Squid3 - New GUI with sync, normal and reverse proxy

Hobby-Student

@Truster:

Hi Hobby-Student.

i tried this this already. Also a coworker has checked the IIS configuration. Nothing found. The problem only occur if the connection is forwared through the proxy. a direct-connection to the iis enabeld site works.

Best regards
Dave

I do have a similar Setups. Exchange-Server (2007, 2010) behind pfsense with squid as reverse proxy. For me the only thing breaking attachments was the IIS default configuration.

Am I reading right, that attachments work through squid, except larger files? (you mentioned 8MB)
It's working from the outside,if squid is not active? (direct connection from the outside to the Exchange)

Truster

Hi hobby-student,

thats right, if i create a nat rule for webmail.contoso.com, port  443 and forward it to the  target address 192.168.0.10, owa works with large attachement
if i enable the reverse proxy (all enabled) i can only attach 1-2kb files

im using iis7 and iis8 in different setups.

Hobby-Student

@Truster:

Hi hobby-student,

thats right, if i create a nat rule for webmail.contoso.com, port  443 and forward it to the  target address 192.168.0.10, owa works with large attachement
if i enable the reverse proxy (all enabled) i can only attach 1-2kb files

im using iis7 and iis8 in different setups.

that sounds weird… did you use something like

With the following command you can change the value (in this case 10MB):
C:\Windows\System32\inetsrv\appcmd.exe set config -section:system.webServer/serverRuntime /uploadReadAheadSize:"10485760" /commit:apphost

C:\Windows\System32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/serverRuntime /uploadReadAheadSize:"10485760" /commit:apphost

Truster

No, hobby-student, but i did some future investigations and my conclusion is: maybe a bug in IIS 8
i did the following tests
pfsense reverse proxy, behind an iis7 (server 2008r2) with exchange 2010 sp3 UR2: It works 
pfsense reverse proxy, behind an iis8 (server 2012) with exchange 2010 sp3 UR2: It doesn't work with safari/firefox/chrome. No problems wih IE…. grrr

so i think its not the pfsense....

Hobby-Student

@Truster:

No, hobby-student, but i did some future investigations and my conclusion is: maybe a bug in IIS 8
i did the following tests
pfsense reverse proxy, behind an iis7 (server 2008r2) with exchange 2010 sp3 UR2: It works 
pfsense reverse proxy, behind an iis8 (server 2012) with exchange 2010 sp3 UR2: It doesn't work with safari/firefox/chrome. No problems wih IE…. grrr

so i think its not the pfsense....

that's what i meant. it's an IIS thing… with non-IE Browsers it's invoking other stuff, so an IIS setting could be the problem.

mromero

@marcelloc:

Squid3-dev has it's own forum topic.

Can you point me to the Forum Topic?

TheNetStriker

@marcelloc:

@TheNetStriker:

I've added a new page to configure additional ports and added a configuration for client certificates.

I'm doing it on web servers page but I'll take a look on your code and see how can I merge it with my current uncommitted code.

Thanks for your code contribution.  :)

Could you already take a look at my code changes? (https://github.com/TheNetStriker/pfsense-packages/commit/7d926f3d44cee817475c20bde44fe6471bab4ba7)

dld121

@marcelloc:

Squid3-dev has it's own forum topic.

I have looked for it… and I can't find it.

Could you please post a link to it here?

nesense

Hi, there is a mistake in the URL used for dynamic caching under Windows Update, this is the wrong line:

refresh_pattern -i my.windowsupdate.website.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

it should be

refresh_pattern -i windows.com/.*.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

stanthewizard

Installed 3.3.10

Huge issue

OWA not working anymore

and mixed website

I reset the entire settings the more webserver and mappings I'm adding the messier it gets

marcelloc

@nesense:

Hi, there is a mistake in the URL used for dynamic caching under Windows Update, this is the wrong line:

fixed. Thanks for your contribution.

postduif

I've just installed pfSense 2.1.1 and Transparent SSL is no longer working… The certificates squid provides are no longer trusted.

edanpedragosa

@postduif:

I've just installed pfSense 2.1.1 and Transparent SSL is no longer working… The certificates squid provides are no longer trusted.

I'm having the same problem with this.

It happened even before I updated to 2.1.1, the SSL filtering went off after I updated the Squid3-Dev yesterday.

Any fix? Thanks in advance!

edanpedragosa

Any fix for this? Bumping up thread…

thanks in advance!

bellera

https://forum.pfsense.org/index.php?topic=62256.msg407762#msg407762

edanpedragosa

Got it working again.

Here's what I did:

1. stopped squid
squid -k shutdown

2. Cleared the squid cache
mv /var/squid/cache /var/squid/cachebu

3. Regenerate it (takes some time to complete)
squid -z

4. Rebooted the machine

5. Cleaned up a bit
rm -rf /var/squid/cachebu

At first, squid and squidguard does not want to start but after the cache were cleaned up and regenerated, everything's back to normal… I hope...

and yes, this addition worked a treat:

always_direct allow all
ssl_bump server-first all

bellera

If you have squidGuard-squid3 you will need this patch also:

https://forum.pfsense.org/index.php?topic=73640.msg402286#msg402286

edanpedragosa

Thanks for pointing that out….

I'll wait for the official fix from the developer so I won't mess up a lot.

I'm happy that it's working for now until the next update happens...

Thanks a lot!

ha11oga11o

Yeah guys you are talking about lots of commands and advance things which we n00bs dont understand and dont know how to do.

let se,

i updated it to 2.1.1 everything work fine except squid3. Process start then stop, then start,… in the loop. - i removed it.

After few days i saw pfblocker just stop to work and no rules on firewall. I tried to reinstall it - no joy.

Ther i roll back to 2.1 and everything works but squid3 wont to install. Probably i have cache issue, but dont know how to fix it. So i just give up. I hope, i really hope it will be updated so we mortals can just click and install it without problems.

When im truing to install it on old 2.1 i got this

Beginning package installation for squid3 .
Downloading package configuration file... done.
Saving updated package information... done.
Downloading squid3 and its dependencies...
Checking for package installation...
Downloading https://files.pfsense.org/packages/amd64/8/All/squid-3.1.22_1-amd64.pbi ...  (extracting)
Loading package configuration... done.
Configuring package components...
Additional files... squid.inc failed.
Backing up libraries...
Removing package...
Starting package deletion for squid-3.1.22_1-amd64...done.
Removing squid3 components...
Tabs items... done.
Menu items... done.
Services... done.
Loading package instructions...
Include file squid.inc could not be found for inclusion.
Deinstall commands...
Not executing custom deinstall hook because an include is missing.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... done.
Failed to install package.

Installation halted.

I really dont dare to touch anything anymore, but i must give up of new pfsense version and squid3 now.

Many thnx for all good work in past and future. It really helps. Im waiting for new wersion which will fix this issues.

Cheers :)

Cino

I was able to get clamav to work on my 2.1.2 i386 box with pretty much no issues. a couple of things:

1: Can an option be added to the package to setup a schedule to run freshclam to update the db? The db on my box was from 2012. Manually running it updated the db

2: I dont know if this will work for everyone but I copied clwarn.cgi to /usr/local/www and was able to call it by updating this option in the squidclamav.conf file:

# When a virus is found then redirect the user to this URL
redirect https://pfsense/clwarn.cgi

Works pretty good!