Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid 3.3.4 package for pfsense with ssl filtering

    Scheduled Pinned Locked Moved Cache/Proxy
    305 Posts 72 Posters 329.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wcrowder
      last edited by

      Squid is a 3.4.9, 3.5 is around the corner…

      1 Reply Last reply Reply Quote 0
      • H
        hyundrax
        last edited by

        everything work fine.. but not good caching at all :(

        squid3.jpg
        squid3.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • Z
          zang3tsu
          last edited by

          Please add an option in the GUI to disable SSLv2 and SSLv3 (POODLE vulnerability). Thanks!

          1 Reply Last reply Reply Quote 0
          • J
            joppybt
            last edited by

            @zang3tsu:

            Please add an option in the GUI to disable SSLv2 and SSLv3 (POODLE vulnerability). Thanks!

            Are you talking about the reverse HTTPS proxy?
            You can already disable SSLv2 and SSLv3 with a trick. Anything you put on the line for 'Reverse HTTPS default site' will be copied to the relevant spot it the squid.conf file. So in stead of just

            www.example.com
            ```you can put:
            

            www.example.com options=NO_SSLv2,NO_SSLv3 cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2

            
            This way you get a grade B at https://www.ssllabs.com/ssltest/
            I found no way yet to enable TLS 1.2 in squid.
            1 Reply Last reply Reply Quote 0
            • J
              joppybt
              last edited by

              @joppybt:

              I found no way yet to enable TLS 1.2 in squid.

              For the record: with the latest pfSense 2.2 I do get TLSv1.2 as well. Probably because OpenSSL 1.0.1k is now included?

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                everything work fine.. but not good caching at all

                IN my testing, I found that only managed a hit rate of about 5-7% with my company.  The dynamic nature of today's web makes it very challenging for caches.  Plus, with high-speed links and tons of bandwidth, Squid seems to get more use here as the base for SquidGuard filtering than it does for caching content.

                1 Reply Last reply Reply Quote 0
                • A
                  asterix
                  last edited by

                  Yup, I use Squid for the very same reason. Keep it setting to "null" for no local caching now since I have 110/20 Mbps speeds, don't need local cache. Now with ICAP and Clamd I am getting a bit more functionality out of it.

                  If there was a way to separate the dependency of Clamd and dans/e2guardian on squid, I would had installed the separate packages and not looked at Squid ever.

                  1 Reply Last reply Reply Quote 0
                  • D
                    darrenkdean
                    last edited by

                    Good Evening,

                    Can anyone provide instruction on how to configure squidclamav to update definitions twice per day, noon & midnight?

                    I have installed the Cron package & can SSH in, but have been unable to determine the next steps & appropriate script to make it auto update.

                    Best-

                    Darren

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nachtfalke
                      last edited by

                      @darrenkdean:

                      Good Evening,

                      Can anyone provide instruction on how to configure squidclamav to update definitions twice per day, noon & midnight?

                      I have installed the Cron package & can SSH in, but have been unable to determine the next steps & appropriate script to make it auto update.

                      Best-

                      Darren

                      I just added a cronjob which starts freshclam one time a day a 2:22 am:

                      
                      22  	2  	*  	*  	*  	root  	/usr/local/bin/freshclam  
                      
                      

                      Having a look at /var/log/clamav/freshclam.log you can see that it updates the virus databases.

                      1 Reply Last reply Reply Quote 0
                      • A
                        aityahiaidir
                        last edited by

                        hello allo

                        i have a trouble to get Squid working on pfsense, before updating Squid package it's worked fine, but now i guet an error page

                        Erreur de protocole ICAP.
                        
                        Le système a retourné : [No Error]
                        

                        pfsense : 2.2-RELEASE (i386)

                        Installed Squid package : 3.4.10_2 pkg 0.2.6

                        where is the problem ?

                        1 Reply Last reply Reply Quote 0
                        • B
                          BitPoint
                          last edited by

                          Hello everyone,
                          during the update process of clamav, in /var/log/clamav/freshclam.log i read:
                          WARNING: Your ClamAV installation is OUTDATED!
                          WARNING: Local version: 0.98.5 Recommended version: 0.98.6

                          Should I be worried?
                          Thanks to all

                          1 Reply Last reply Reply Quote 0
                          • L
                            lannet2k
                            last edited by

                            Hi ,
                            Any one have issue with the new version of PFSense 2.2.1 ??

                            After installing it Squid keep restarting , log is full of :
                            Mar 19 17:23:22 squid[72924]: Squid Parent: (squid-1) process 958 exited with status 1
                            Mar 19 17:23:25 squid[72924]: Squid Parent: (squid-1) process 34043 started
                            Mar 19 17:23:26 (squid-1): The redirector helpers are crashing too rapidly, need help!

                            I try to stop it but it restart for some reason.

                            Thanks
                            :(

                            1 Reply Last reply Reply Quote 0
                            • I
                              ignacio.verdejo
                              last edited by

                              Dear , I'm new to this, but fix this problem by simply checking the "Do not verify the remote certificate " located in Man SSL option menu in the filtering.

                              SSL Man Int the Middle Filtering>Remote cert checks> check "Do not verify remote certificate".

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.