Squidguard-squid3 systempatch for use with squid3-dev
-
And the proxy server config page?
Thanx.
-
-
under custom acls please remove the forwarded_for transparent and replace it with
always_direct allow all
ssl_bump server-first all -
always_direct allow all
ssl_bump server-first allThat was the missing link, now there is no more warnings (with the exception of pfsense admin page, which is fine).
Thank you very much
[UPDATE]
Now windows update can't connect with error 80072F8F.
Also Adobe creative cloud can not connect with error 201.
[Update]Add GoogleUpdate.exe to the list as well.Looking at this post https://forum.pfsense.org/index.php?topic=77394.0
Does this fix work? How is this added in the GUI?
[Update]
This is my Custom ACLS (Before_Auth)
acl broken_sites dstdomain .update.microsoft.com
ssl_bump none broken_sites
always_direct allow all
ssl_bump server-first allHowever windows updates still do not work.
-
Hi,
Of course you cannot decrypt every Site. Itunes is also not decryptable.
BTW: is squidguard and antivirus working?
As exakte is the Eicar Testvirus getting blocked? -
How do I add the exclusions?
Yes squidguard and the antivirus are working and it does block the exakte file.
[UPDATE] Also Do you have to manually find each service to exclude?
e.g.
windows update
Adobe creative cloud
Google update
Antivirus update
other updaterOr can we just create a general rule that will allow all service updates, because finding all these service updates would hard and take a while and if someone comes onto the network and has some other software package that need an exclusion in order to update that would be hard to maintain.
-
Hm, my squidguard isn't still working.
Are you using HAVP as antivirus?
Did you add more then one nat rule for ssl decryption?
Thanx.
-
Are you using HAVP as antivirus?
I left the squid Antivirus (clamav) as default (do not know if it is using HAVP or not, can't
even find a setting for it in squid)Did you add more then one nat rule for ssl decryption?
I did not set any nat rules for ssl decryption in the Firewall, but rather in System: Advanced: Firewall and NAT and set NAT Reflection mode for port forwards to enable(pure nat).Also enabled Enable NAT Reflection for 1:1 NAT and Enable automatic outbound NAT for Reflection.
Hope this helps
Also any ideas on my above post about windows updates and other update servers?
-
Strange, is your squidguard configured as parent for squid?
Could you maybe post your squid.conf please?
Thanx.
-
in squidgard set Blacklist proxy as the ip of pfsense
-
That is not working correctly, squidguard won't start if I enter the ip of pfsense in the blacklist proxy.
-
Same, I have to cut every thing out of integrations then start squidgaurd then renter it back in
-
And after that it was working, I mean ssl bump and squidguard filtering?
-
both, sometimes a restart is needed and then cut everying out from integrations, start squidgaurd and then paste it back into squid.
-
Nope, won't help. I don't get it.
-
Hi all, still stuck on getting windows update working, any advice?.
-
When I got it working with squidguard, I will attend to that problem.
-
I am a bit stumped on why Squidguard is not working for you (as I am new to this) list your squid, Squidguard and System: Advanced: Firewall and NAT settings.
-
Transparent Proxy.
Integrations Settings:
cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf;url_rewrite_bypass off;url_rewrite_children 16 startup=8 idle=4 concurrency=0Custom Acls:
always_direct allow all
ssl_bump server-first allOnly one nat rue for redirecting https traffic to squid.
-
do you put amd64 instead of i386 by mistake or are you running amd64?