@anttechs I am using squidguard,
After configuration of blacklist option in General settings i.e http://www.shallalist.de/Downloads/shallalist.tar.gz
in Package > SquidGuard > Blacklists you need to hit download button 4-5 times continuously , to get it download blacklist database, make sure it reaches 100%

@ravegen Hello my friend
My goal :
set proxy (SquidGuard-Cach server-Control Bandwidth with squid ) on VPN conection with LoadBalancing
And I have One wan conection and 5 VPN conection on WAN

This very simle ... I want pass traffic from VPN (LoadBalancing gateway (5vpn conection)) . also I want to have Squid proxy and SquidGuard ... But squid not compatible with loadbalancing very simple..I want tcp_outgoing_address to another interface and create rule for my traffic
Did you realize what I mean?

Great! So looks like it was just a regex issue. Thanks for the follow up.

Steve

@denisk I've been waiting for the updates version on pfSense too. Squid 3.5 in my usage slowed down the Internet rather than helping it speed up through caching.

Will what be in 2.4.4? Squid 4.x? Unlikely.
3.5.28 will probably make it in eventually, but it's not in FreeBSD ports yet.

Try setting the redirect mode in Squidguard to ext url move. You will have to redirect to something, you might create a page for that.

I hit that same error recently and that worked around it.

Steve

@nadmax said in [SOLVED] pfSense / Squid vs Untangle - SSL inspection:

I installed E2 Guardian last night - I must say it is a very complete package so there is a bit of a learning curve involved. Way more advanced than the Squid equivalent.

Nevertheless, I achieved the results I wanted in about 30 minutes - it works exactly as per my expectations. I still have a lot of tuning to do but I have no doubt that I've found what I was looking for.

Thanks!

No problem at all! Glad I could help! :)

If you have any questions, feel free to shoot them through into the E2 Guardian thread and we'll be more than happy to assist!

You can still do some filtering on HTTPS without the MITM. On E2 Guardian, I have multiple groups setup, some which have MITM enabled and some such as in your case that are for Guest Wi-Fi where I can't properly sneak in the CA. On Squid I believe this is referred to as Bump and Splice all.

For my guest Wi-Fi setups, I just use the non-MITM method. This is where the proxy is able to see the domain name without the resource path at the end in order to decide if a website should be let through or not. MITM would obviously allow the proxy to look at the entire URL with the resource path and make a informed decision as to whether or not to allow a website through. I prefer it way more than DNS level filtering as it's more flexible. You can set it up for specific users while others can browse those sites just fine.

If you've got sometime, I recommend you give E2 Guardian a shot. It worked out a lot better than Squid in my use case and it has the added benefit of actual phrase filtering.

scratch that,

clam av uses its FQDN, which is allowed to pass the clam av white list.

@tazmo

I have Pfsense with HAProxy installed in it .can u guide how to do load balance between two AWS EC2 Web server Instance with SSL. Even i have SSL purchased from the 3rd party tool.

@albtech See if this website can help WPAD PAC Proxy Configuration

@periko said in Squid negative speed increase:

ng the proxy?
Did u use auth?

This squid server serve about 1200 to 1500 Users.
I don't use auth, no error found, dns google work normal.

Hi guys!
I understand that the solution to the current problem does not exist?

All i can say, most possibly its your configuration.

@dotslashniks I think you should still be able to see LAN addresses under the Status/Traffic Graph/. Make sure the Interface selected is LAN. I personally don't find the traffic graph extremely useful. Try installing the ntopng package. It's a great package for checking traffic. Look it up on YouTube, there are great tutorials on what it can do.