I found the ways using the belows. I need to change backend not frontend.  :) https://forum.pfsense.org/index.php?topic=121730.0 https://www.digitalocean.com/community/tutorials/how-to-use-haproxy-as-a-layer-7-load-balancer-for-wordpress-and-nginx-on-ubuntu-14-04

Finally, i resolved my problem. I downloaded the repository to a computer, later i install an apache server and put inside the repositoty. With Winscp yo must connect to pfsense server and modify the file: pfsense-Repo.conf  in /usr/local/share/pfSense and /usr/local/share/pfSense/pkg/repos . Change https by http and put in tha line your apache site ip FreeBSD: { enabled: no } pfSense-core: {   url: "pkg+http://YOUR APACHE IP/pfSense_v2_3_4_amd64-core",   mirror_type: "srv",   signature_type: "fingerprints",   fingerprints: "/usr/local/share/pfSense/keys/pkg",   enabled: yes } pfSense: {   url: "pkg+http://YOUR APACHE IP/pfSense_v2_3_4_amd64-pfSense_v2_3_4",   mirror_type: "srv",   signature_type: "fingerprints",   fingerprints: "/usr/local/share/pfSense/keys/pkg",   enabled: yes

Have you looked at this post: https://forum.pfsense.org/index.php?topic=117017.0

I get an "403 Access denied" - the message is generated by my pfSense (browser bar's IP address if the pfSense). As for common ACL - I see "Test" (which is a blacklist for www.youtube.com only. (Used, you guessed it, as a test only) Default access "All"  which is "Deny" Wouldn't EVERYTHING be blocked according to this above?

Actually this is one worked better for me https://forum.pfsense.org/index.php?topic=139939.0

Thanks for the reply.. Yes I have installed squidguard… Please look for the screenshot of squid settings below. [image: squid_screenshot.png] [image: squid_screenshot.png_thumb]

That's what it was.  The Roku netflix client wasn't using the domain name, but IP addresses for the Netflix servers.  I guess I should have realized that in the log.  Even though I had the option "Do not allow IP-Addresses in URL" unchecked, I was looked at the squidguard config at /usr/local/etc/SquidGuard/SquidGuard.conf and saw that it had !in-addr which was blocking anything that had an IP address in the URL.  Seems to be working fine now after I removed that.

I'm now on pfSense: 2.4.2-RELEASE-p1 FreeBSD 11.1-RELEASE-p6 Using a Mac mini and MacBook Pro both using Firefox to test the EICAR HTTP files, I completed the 4 steps, twice, and I can still download the HTTP files.  I haven't configured for HTTPS yet. Another interesting factoid…Using Debian 9 Stretch Linux with Firefox installed, I couldn't download the HTTP files but I still didn't receive the red colored virus message.

No idea.  I don't use transparent mode or SSL-intercept.  Just WPAD to get the URL for filtering and that's all.

SQRobin, I'm in the same camp. Did you end up fixing this? I have 16 Cores, 32GB RAM.  60GB Cache (DiskD - Previously AUFS with zero change), 64MB Cache Memory Size, 256K Max object, Heap GDSF. RAM and SWAP often go haywire after about 10 hours.  I upped the SSL Daemon Children to 64 recently to assist. Any other tips? HTTP/1.1 200 OK Server: squid Mime-Version: 1.0 Date: Wed, 07 Feb 2018 15:30:42 GMT Content-Type: text/plain;charset=utf-8 Expires: Wed, 07 Feb 2018 15:30:42 GMT Last-Modified: Wed, 07 Feb 2018 15:30:42 GMT X-Cache: MISS from localhost X-Cache-Lookup: MISS from localhost:3128 Via: 1.1 localhost (squid) Connection: close Squid Object Cache: Version 3.5.27 Build Info: Service Name: squid Start Time: Wed, 07 Feb 2018 01:26:06 GMT Current Time: Wed, 07 Feb 2018 15:30:42 GMT Connection information for squid: Number of clients accessing cache: 864 Number of HTTP requests received: 289166 Number of ICP messages received: 0 Number of ICP messages sent: 0 Number of queued ICP replies: 0 Number of HTCP messages received: 0 Number of HTCP messages sent: 0 Request failure ratio: 0.00 Average HTTP requests per minute since start: 342.4 Average ICP messages per minute since start: 0.0 Select loop called: 18051093 times, 2.807 ms avg Cache information for squid: Hits as % of all requests: 5min: 2.6%, 60min: 3.0% Hits as % of bytes sent: 5min: 1.1%, 60min: 1.3% Memory hits as % of hit requests: 5min: 51.2%, 60min: 56.1% Disk hits as % of hit requests: 5min: 17.8%, 60min: 23.9% Storage Swap size: 47263468 KB Storage Swap capacity: 76.9% used, 23.1% free Storage Mem size: 64732 KB Storage Mem capacity: 98.8% used,  1.2% free Mean Object Size: 125.91 KB Requests given to unlinkd: 0 Median Service Times (seconds)  5 min    60 min: HTTP Requests (All):  0.05046  0.02742 Cache Misses:          0.08265  0.07825 Cache Hits:            0.00286  0.00091 Near Hits:            0.05633  0.08729 Not-Modified Replies:  0.00179  0.00091 DNS Lookups:          0.01046  0.01331 ICP Queries:          0.00000  0.00000 Resource usage for squid: UP Time: 50675.981 seconds CPU Time: 2292.172 seconds CPU Usage: 4.52% CPU Usage, 5 minute avg: 29.42% CPU Usage, 60 minute avg: 29.02% Maximum Resident Size: 29684640 KB Page faults with physical i/o: 183 Memory accounted for: Total accounted:      219900 KB memPoolAlloc calls:  33590776 memPoolFree calls:  34080247 File descriptor usage for squid: Maximum number of file descriptors:  939474 Largest file desc currently in use:  9246 Number of file desc currently in use: 9012 Files queued for open:                  0 Available number of file descriptors: 930462 Reserved number of file descriptors:  100 Store Disk files open:                  0 Internal Data Structures: 382429 StoreEntries 11534 StoreEntries with MemObjects   4520 Hot Object Cache Items 375364 on-disk objects

Maybe I will turn off the logs then and just reactivate them one day if I have issues :) Bad idea.  When you really need them, they won't be there.  Just set them to rotate and ignore them.

I had be able to install squid but updating to 2.3.2 to 2.3.4. Enable just security/errata on 2.3.4 and done. 2.3.2 looks death. Thanks.

Is going to be difficult to show u all the steps, but I will advice u to search on www.youtube.com to start your training. Once u have more detail info of your issue, return here and show us the problem with more details  :) example: https://www.youtube.com/watch?v=W2gy1bLHm5o

My PFBox setup is squid + squidguard wpad i will give it a try. or maybe putting an IP Address in Proxy Server-> Access Control -> ACLs will do the trick?

What news are you expecting?  WPAD requires an HTTP server, not HTTPS. https://technet.microsoft.com/en-us/library/cc995261.aspx?f=255&MSPPError=-2147217396 Implementing DNS or DHCP Consider the following criteria when deciding whether to use a DHCP WPAD entry, a DNS entry, or both: WPAD entries in DNS can only be used by client computers that belong to a domain, and clients must be configured to resolve DNS names. When implementing WPAD with a DNS server, entries must be configured for every domain containing clients enabled for automatic discovery. A valid DHCP server must be installed. When using DNS to publish WPAD, automatic discovery must be configured to use port 80. Alternatively, the outgoing Web requests must be configured to listen on port 80. WPAD in DHCP is limited to specific user groups on some client computer operating systems. For more information, see the Microsoft Knowledge Base article 312864, "Automatic Proxy Discovery in Internet Explorer with DHCP requires specific permissions." Generally, using DHCP servers with automatic detection works best for local area network (LAN)-based clients, while DNS servers enable automatic detection on computers with both LAN-based and dial-up connections. Although DNS servers can handle network and dial-up connections, DHCP servers provide faster access to LAN users and greater flexibility. If you configure both DHCP and DNS, clients will attempt to query DHCP for automatic discovery information first and then query DNS.

When you make any changes to squidguard, you need to remember to go back to the General settings page and click the Apply button or nothing you did will take effect.

Clear cache. Proxy Server: Cache ManagementLocal Cache

Hi, this does not work when the explicit proxy is configured. example, I configure the squid + sslbump on a vlan (ex: vlan10), i configure snort on the vlan10 with all appID = Result nothing is detected without the proxy everything is detected by appID. Thanks Best regards, fred

Personally, I find pfBlocker too heavy of a package for me to want to deal with just to block ads.  I use Pi-hole myself on a cheap little Pi.  Works like a charm.