@mhmz

does it make any sense sitting on proxy server with deactivated aes-ni ?

Take a good look at what's getting blocked in your log files, it's easy to break google products because of their spyware/tracking integration.

@aGeekhere said in squid blocking things I want to access (access denied for inter-LAN devices):

you can get the refresh patten here https://github.com/mmd123/squid-cache-dynamic_refresh-list/pulls

I know, I'm the one that made that repo xD

No, the problem is I forgot it needs to be run in custom MITM mode to actually work with caching things properly, and by the time I realized that last night it was like 2am, so I went to sleep, I'll be back to work on it later today @aGeekhere

As soon as you have access to the full, decrypted data stream it's most probably possible to cache everything.

But :
The, for example, ccs style sheet file, can have a unique name - and won't be re used ever again, so it will get reloaded anyway.
The file creation date can be set to 'now' so the browser will request a fresh copy, even if the content didn't change at all.
etc etc .

@High_Voltage said in Web gui, ssl/https connectivity, squid, and wpad:

just took me a bit to realize I was having a moment of brain dead, THANK YOU ALL! - THX 😉

BTW:
if you want to perform a serious Squid + Squid Guard installation.
I have an acquaintance here on the forum and I can bring you together with him...☺

@rafamello

Como pensávamos, o problema é com *.GOV + cert.

Solved in https://forum.netgate.com/topic/153028/haproxy-deleting-acl-on-modify-bug-or-am-i-missing-something/14

@werter

непрозрачный, с авторизацией по ip и учетным записям. на время настройки авторизация отключена

@pozolero said in Problema Pfsense y Whatsapp:

@mikeMTY ☠ Por los dioses de la red!!!

pero esto lo tienes a nivel del firewall y a nivel de Squid+SquidGuard?

Thanks for the info. Astounding is what this is. :-)

That indicate's clamav is detecting the test file but isn't logging it properly.

I checked my setup and receive the same, Found instream with no default block page and it is not logged in either the C-ICAP Virus Table or the dashboard widget.

Perhap's someone else will check on this that has more knowledge.

@obmor said in Repositorio não oficial não aparece:

@baguncassp siga este tutorial, comigo deu certo no pfsense 2.4.4

https://forum.netgate.com/topic/136730/aplicar-patch-para-usar-e2guardian-5-em-pfsense-2-4-4/2?fbclid=IwAR1WmexowP8hxVx5gQD_t-aXzcFCt3vpsfz-spQnGfqChwk_-iUX_DuyHyM

Muito obrigado @obmor deu certinho.

Durante o monitoramento percebi que o Squid precisava ser reiniciado mais de uma vez ao dia, acrescentei mais dois horários e também alterei o path do cron para utilizar a rotina padrão do Squid.

00 10 * * * root /usr/local/etc/rc.d/squid.sh restart
00 13 * * * root /usr/local/etc/rc.d/squid.sh restart
00 16 * * * root /usr/local/etc/rc.d/squid.sh restart

O reinício é rápido e até o momento ninguém reclamou de queda, pelo que tenho percebido afeta somente o acesso a sites, a conferência que era a minha maior preocupação continua funcionando normalmente durante a execução da rotina.

O que acho mais estranho é que temos uns 200 dispositivos conectados em nossa rede ( Ethernet e Wi-Fi ) e já ouvi pessoas reclamando do mesmo problema com 1200 dispositivos na rede.

All..... The script came from user Remzej. I have it on a cron job to check every 5 minutes (we are a busy proxy environment)...

*/2 * * * * root /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/monitor_memory_usage.php

#!/usr/local/bin/php-cgi -f
<?php
/*

monitor_memory_usage.php

part of pfSense (https://www.pfsense.org)

Copyright (c) 2011-2015 Rubicon Communications, LLC (Netgate)

All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.
*/
require_once('config.inc');
require_once('util.inc');
require_once('squid.inc');
global $config;

// Monitor memory usage by remzej
// Get SWAP usage funtion
function swap_usage() {
exec("/usr/sbin/swapinfo", $swap_info);
$swap_used = "";
foreach ($swap_info as $line) {
if (preg_match('/(\d+)%$/', $line, $matches)) {
$swap_used = $matches[1];
break;
}
}
return $swap_used;
}

// Get memory usage function
function mem_usage() {
$memory = "";
exec("/sbin/sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_inactive_count " .
"vm.stats.vm.v_cache_count vm.stats.vm.v_free_count", $memory);

$totalMem = $memory[0]; $availMem = $memory[1] + $memory[2] + $memory[3]; $usedMem = $totalMem - $availMem; $memUsage = round(($usedMem * 100) / $totalMem, 0); return $memUsage;

}

// Get memory and SWAP usage value
$memusage_pct = mem_usage();
$swapusage_pct = swap_usage();

// Display memory usage
echo "Memory Usage: " . $memusage_pct . "%" . PHP_EOL;
echo "SWAP Usage: " . $swapusage_pct . "%" . PHP_EOL;

// If memory usage is above 90%, stop and restart squid services.
if (($memusage_pct > 90) or ($swapusage_pct > 80)) {
squid_stop_monitor();
if (is_service_running('squid')) {
stop_service("squid");
}
squid_restart_services();
log_error(gettext(sprintf("[squid] Memory usage is $memusage_pct percent, Swap Usage is $swap_usage percent, stopping and restarting services.")));
}
log_error(gettext(sprintf("[squid] Memory usage is $memusage_pct percent and Swap Usage is $swapusage_pct")));
?>

There are many how to's on the youtube and interwebs. Here is one I have saved

https://www.youtube.com/watch?v=W2gy1bLHm5o

Skip the pfsense install part as it goes through the whole process from pfsense setup to squid, to squidguard, and lightsquid. Squidguard itself is not hard to setup once you have setup you squid transparent proxy which is basically enabling squid, checking transparent proxy, settings caches and that's it for squid then switch to squidguard and configure it. I have squid setup as an HAVP sine it is built into the squid package now and not a separate package before 2.3. Overall there is are many video and guides with pictures to assist in setting up or helping troubleshoot pieces of pfsense you need help with when you google for it such as in your case "pfsense squidguard setup". Don't hesitate you use your Googlefu.