Squid 3.3.4 package for pfsense with ssl filtering
-
Hi all read through the whole post.
I have transparent ssl filtering working however I am having issues with update servers like windows update, adobe creative cloud, google update, and others
I tried to create an alias with some of the white listed links for windows updare however they are not working. Is there a better way to white list these update servers? because even if I get aliases working I have to manually find each server, find there link and add it to the aliases. Is there a better way for this? as there could be 100s of update servers in which would need to do this for.Thanks
-
Hi xtrego,
set the icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav to
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamavand do the same steps to the second row.
-
Bumping this issue, perhaps it should be broken off to a new thread but I'm not sure how.
I just updated to the latest squid package 2.2.8 and the issue remains.
The word "round-robin" appears in the cache_peer lines inside squid.conf this creates a situation where requests are alternately sent to the wrong peer when multiple web servers are added that are not serving the same site… ie they are not load balancing.I believe the word "round-robin" should either be removed or exposed as a checkbox in the gui under web servers tab.
I think there is a mistake in the reverse proxy config, I was having trouble so I read the squid.conf in pbi/…/etc and I found the directive
round-robin
even though I don't want that since my servers are independent of each other. I suggest either add a checkbox for that or remove that directive. Thanks! -
Squid is a 3.4.9, 3.5 is around the corner…
-
everything work fine.. but not good caching at all :(
-
Please add an option in the GUI to disable SSLv2 and SSLv3 (POODLE vulnerability). Thanks!
-
Please add an option in the GUI to disable SSLv2 and SSLv3 (POODLE vulnerability). Thanks!
Are you talking about the reverse HTTPS proxy?
You can already disable SSLv2 and SSLv3 with a trick. Anything you put on the line for 'Reverse HTTPS default site' will be copied to the relevant spot it the squid.conf file. So in stead of justwww.example.com ```you can put:www.example.com options=NO_SSLv2,NO_SSLv3 cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2
This way you get a grade B at https://www.ssllabs.com/ssltest/ I found no way yet to enable TLS 1.2 in squid. -
I found no way yet to enable TLS 1.2 in squid.
For the record: with the latest pfSense 2.2 I do get TLSv1.2 as well. Probably because OpenSSL 1.0.1k is now included?
-
everything work fine.. but not good caching at all
IN my testing, I found that only managed a hit rate of about 5-7% with my company. The dynamic nature of today's web makes it very challenging for caches. Plus, with high-speed links and tons of bandwidth, Squid seems to get more use here as the base for SquidGuard filtering than it does for caching content.
-
Yup, I use Squid for the very same reason. Keep it setting to "null" for no local caching now since I have 110/20 Mbps speeds, don't need local cache. Now with ICAP and Clamd I am getting a bit more functionality out of it.
If there was a way to separate the dependency of Clamd and dans/e2guardian on squid, I would had installed the separate packages and not looked at Squid ever.
-
Good Evening,
Can anyone provide instruction on how to configure squidclamav to update definitions twice per day, noon & midnight?
I have installed the Cron package & can SSH in, but have been unable to determine the next steps & appropriate script to make it auto update.
Best-
Darren
-
Good Evening,
Can anyone provide instruction on how to configure squidclamav to update definitions twice per day, noon & midnight?
I have installed the Cron package & can SSH in, but have been unable to determine the next steps & appropriate script to make it auto update.
Best-
Darren
I just added a cronjob which starts freshclam one time a day a 2:22 am:
22 2 * * * root /usr/local/bin/freshclamHaving a look at /var/log/clamav/freshclam.log you can see that it updates the virus databases.
-
hello allo
i have a trouble to get Squid working on pfsense, before updating Squid package it's worked fine, but now i guet an error page
Erreur de protocole ICAP. Le système a retourné : [No Error]pfsense : 2.2-RELEASE (i386)
Installed Squid package : 3.4.10_2 pkg 0.2.6
where is the problem ?
-
Hello everyone,
during the update process of clamav, in /var/log/clamav/freshclam.log i read:
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.5 Recommended version: 0.98.6
Should I be worried?
Thanks to all -
Hi ,
Any one have issue with the new version of PFSense 2.2.1 ??After installing it Squid keep restarting , log is full of :
Mar 19 17:23:22 squid[72924]: Squid Parent: (squid-1) process 958 exited with status 1
Mar 19 17:23:25 squid[72924]: Squid Parent: (squid-1) process 34043 started
Mar 19 17:23:26 (squid-1): The redirector helpers are crashing too rapidly, need help!I try to stop it but it restart for some reason.
Thanks
:( -
Dear , I'm new to this, but fix this problem by simply checking the "Do not verify the remote certificate " located in Man SSL option menu in the filtering.
SSL Man Int the Middle Filtering>Remote cert checks> check "Do not verify remote certificate".
