual wan, i edited 1 of those for the new service. i did have a config backup a couple mpnths old that in a test i uploaded that on the new pfsense version, and it works.

The proxy config snippet generated from the whitelist uses the acltype dstdom_regex acl aclname dstdom_regex [-n] [-i] .foo.com ... # regex matching server [fast] # # For dstdomain and dstdom_regex a reverse lookup is tried if a IP # based URL is used and no match is found. The name "none" is used # if the reverse lookup fails. Even if it used dstdomain before, the asterisk character was invalid syntax and possibly ignored by the parser. Short answer: You have to adapt your whitelist or patch the code. For adapting your whitelist: The dot-Character has a special meaning in regex. If you want to include the '.' as in '.microsoft.com', you have to escape it: '.microsoft.com' (and: squid knows the end of the domain name, you don't have to append the '.' in the end) The correct migration would be: *.microsoft.com. → .microsoft.com

Thanks for your help @PiBa everything is clear to me now! Benoit

@moti4553 help @stephenw10 Dear we still present the problem, I already put DNS to IP 127.0.0.1, but the problem there is that I do not see my internal applications, please could you give me a light

@Simbad Hi, This is not a problem, in fact, they have been in this version for a long time. AV filtering on the firewall doesn't really have a reason for existence, especially since it only applies to http the daily.cld is updated and this is the essential momentum http://database.clamav.net/main.cvd http://database.clamav.net/daily.cvd http://database.clamav.net/bytecode.cvd https://www.freshports.org/www/squidclamav [image: 1595329512587-ba5e4004-0758-414d-b052-89a06f592b7e-image.png]

As soon as you have access to the full, decrypted data stream it's most probably possible to cache everything. But : The, for example, ccs style sheet file, can have a unique name - and won't be re used ever again, so it will get reloaded anyway. The file creation date can be set to 'now' so the browser will request a fresh copy, even if the content didn't change at all. etc etc .

See https://forum.netgate.com/topic/155280/squid-https/3

@High_Voltage said in new fun and odd issue with squid/wpad on pfsense with android!: These .microsoft.com .windowsupdate.com .akamaitechnologies.com .akadns.net should not (never) be cached. Example : if the windows update isn't guaranteed to from "the source" then every windows install is at risk. Microsoft couldn't tolerate that situation, it could kill the company overnight. So this acl splice_it ssl::server_name .reddit.com handles everything going to / coming from is handled the same way. ( no need to read a a manual to understand that ^^ )

@viktor_g That solves my problem on Version 2.4.5-RELEASE-p1 (amd64) built on Tue Jun 02 17:51:17 EDT 2020 FreeBSD 11.3-STABLE I guess I need to upgrade the Version 2.3.5-RELEASE-p2 (i386) built on Thu May 10 15:03:18 CDT 2018 FreeBSD 10.3-RELEASE-p29 Thank you for you patience and support

Hi, I tried to use mixed mode and it works as expected (including LightSquid).

I admit that this is one of the problems with Squid as a package with pfSense, it doesn't rely on automatic log rotation and clean-up. I still do it manually, but if there is a software that can do this automatically, I'm in.

@dragoangel Thank you, you are correct. I am my way to becoming versed with HAProxy.