Squid3 - New GUI with sync, normal and reverse proxy


  • Banned

    @aGeekHere:

    Same issue with a reinstall (twice).

    There won't be any new update from me, sorry. Not really even sure what "same issue" are you talking about. Backup config, wipe the messed up box, reinstall, restore config and start from scratch, perhaps.



  • The "same issue" is that the link to show squid's changes in the package manger is incorrect and gives

    get 404 error

    link
    https://github.com/pfsense/pfsense-packages/commits/master/config/34

    Anyway it is only minor, Found the correct link anyway
    https://github.com/pfsense/pfsense-packages/tree/master/config/squid3/34


  • Banned

    @aGeekHere:

    The "same issue" is that the link to show squid's changes in the package manger is incorrect

    Not fixable in package, plus not really sure why it matters.



  • Hello ALL,

    Recently switched from NON-Transparent proxy to Transparent. Figured out that URL-Filter (squidGuard) doesn't work for HTTPS sites. So, even if I block all the sites in squidGuard configuration user still able to browse ANY HTTPS site (I made sure that user gets ERROR page for HTTP, so squidGurd works for NON-encrypted traffic).
    In NON-Transparent mode it DOES work and users gets regular "Unable to connect" (FireFox) or "This webpage is not available" (Chrome). I assume this is normal behavior.

    We run squid3 v0.3.1 (with clamav integrated) and squidGuard v1.9.15 on pfSense 2.2.4-RELEASE (amd64).

    1. Is it a known issue with TRANSPARENT mode? Is it possible to fix it somehow? BTW, we do NOT use SSL interception.

    2. The second question would be "Where can I get a changelog (the list of new features / fixed issues) for the latest squid3 v0.3.2?".

    Thank you in advance.



  • Hello,

    Something very doubtful is happening: every 1-2 updates completely breaks squid. It seem like it stops caching any traffic in transparent mode.
    Multiple reinstallations does not seem to fix it.

    Is it a very buggy?



  • I have found that squid gets stuck (just sits there pulling full bandwidth) with adobe cc updates,

    the error

    09.10.2015 14:17:23	192.168.1.244	TCP_CLIENT_REFRESH_MISS_ABORTED/206	http://swupdl.adobe.com/updates/oobe/aam20/win/PhotoshopCameraRaw8-8.0/9.2.89/setup.zip	-	203.213.33.73
    

    Have to disable squid in order for the update to download.



  • Squidguard didn't filter websites and clamd also stopped after update.

    Reinstalled Squid and SquidGuard, working fine now.

    Only clamav service was stopped.
    Error: Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam in background.


  • Banned

    @voxeljorz:

    Error: Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam in background.

    There was absolutely no need to reinstall the package. Antivirus cannot run without AV definitions. You simply must wait until they are downloaded. After that, you can start ClamAV. There's a log message about it, there's a GUI note about it. Not really sure what else could be done for people that lack basic understanding of things like the fact that AV without defs doesn't work.



  • If I want ClamAV to work on my pfSense box, this is the package I need to run with? Squid3 0.4.0 package
    I don't care about the reverse proxy though (not need in my situation). Do I still need this package?


  • Banned

    Could you clarify what's the purpose you want to run ClamAV for?



  • I would like ClamAV to work as a virusscanner for my clients.
    So whne they browse and stumble upon a virus it gets blocked.


  • Banned

    Well yes, then this is the package. Good luck ;)



  • Care to explain?
    ClamAV sh*t?



  • Hello all,

    I just installed pfSense in VirtualBox and it seems to be running fine.
    I needed to install a router as pfSense because I run multiple webserver and with Squid3 I am filtering based on host which is being accessed.
    Problem is that pfSense is not the first router, I have my ISP modem which also contains a router (Ziggo in Netherlands).

    The way I have set it up now is like this:

    sub.domain.com is being transferred to my ISP external IP.
    My ISP modem is sending al port 80 traffic to the pfSense WAN interface.

    Only thing what happens is that when I try to reach sub.domain.com, it is getting redirected to HTTPS and then the error that the server is taking too long to respond.
    When I edit the hostfile for my local PC to point directly to the pfSense WAN interface, it is working like it should.

    Hope you understand my question/problem, if not please ask.



  • Don't try to access local servers with their WAN/Public address from inside your network. You can make host overrides on your DNS if you must use the same URL.



  • @fragged:

    Don't try to access local servers with their WAN/Public address from inside your network. You can make host overrides on your DNS if you must use the same URL.

    I don't try to access the local server on the public IP, I added the WAN IP for the pfSense server in my hostfile to test if Squid3 is "redirecting" to the correct webserver.
    The pfSense WAN interface has a local IP since my modem is the main router and handling DHCP etc.



  • Found the problem now, redirect is not working.

    When I try to access sub.domain.com I should get redirected to sub.domain.com/web/index.html, but that is not happening.
    Instead it redirects me to https://sub.domain.com which is resulting in the "Server not responding" error.

    When I enter sub.domain.com/web/index.html from the outside network, it is working fine and I'm getting send to the correct webserver.

    I did add the redirect in Squid3, what could be the problem?

    Edit:

    Depends on the browser, Chrome keeps sending me to https even when I type the whole URL like: http://sub.domain.com/web/index.html
    Firefox only sends me to https when I try to go to sub.domain.com, when I enter the whole URL it works in Firefox.
    In MS Edge I don't get redirected to https at all.

    Above has all been tested from outside my local network.

    From my inside network (sub.domain.com is also pointed to the external ISP IP) Firefox also keeps sending me to https, even when I enter the whole url.



  • @CrisKolkman:

    Hello all,

    I just installed pfSense in VirtualBox and it seems to be running fine.
    I needed to install a router as pfSense because I run multiple webserver and with Squid3 I am filtering based on host which is being accessed.
    Problem is that pfSense is not the first router, I have my ISP modem which also contains a router (Ziggo in Netherlands).

    The way I have set it up now is like this:

    sub.domain.com is being transferred to my ISP external IP.
    My ISP modem is sending al port 80 traffic to the pfSense WAN interface.

    Only thing what happens is that when I try to reach sub.domain.com, it is getting redirected to HTTPS and then the error that the server is taking too long to respond.
    When I edit the hostfile for my local PC to point directly to the pfSense WAN interface, it is working like it should.

    Hope you understand my question/problem, if not please ask.

    Maybe off topic by why not put your Ziggo modem in bridge mode?
    I have the same setup (Ziggo as well), my Ubee EVW3226 has been setup as bridge, so it's a "modem only".
    That makes my pfSense the first router in line.



  • @Panja:

    @CrisKolkman:

    Hello all,

    I just installed pfSense in VirtualBox and it seems to be running fine.
    I needed to install a router as pfSense because I run multiple webserver and with Squid3 I am filtering based on host which is being accessed.
    Problem is that pfSense is not the first router, I have my ISP modem which also contains a router (Ziggo in Netherlands).

    The way I have set it up now is like this:

    sub.domain.com is being transferred to my ISP external IP.
    My ISP modem is sending al port 80 traffic to the pfSense WAN interface.

    Only thing what happens is that when I try to reach sub.domain.com, it is getting redirected to HTTPS and then the error that the server is taking too long to respond.
    When I edit the hostfile for my local PC to point directly to the pfSense WAN interface, it is working like it should.

    Hope you understand my question/problem, if not please ask.

    Maybe off topic by why not put your Ziggo modem in bridge mode?
    I have the same setup (Ziggo as well), my Ubee EVW3226 has been setup as bridge, so it's a "modem only".
    That makes my pfSense the first router in line.

    I do know that but the setup in my house maken that quite difficult so that's not really an option.



  • Ok, clear and understood.  8)