Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. squid
    Log in to post
    • All categories
    • H

      HTTPS Custom Error page in Squid Pfsense

      pfSense Packages
      • squidguard pfsense 2.6 squidproxy squid • • Hari 2
      1
      0
      Votes
      1
      Posts
      269
      Views

      No one has replied

    • K

      connection is not private when using Chrome

      Cache/Proxy
      • squid squid-proxy • • karimhaydar31
      3
      0
      Votes
      3
      Posts
      513
      Views

      GertjanG

      @karimhaydar31 said in connection is not private when using Chrome:

      X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN

      The certificate is valid, but not co-signed by one of the major players, like Verisign etc. see here for a list.

      The thing is, your browser only accepts (and stays silent) certificates if they were co or toot signed by one of the authorities that are on 'the list' (in your device).
      You could actually empty this list, and your browser would not even trust https://www.micirostf.com any more.

      So, the easiest thing to do, is : export the certificate that is being used by the Webconfigurator, and import it into you browser / OS.
      Now, your browser / OS it trust it, and no more errors. That's all it takes !

      You could also get your hands on a certificate that is trusted out of the box.
      A trusted certificate is free.
      Example : if these are your general settings :

      5f251b0a-5c89-4ab6-aec6-556829c21c72-image.png

      and you actually own, or rent the some-domain.tld domain name, you could obtain certificate for *.some-domain.tld for free.
      The pfSense package "acme" is all about that functionality.
      Again : the certificate will be free, the domain name will cost some money.

    • T

      e2guardian - squidanalyzer nao atualiza

      Portuguese
      • squid e2guardian • • tilinux0
      1
      0
      Votes
      1
      Posts
      284
      Views

      No one has replied

    • M

      Route Wireguard traffic through Squid Proxy

      Traffic Monitoring
      • wireguard vpn squid proxy • • ma0f97
      2
      0
      Votes
      2
      Posts
      834
      Views

      M

      @ma0f97 Has no one an idea?

    • E

      Problemas ao acessar site

      Portuguese
      • squid • • emelicio
      2
      0
      Votes
      2
      Posts
      295
      Views

      I

      Coloca ele no Bypass Proxy for These Destination, e libera porta.

    • J

      blocklist alternativa

      Portuguese
      • blocklist squidguard squid • • Juliano Luchinski
      7
      0
      Votes
      7
      Posts
      2646
      Views

      J

      @anderson-soprana valeu aqui deu certo.

    • I

      Squid Proxy Server

      Cache/Proxy
      • squid • • Inaldo.Big
      1
      0
      Votes
      1
      Posts
      280
      Views

      No one has replied

    • H

      Wan -> pfsense -> Wan possible?

      Routing and Multi WAN
      • wan squid proxy virtualbox • • hellfire
      1
      0
      Votes
      1
      Posts
      200
      Views

      No one has replied

    • L

      No se puede recuperar la información del paquete.

      Español
      • paquetes pfsense squid actualizaciones proxy • • lexposito1986
      3
      0
      Votes
      3
      Posts
      641
      Views

      L

      @lucasll había puesto el IP y puerto del kerio en Advanced - Miscellaneus del pfsense pero ya encontré la solución. Mi DNS superior no resolvía las direcciones fuera de la VPN. Utilicé un repositorio alternativo que el DNS era capaz de resolver.

    • N

      applications without internet access

      General pfSense Questions
      • squid proxy pfsense • • Norcarde
      5
      0
      Votes
      5
      Posts
      179
      Views

      KOMK

      @norcarde A transparent proxy would solve your application problems, but they are a hassle to setup and can introduce their own problems.

    • N

      Aplicaciones sin acceso a internet

      Español
      • squid proxy pfsense • • Norcarde
      3
      0
      Votes
      3
      Posts
      280
      Views

      N

      @santi buen día. Ya revisé el log. Dónde obtuve la ip a la cual de está conectado, la agregue a la lista blanca, además, del puerto. Pero sigue sin funcionar .

    • Y

      How to give access from WAN to LAN using Squid

      Cache/Proxy
      • squid wan lan • • ycbarrosocu
      1
      0
      Votes
      1
      Posts
      206
      Views

      No one has replied

    • M

      Proxy services stop unexpectedly

      Cache/Proxy
      • pfsense squid squidguard help • • mhmz
      2
      0
      Votes
      2
      Posts
      344
      Views

      ?

      @mhmz

      does it make any sense sitting on proxy server with deactivated aes-ni ?

    • B

      Squid and Squidguard forces restricted mode in youtube

      Cache/Proxy
      • squid squidguard youtube filtering • • Baud21
      2
      0
      Votes
      2
      Posts
      571
      Views

      M

      Take a good look at what's getting blocked in your log files, it's easy to break google products because of their spyware/tracking integration.

    • High_VoltageH

      squid blocking things I want to access (access denied for inter-LAN devices)

      Cache/Proxy
      • squid access-denied • • High_Voltage
      7
      0
      Votes
      7
      Posts
      285
      Views

      High_VoltageH

      @aGeekhere said in squid blocking things I want to access (access denied for inter-LAN devices):

      you can get the refresh patten here https://github.com/mmd123/squid-cache-dynamic_refresh-list/pulls

      I know, I'm the one that made that repo xD

      No, the problem is I forgot it needs to be run in custom MITM mode to actually work with caching things properly, and by the time I realized that last night it was like 2am, so I went to sleep, I'll be back to work on it later today @aGeekhere

    • High_VoltageH

      in an effort to better fix/set up squid and the github information for others to use, I need some help understanding stuff

      Cache/Proxy
      • squid mitm ssl inspection explicit proxy transparent • • High_Voltage
      4
      0
      Votes
      4
      Posts
      185
      Views

      GertjanG

      As soon as you have access to the full, decrypted data stream it's most probably possible to cache everything.

      But :
      The, for example, ccs style sheet file, can have a unique name - and won't be re used ever again, so it will get reloaded anyway.
      The file creation date can be set to 'now' so the browser will request a fresh copy, even if the content didn't change at all.
      etc etc .

    • High_VoltageH

      Web gui, ssl/https connectivity, squid, and wpad

      General pfSense Questions
      • wpad squid httpsssl • • High_Voltage
      6
      0
      Votes
      6
      Posts
      604
      Views

      DaddyGoD

      @High_Voltage said in Web gui, ssl/https connectivity, squid, and wpad:

      just took me a bit to realize I was having a moment of brain dead, THANK YOU ALL! - THX 😉

      BTW:
      if you want to perform a serious Squid + Squid Guard installation.
      I have an acquaintance here on the forum and I can bring you together with him...☺

    • alexandre.angeliA

      [Resolvido] Erro certificado - JusBrasil

      Portuguese
      • squid squidguard ssl error certificate • • alexandre.angeli
      39
      0
      Votes
      39
      Posts
      1452
      Views

      DaddyGoD

      @rafamello

      Como pensávamos, o problema é com *.GOV + cert.

    • C

      Reverse Proxy using server certificates (NOT PFSense certs)

      Cache/Proxy
      • reverse proxy squid ssl man-in-the-midd • • coatmaker618
      2
      0
      Votes
      2
      Posts
      294
      Views

      C

      Solved in https://forum.netgate.com/topic/153028/haproxy-deleting-acl-on-modify-bug-or-am-i-missing-something/14

    • H

      How does the squid is implemented.

      Cache/Proxy
      • squid squidguard • • h_b
      1
      0
      Votes
      1
      Posts
      177
      Views

      No one has replied

    • H

      Some Cloudflare hosted websites not working and throw: ERR_NAME_NOT_RESOLVED

      Firewalling
      • dns dns resolver redirect squid squidguard • • h_b
      1
      0
      Votes
      1
      Posts
      173
      Views

      No one has replied

    • D

      Como configurar o pfsense em uma rede que já possui um proxy?

      Portuguese
      • proxy squid • • Dayvison
      1
      0
      Votes
      1
      Posts
      115
      Views

      No one has replied

    • D

      SQUID, 3 интерфейса и низкая скорость

      Russian
      • squid low speed • • drquake
      5
      0
      Votes
      5
      Posts
      184
      Views

      D

      @werter

      непрозрачный, с авторизацией по ip и учетным записям. на время настройки авторизация отключена

    • F

      pfBlockerNG-deve + Squid transparente + LightSquid

      Portuguese
      • pfblockerng squid lightsquid • • Fábio Abreu
      1
      0
      Votes
      1
      Posts
      171
      Views

      No one has replied

    • J

      C-ICAP não funciona no pfSense 2.4.4-3 (amd64).

      Portuguese
      • icap c-icap clamav squid squidguard • • jcocristian
      1
      0
      Votes
      1
      Posts
      392
      Views

      No one has replied

    • pozoleroP

      Problema Pfsense y Whatsapp

      Español
      • whatsapp alias squid squidguard • • pozolero
      15
      0
      Votes
      15
      Posts
      5040
      Views

      R

      En caso de que alguien aun no logro resolver el inconveniente aquí dejo el enlace con la información facebook suministra para permitir el filtro por proxy

      https://developers.facebook.com/docs/whatsapp/guides/network-requirements/?locale=es_ES

    • R

      user based ACL

      Captive Portal
      • squid pfsense captive portal • • remrem76
      1
      0
      Votes
      1
      Posts
      160
      Views

      No one has replied

    • E

      Squid URL based proxy with port redirects

      Cache/Proxy
      • squid url port port forward • • eds89
      1
      0
      Votes
      1
      Posts
      203
      Views

      No one has replied

    • Z

      Squid MITM: How to retrieve decrypted data?

      Cache/Proxy
      • squid mitm man-in-the-midd tls ssl • • zll
      5
      0
      Votes
      5
      Posts
      763
      Views

      Z

      Thanks for the info. Astounding is what this is. :-)

    • P

      Squid ClamAV antivirus not working properly

      Cache/Proxy
      • squid clamav antivirus • • pimmes111
      14
      0
      Votes
      14
      Posts
      4690
      Views

      A

      My problem with this is the need of a whitelist. I curruntly don't know how to have something like "whitelist all except blacklist and pages scaned with a virus" I don't use squidguard but PFBLockerng-devel witch is in my opinion better.
      It should be a regex like ^.* minus blacklist but I don't see anything on how to do this properly.

      I have a thread about this: https://forum.netgate.com/topic/175557/squid-clamav-mitm-custom-setting?_=1667128733894

    • B

      Repositorio não oficial não aparece

      Portuguese
      • repositorio s squid naooficial • • baguncassp
      3
      0
      Votes
      3
      Posts
      239
      Views

      B

      @obmor said in Repositorio não oficial não aparece:

      @baguncassp siga este tutorial, comigo deu certo no pfsense 2.4.4

      https://forum.netgate.com/topic/136730/aplicar-patch-para-usar-e2guardian-5-em-pfsense-2-4-4/2?fbclid=IwAR1WmexowP8hxVx5gQD_t-aXzcFCt3vpsfz-spQnGfqChwk_-iUX_DuyHyM

      Muito obrigado @obmor deu certinho.

    • A

      Problema com o Squid + HTTPS/SSL interception consumindo toda a memória

      Portuguese
      • squid squidguard http https • • alesilvam
      7
      1
      Votes
      7
      Posts
      581
      Views

      A

      Durante o monitoramento percebi que o Squid precisava ser reiniciado mais de uma vez ao dia, acrescentei mais dois horários e também alterei o path do cron para utilizar a rotina padrão do Squid.

      00 10 * * * root /usr/local/etc/rc.d/squid.sh restart
      00 13 * * * root /usr/local/etc/rc.d/squid.sh restart
      00 16 * * * root /usr/local/etc/rc.d/squid.sh restart

      O reinício é rápido e até o momento ninguém reclamou de queda, pelo que tenho percebido afeta somente o acesso a sites, a conferência que era a minha maior preocupação continua funcionando normalmente durante a execução da rotina.

      O que acho mais estranho é que temos uns 200 dispositivos conectados em nossa rede ( Ethernet e Wi-Fi ) e já ouvi pessoas reclamando do mesmo problema com 1200 dispositivos na rede.

    • A

      Problem with Squid + HTTPS/SSL interception consuming all memory

      Cache/Proxy
      • squid https ssl squid pfsense firewal squidguard • • alesilvam
      8
      0
      Votes
      8
      Posts
      1500
      Views

      B

      All..... The script came from user Remzej. I have it on a cron job to check every 5 minutes (we are a busy proxy environment)...

      */2 * * * * root /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/monitor_memory_usage.php

      #!/usr/local/bin/php-cgi -f
      <?php
      /*

      monitor_memory_usage.php

      part of pfSense (https://www.pfsense.org)

      Copyright (c) 2011-2015 Rubicon Communications, LLC (Netgate)

      All rights reserved.

      Licensed under the Apache License, Version 2.0 (the "License");

      you may not use this file except in compliance with the License.

      You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

      Unless required by applicable law or agreed to in writing, software

      distributed under the License is distributed on an "AS IS" BASIS,

      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

      See the License for the specific language governing permissions and

      limitations under the License.
      */
      require_once('config.inc');
      require_once('util.inc');
      require_once('squid.inc');
      global $config;

      // Monitor memory usage by remzej
      // Get SWAP usage funtion
      function swap_usage() {
      exec("/usr/sbin/swapinfo", $swap_info);
      $swap_used = "";
      foreach ($swap_info as $line) {
      if (preg_match('/(\d+)%$/', $line, $matches)) {
      $swap_used = $matches[1];
      break;
      }
      }
      return $swap_used;
      }

      // Get memory usage function
      function mem_usage() {
      $memory = "";
      exec("/sbin/sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_inactive_count " .
      "vm.stats.vm.v_cache_count vm.stats.vm.v_free_count", $memory);

      $totalMem = $memory[0]; $availMem = $memory[1] + $memory[2] + $memory[3]; $usedMem = $totalMem - $availMem; $memUsage = round(($usedMem * 100) / $totalMem, 0); return $memUsage;

      }

      // Get memory and SWAP usage value
      $memusage_pct = mem_usage();
      $swapusage_pct = swap_usage();

      // Display memory usage
      echo "Memory Usage: " . $memusage_pct . "%" . PHP_EOL;
      echo "SWAP Usage: " . $swapusage_pct . "%" . PHP_EOL;

      // If memory usage is above 90%, stop and restart squid services.
      if (($memusage_pct > 90) or ($swapusage_pct > 80)) {
      squid_stop_monitor();
      if (is_service_running('squid')) {
      stop_service("squid");
      }
      squid_restart_services();
      log_error(gettext(sprintf("[squid] Memory usage is $memusage_pct percent, Swap Usage is $swap_usage percent, stopping and restarting services.")));
      }
      log_error(gettext(sprintf("[squid] Memory usage is $memusage_pct percent and Swap Usage is $swapusage_pct")));
      ?>

    • R

      Help Needed setting up SquidGuard!

      pfSense Packages
      • squid squidguard squid squidguar pfsense firewal firewall • • rey149
      2
      0
      Votes
      2
      Posts
      437
      Views

      ghostshellG

      There are many how to's on the youtube and interwebs. Here is one I have saved

      https://www.youtube.com/watch?v=W2gy1bLHm5o

      Skip the pfsense install part as it goes through the whole process from pfsense setup to squid, to squidguard, and lightsquid. Squidguard itself is not hard to setup once you have setup you squid transparent proxy which is basically enabling squid, checking transparent proxy, settings caches and that's it for squid then switch to squidguard and configure it. I have squid setup as an HAVP sine it is built into the squid package now and not a separate package before 2.3. Overall there is are many video and guides with pictures to assist in setting up or helping troubleshoot pieces of pfsense you need help with when you google for it such as in your case "pfsense squidguard setup". Don't hesitate you use your Googlefu.