@do1984
Glad that I could help you!
I was in the same boot, scheduled feshclam updates and acl changes for Squid in the night hours, so users wouldn't disturbed to much, but now no problem need a change just do it.
SSL Filtering? With what? You posted in "firewall" but after reading I'm pretty sure that topic has nothing to do with firewalling per se (e.g. packet filtering), but with you running squid/squidguard kind of filtering or pfBlocker. So if you want us to help, you should provide more feedback as to what you did to "enable SSL filtering" and where you whitelisted that.
@periko thanks very much for your input!
I have increased the parameters to url_rewrite_children 50 startup=16 idle=8 concurrency=0 to and will monitor how squid and the internet browsing behaves.
If necessary I'll increase a bit more. If even after that the problem persists, i'll keep looking into it.
Regards!
Andre.
@Michael_L
Is the proxy/clamd service running, did you updated ClamAV via freshclam before the first run?
And you need to setup Squid/SSLBump properly, in order to make ClamAV effective.
@stephenw10 Perfect thank you very much I will pursue that option! I am only trying to block Social Media and other inappropriate sites.
Thanks again for all of your help it is greatly appreciated!
Patrick
This is not a solution i can filter out using dns but it miss usability as i can not put acl and user exception time based filter the issue is not with the facebook itself it is an example https website as other websites will be blocked based on department and time
Forget about HAproxy "stable" - it like dinosaur, use only devel version which is "stable and old too but not dinosaur". I hope with pfSense 2.5 it will update to 1.9 or 2.0
