• Squid Errors

    2
    0 Votes
    2 Posts
    556 Views
    KOMK
    This look more like a pfBlocker issue to me.
  • Haproxy basic question

    5
    0 Votes
    5 Posts
    732 Views
    M
    Not yet no time currently. Just exploring my options but will definitly try it. Thanks!
  • Squid or SquidGuard?

    2
    0 Votes
    2 Posts
    586 Views
    KOMK
    Squid is a caching proxy.  Squidguard is an URL filter.  Squidguard requires squid.  Squid uses authentication to allow/deny access while squidguard uses it for grouping purposes.
  • Is SquidGuard able to solve my problem?

    Moved
    1
    0 Votes
    1 Posts
    396 Views
    No one has replied
  • Squid Proxy not working with WhatsApp (transparent and npn-transparent)

    6
    0 Votes
    6 Posts
    5k Views
    G
    Added This to Firewall LAN rules whatsapp now passes the proxy. ![Whatsapp LAN Allow.png](/public/imported_attachments/1/Whatsapp LAN Allow.png) ![Whatsapp LAN Allow.png_thumb](/public/imported_attachments/1/Whatsapp LAN Allow.png_thumb) ![Whatsapp Alias.png](/public/imported_attachments/1/Whatsapp Alias.png) ![Whatsapp Alias.png_thumb](/public/imported_attachments/1/Whatsapp Alias.png_thumb)
  • Squidanalyzer not start

    5
    0 Votes
    5 Posts
    832 Views
    L
    Hi Marcello, I installed Pfsense version 2.4.3  it works now SquidAnalyzer. Programs I installed in the system Squid SquidGuard in squidanalyzer TOP DENIED empty
  • Squid+ad+kerberos

    3
    0 Votes
    3 Posts
    2k Views
    R
    Fixed keytab, got Kerberos. But cpu load is very high. Where i must paste “KRB5RCACHETYPE=none export KRB5RCACHETYPE” in /usr/local/pkg/squid.inc, to disable cache ?
  • Squid with AD groups + Kerberos authentication in pfsense?

    2
    0 Votes
    2 Posts
    5k Views
    fabricioguzzyF
    Hello Milan, here is a tip for you. use samba44. It has all kerberos support tools, including the keytab generation and it's quite simple to use it. Also, you will need squidguard to make your AD group search. You will need to add the Kerberos auth config lines in the advanced configuration for squid. (squid page. All the way down the page) Also, The correct authentication sequence should be:  Kerberos, NTLMv2 and then (optional) Basic Auth. Unless you really want to use Kerberos ONLY. hope that helps you. Fabricio.
  • HAProxy Elliptic Curve Certificates

    3
    0 Votes
    3 Posts
    2k Views
    R
    Hi Michael, I'm trying to configure a haproxy with a EC certificate and i configured global setting like you described: ssl-default-bind-options no-sslv3 no-tls-tickets ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA my .pem file has privatekey + cert +certCA, still haproxy fails: parsing [/etc/haproxy/haproxy.cfg:48] : 'bind 10.10.1.5:443' : unable to load SSL private key from PEM …ne.com.pem' I'm runnig a v1.5 haproxy, what was the version you used? thanks, Ricardo
  • HAProxy Basic User Auth

    1
    0 Votes
    1 Posts
    690 Views
    No one has replied
  • E2 Guardian Install

    Moved
    4
    0 Votes
    4 Posts
    2k Views
    marcellocM
    Try this screencast http://sys-squad.com/licao/259 It's in Portuguese but I think it will help. I strongly recommend e2guardian v5 under pfSense 2.4
  • Everything related to squid is bugged as hell

    8
    0 Votes
    8 Posts
    1k Views
    ivorI
    I'd utilize pfBlockerNG for blocking domains via its DNSBL (or IP for that matter). It's much faster and better. What's your network size, how many clients are there?
  • How do i block torrent file on squidguard proxy filter

    9
    0 Votes
    9 Posts
    4k Views
    C
    http://blogs.fcoos.net/block-p2p-traffics-with-pfsense-using-snort-ips/
  • SquidGuard LDAP Config issue

    Moved
    1
    0 Votes
    1 Posts
    790 Views
    No one has replied
  • HAProxy - dropping connections

    2
    0 Votes
    2 Posts
    3k Views
    P
    Your server timeout is 2 minutes for the webapp, and a connect timeout shouldn't really be above 10 seconds, if it takes 10 seconds to get a working tcp connection there is some serious network issues even when accessing a server over the internet.. As for dropping established connections there could be different factors causing that.. Configuring the syslog on the haproxy settings tab(perhaps to the local syslog unixsocket) and enabling 'detailed logs' on the frontend should help tell if the client or server breaks the connection or a timeout is hit perhaps.. In case of doubt also run also capture the packets on both wan and lan side of haproxy to check with wireshark which side traffic gets interrupted.
  • We are trying to work with squid proxy/squidguard but whitelist dont work

    4
    0 Votes
    4 Posts
    4k Views
    Z
    if you use splice all it does not bump at all. Which CA du you see on your client. Every host should turn up as signed by your ca if bumbing is applied. Whitelist/Blacklist of squid does NOT apply to SSL at all. As I wrote before in another thread Splice Whitelist is defect too. If possible post resulting squid.conf here and a screenshot of what goes wrong. Press F12 in your browser to see 'security' details. Or try with openssl s_client -connect to see certificate and ssl details. ssl bump is not for the faint harted though. a lot of problems on the horizon. hpkp, tls 1.3, missing intermediate certificates, incompatible ciphers etc etc to mention some. some experience with tls required I would say.
  • ICAP: using a different and dedicated and remote av engine?

    2
    0 Votes
    2 Posts
    528 Views
    M
    @demux: Hi. We are going to use a central ICAP-enabled AV scanner that runs on a dedicated machine.  We do not want to use clamav (neither locally nor remote). From looking at the various GUI settings I cannot find an easy way to configure squid to use another ICAP path except the one to the local clamav (c-icap). Is there a setting that I am missing or is there another way to set this up in a simple way (means without overriding the GUI config manually). I know that we could do that using a parent proxy setup, but we believe that taking the ICAP approach is faster and with less overhead - and makes more sense with regard to structure. (At the moment I cannot say which engine we are going to use as this is not yet finally decided.  But a written requirement is that we can talk to it using ICAP because of pfsense.) Where is the best place to configure another ICAP machine? Thanks for your help! demux. I'm looking for the same thing. I would like to have a GUI menu where i can specify the external ICAP Server IP address, reqmode/respmode and port. I suppose this could be easily done by developers. For now the best way i've found to config these parameters is by using the "Diagnostics –> Edit File" functionality to edit these two files: /usr/local/pkg/squid_antivirus.inc /usr/local/etc/squid/squid.conf Just edit the following lines using the correct IP/port/etc...and restart squid: icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/request adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/response adaptation_access service_resp allow all I hope someone more expert than me can find a simpler way or maybe some developer can introduce this feature :) Thanks
  • Squidguard 1.4_4 pkg v.1.9.6 group acl not working

    4
    0 Votes
    4 Posts
    1k Views
    R
    Hello. I have done 2 target categories (social sites & job sites) User(A)  group will get only social access, user(B)  group will get only job access. In user(A)  group one ip will get both sites access. So i create that ip in another group & allows both categories. But its no working. Please help me about this issue. (SORRY FOR MY BAD ENGLISH)
  • HAProxy + Acme Timeout Error

    3
    0 Votes
    3 Posts
    1k Views
    BismarckB
    @cplmayo: Got it working today, firewall rule was blocking the traffic. Knew it would be something stupid that I missed. Hello, im running in the exact same issue, could you so kind and share which firewall rule was blocking the traffic?
  • HAProxy Not Saving Backends To Config

    2
    0 Votes
    2 Posts
    420 Views
    P
    Have you selected the 'default backend' in the frontend? Or use a 'use backend' action.?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.