You don't necessarily have to use SSH and the easyrule block. It's just one possibility. You could always take fail2ban, add a custom action and use it to push the IPs that try to hit your webservers to a central instance/vm/whatever and collect it there. Then use pfBlockerNG to fetch this list of IPs and block it from WAN. Only "problem" is, that pfBNG isn't faster than "hourly", a thing that I tried to bring to the developers attention so that you had the possibility to go down to let's say 5-10min to blacklist an IP. But besides that, that's totally possible (we're running something along those lines ourselves).

https://redmine.pfsense.org/issues/9922 https://github.com/pfsense/FreeBSD-ports/commit/47f4f91aa8159e47f24990eb2496784cb9ef07c6 https://github.com/pfsense/FreeBSD-ports/commit/e8bec3bf1a773bdc61ebb7555941a2b9e26db732

@PiBa Thank you for your response. I was asking because I am experiencing a similar issue using PostgreSQL 11 on the back end. Every time we close the session, HAProxy logs an error with a termination state of SD. I'm just curious if it's a configuration issue with either HAProxy or PostgreSQL. If it's a harmless error, then is there any way to suppress the error in the log?

Presumably by blocking ports 80 and 443 directly since they were not using a transparent proxy.

Could be 409 errors, check the Squid real-tome logs: https://docs.netgate.com/pfsense/en/latest/cache-proxy/squid-troubleshooting.html#sites-not-loading-with-splice-error-409-in-access-log Steve

@cdavis said in Upgraded from 2.3.1 to 2.3.4-release squidguard using 100% cpu with no oher chgs: ie Hi same issue here..

Had a similar issue after upgrading, this command removed the error during squid service restart: /usr/local/libexec/squid/security_file_certgen -c -s /var/squid/lib/ssl_db -M 4MB chown -R squid /var/squid/lib/ssl_db/ chgrp -R proxy /var/squid/lib/ssl_db/ References: http://squid-web-proxy-cache.1019090.n4.nabble.com/Uninitialized-SSL-certificate-database-directory-td4686306.html https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit

Report the bug on redmine.

@do1984 Glad that I could help you! I was in the same boot, scheduled feshclam updates and acl changes for Squid in the night hours, so users wouldn't disturbed to much, but now no problem need a change just do it.

SSL Filtering? With what? You posted in "firewall" but after reading I'm pretty sure that topic has nothing to do with firewalling per se (e.g. packet filtering), but with you running squid/squidguard kind of filtering or pfBlocker. So if you want us to help, you should provide more feedback as to what you did to "enable SSL filtering" and where you whitelisted that.

@periko thanks very much for your input! I have increased the parameters to url_rewrite_children 50 startup=16 idle=8 concurrency=0 to and will monitor how squid and the internet browsing behaves. If necessary I'll increase a bit more. If even after that the problem persists, i'll keep looking into it. Regards! Andre.

@Michael_L Is the proxy/clamd service running, did you updated ClamAV via freshclam before the first run? And you need to setup Squid/SSLBump properly, in order to make ClamAV effective.

@stephenw10 Perfect thank you very much I will pursue that option! I am only trying to block Social Media and other inappropriate sites. Thanks again for all of your help it is greatly appreciated! Patrick

Hello :) can some help me with this?

This is not a solution i can filter out using dns but it miss usability as i can not put acl and user exception time based filter the issue is not with the facebook itself it is an example https website as other websites will be blocked based on department and time