@ma0f97 Has no one an idea?

Coloca ele no Bypass Proxy for These Destination, e libera porta.

@rafael-2

Boa tarde, então encontrei este link que é de um mirror mas não esta atualizado
http://mirror.una.ac.cr/Pc/Blacklists/Shalla.de/shallalist.tar.gz

a melhor alternativa ainda é pelo http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense.tar.gz

@lucasll había puesto el IP y puerto del kerio en Advanced - Miscellaneus del pfsense pero ya encontré la solución. Mi DNS superior no resolvía las direcciones fuera de la VPN. Utilicé un repositorio alternativo que el DNS era capaz de resolver.

@norcarde A transparent proxy would solve your application problems, but they are a hassle to setup and can introduce their own problems.

@santi buen día. Ya revisé el log. Dónde obtuve la ip a la cual de está conectado, la agregue a la lista blanca, además, del puerto. Pero sigue sin funcionar .

@mhmz

does it make any sense sitting on proxy server with deactivated aes-ni ?

Take a good look at what's getting blocked in your log files, it's easy to break google products because of their spyware/tracking integration.

@aGeekhere said in squid blocking things I want to access (access denied for inter-LAN devices):

you can get the refresh patten here https://github.com/mmd123/squid-cache-dynamic_refresh-list/pulls

I know, I'm the one that made that repo xD

No, the problem is I forgot it needs to be run in custom MITM mode to actually work with caching things properly, and by the time I realized that last night it was like 2am, so I went to sleep, I'll be back to work on it later today @aGeekhere

As soon as you have access to the full, decrypted data stream it's most probably possible to cache everything.

But :
The, for example, ccs style sheet file, can have a unique name - and won't be re used ever again, so it will get reloaded anyway.
The file creation date can be set to 'now' so the browser will request a fresh copy, even if the content didn't change at all.
etc etc .

@High_Voltage said in Web gui, ssl/https connectivity, squid, and wpad:

just took me a bit to realize I was having a moment of brain dead, THANK YOU ALL! - THX 😉

BTW:
if you want to perform a serious Squid + Squid Guard installation.
I have an acquaintance here on the forum and I can bring you together with him...☺

@rafamello

Como pensávamos, o problema é com *.GOV + cert.

Solved in https://forum.netgate.com/topic/153028/haproxy-deleting-acl-on-modify-bug-or-am-i-missing-something/14

@werter

непрозрачный, с авторизацией по ip и учетным записям. на время настройки авторизация отключена

En caso de que alguien aun no logro resolver el inconveniente aquí dejo el enlace con la información facebook suministra para permitir el filtro por proxy

https://developers.facebook.com/docs/whatsapp/guides/network-requirements/?locale=es_ES

Thanks for the info. Astounding is what this is. :-)

@impatient hello I am having the same issue currently. I have the proxy running and https and http in transparent mode with splice all. It works certificates are installed on all devices. Clamav for me only works with HTTP downloads even when https SSL intercept is running. The test file only gets blocked on http.

Did you guys ever find a resolve for this?

https://forum.netgate.com/topic/168812/squid-c-icap-virus-table-malware-virus-test-file-in-http-caught?_=1641529034653

@obmor said in Repositorio não oficial não aparece:

@baguncassp siga este tutorial, comigo deu certo no pfsense 2.4.4

https://forum.netgate.com/topic/136730/aplicar-patch-para-usar-e2guardian-5-em-pfsense-2-4-4/2?fbclid=IwAR1WmexowP8hxVx5gQD_t-aXzcFCt3vpsfz-spQnGfqChwk_-iUX_DuyHyM

Muito obrigado @obmor deu certinho.

Durante o monitoramento percebi que o Squid precisava ser reiniciado mais de uma vez ao dia, acrescentei mais dois horários e também alterei o path do cron para utilizar a rotina padrão do Squid.

00 10 * * * root /usr/local/etc/rc.d/squid.sh restart
00 13 * * * root /usr/local/etc/rc.d/squid.sh restart
00 16 * * * root /usr/local/etc/rc.d/squid.sh restart

O reinício é rápido e até o momento ninguém reclamou de queda, pelo que tenho percebido afeta somente o acesso a sites, a conferência que era a minha maior preocupação continua funcionando normalmente durante a execução da rotina.

O que acho mais estranho é que temos uns 200 dispositivos conectados em nossa rede ( Ethernet e Wi-Fi ) e já ouvi pessoas reclamando do mesmo problema com 1200 dispositivos na rede.

All..... The script came from user Remzej. I have it on a cron job to check every 5 minutes (we are a busy proxy environment)...

*/2 * * * * root /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/monitor_memory_usage.php

#!/usr/local/bin/php-cgi -f
<?php
/*

monitor_memory_usage.php

part of pfSense (https://www.pfsense.org)

Copyright (c) 2011-2015 Rubicon Communications, LLC (Netgate)

All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.
*/
require_once('config.inc');
require_once('util.inc');
require_once('squid.inc');
global $config;

// Monitor memory usage by remzej
// Get SWAP usage funtion
function swap_usage() {
exec("/usr/sbin/swapinfo", $swap_info);
$swap_used = "";
foreach ($swap_info as $line) {
if (preg_match('/(\d+)%$/', $line, $matches)) {
$swap_used = $matches[1];
break;
}
}
return $swap_used;
}

// Get memory usage function
function mem_usage() {
$memory = "";
exec("/sbin/sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_inactive_count " .
"vm.stats.vm.v_cache_count vm.stats.vm.v_free_count", $memory);

$totalMem = $memory[0]; $availMem = $memory[1] + $memory[2] + $memory[3]; $usedMem = $totalMem - $availMem; $memUsage = round(($usedMem * 100) / $totalMem, 0); return $memUsage;

}

// Get memory and SWAP usage value
$memusage_pct = mem_usage();
$swapusage_pct = swap_usage();

// Display memory usage
echo "Memory Usage: " . $memusage_pct . "%" . PHP_EOL;
echo "SWAP Usage: " . $swapusage_pct . "%" . PHP_EOL;

// If memory usage is above 90%, stop and restart squid services.
if (($memusage_pct > 90) or ($swapusage_pct > 80)) {
squid_stop_monitor();
if (is_service_running('squid')) {
stop_service("squid");
}
squid_restart_services();
log_error(gettext(sprintf("[squid] Memory usage is $memusage_pct percent, Swap Usage is $swap_usage percent, stopping and restarting services.")));
}
log_error(gettext(sprintf("[squid] Memory usage is $memusage_pct percent and Swap Usage is $swapusage_pct")));
?>

There are many how to's on the youtube and interwebs. Here is one I have saved

https://www.youtube.com/watch?v=W2gy1bLHm5o

Skip the pfsense install part as it goes through the whole process from pfsense setup to squid, to squidguard, and lightsquid. Squidguard itself is not hard to setup once you have setup you squid transparent proxy which is basically enabling squid, checking transparent proxy, settings caches and that's it for squid then switch to squidguard and configure it. I have squid setup as an HAVP sine it is built into the squid package now and not a separate package before 2.3. Overall there is are many video and guides with pictures to assist in setting up or helping troubleshoot pieces of pfsense you need help with when you google for it such as in your case "pfsense squidguard setup". Don't hesitate you use your Googlefu.