@Bismarck ,thanks for the help. I saw the ssl_bumps just underneath "custom options before auth" but there's a 2 line space between this section and the config so not sure if it's part of it.

acl sglog url_regex -i sgr=ACCESSDENIED
http_access deny sglog
ssl_bump peek step1
ssl_bump splice all

@PiBa Ok, I increased the time and it works well

hi @KOM
unfortunately i did not find any solution.

I think you answered your own question. It doesn't block until you clear their local cache... so maybe it's been working all along and blocking as it should, but the blocked content is being pulled from local cache and/or squid? I don't know how squid behaves if you ask for content that is technically blocked for that user, but is sitting in squid's cache. Squidguard is a helper program that gets called for each URL that squid needs to fetch. If the required content is still is cache and not stale, it will server from there first.

NFM! thanks.

Bump anyone???

Hi. The attached file contains the procedure to achieve this goal.
Someone in the past has done this. Use at your own risk. Autenticacao Transparente Squid + WMI + Squidguard.zip

What do you put in the Base URL on Ombi, Sonarr, etc. when using HAProxy?

EDIT: I think I found the answer. You don't need it unless you want /ombi for example after your domain name. (yourdomain.com/ombi)

Hi PiBa,

As usual you saved the day. that did the job and its now back to logging on the local file or even in remote syslog

@Soloam
You can simply uninstall the old and then install the new and the config will remain in place. Also if for some reason you want to go back that is the way. Though some 'extra' settings would then be 'lost'. Anyway always good to have a config backup :).

Its also possible since your post has only been 1 day. And is in the wrong section... Your asking about how to filter https with squidguard.. Not Firewall..

Blocking only specific https sites with a firewall that are hosted off CDNs yeah going to be very difficult.. But blocking via proxy is not that difficult, you don't need to do mitm if your using explicit proxy (ie client directed to the proxy). But if doing it via transparent - then yes it becomes more difficult

I have moved your thread to correct area so you might get an answer on how to do it with squidguard... But then again they prob just going tell you to RTFM ;)

For example check out the hangout by jimp - he goes over all the different way to filter https traffic
From the hangout
https://youtu.be/xm_wEezrWf4
hangout.png

Moving to proxy section.

@InterLoper thanks for that, I found a guide online for HAProxy and it mentions that I need to create a ddns (so I created home.domain.com), then it suggests to create cname for each subdomain(so for plex, I have plex (for the name field), cname (for the type), 1H (for TTL), home.domain.com (for data field)).

Will this way work too? or should I follow what you suggested, to create a DDNS entry for each subdomain (plex, nextcloud, sonarr, radarr, sabnzbd, etc)?

Which method do you recommend?

Thanks for your help