Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    {inet} > [Squid Proxy (Parent)] > [HAVP] > {clients} 403 forbidden error

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfSense2User
      last edited by

      Hello everyone, I'm a first time pfSense user, first time on here, and I am having problems with the squid package and the HAVP running with squid proxy.  The follwing scheme I am using for the HAVP and Squid Proxy is in the title: {inet} > [Squid Proxy (Parent)] > [HAVP] > {clients} with Squid Proxy as the Parent proxy.

      I have followed the instructions for that scheme:
      Proxy Server:
      Transparent: Off/Unchecked
      Disable X-Forward: Unchecked
      Disable VIA: Unchecked
      Port #: 3128

      HAVP:
      Proxy type: Transparent
      Parent Proxy (upstream): LAN IP Address (10.0.0.1:3128)
      Forward IP Address: On/Checked
      Port #: 3125

      With this scheme, I get the following error:

      Request denied by pfSense proxy: 403 Forbidden
      Reason:
      –------------------------------------------------------------------------------
      Client address: 10.0.0.1
      Client name: pfsense.localdomain
      Client group: default
      Target group: none
      URL: http://whatever.net/

      Note: whatever.net is not an actual website (doesn't exist), I only typed that in to test the Squid Proxy

      Do I need to add certain custom commands for the squid to make it work?

      I tried this in the custom rules in the Proxy Server, and only got an invalid request error (HAVP screen):

      acl all src 0.0.0.0/0.0.0.0

      cache_peer 127.0.0.1 parent 3125 0 no-query no-digest no-netdb-exchange default

      cache_peer_access 127.0.0.1 allow all

      #Only http traffic can be scanned
      acl Scan_HTTP proto HTTP
      never_direct allow Scan_HTTP

      With the {inet} > HAVP (Parent) > Squid Proxy > {clients}, it works, but I like to use HAVP to scan for viruses on web sites and Squid Proxy for DNS or connection time outs.

      Here are the following packages I have installed:
      squid (version 2.79)
      squid3 (in beta)
      SquidGuard3 (requires Squid3)
      HAVP

      What could be causing the problem?  I might as well remove all of the packages and reinstall squid (version 2.79), SquidGuard (requires squid v 2.x), and HAVP, and not install SquidGuard3 or Squid3 for testing purposes.

      The scheme I am using did work before I installed squid3 and restarted the pfSense Firewall.

      The version I am running is pfSense 2.1-RC0-i386 since I am going to deploy IPv6 in my network and hook up my router to the secondary LAN since I wanted to test IPv6 and use HE as my IPv6 functionality, or my ISP (Comcast/Xfinity)

      Edit: I removed all of the packages, and re-installed squid 2.7 Stable 9, installed SquidGuard 1.4.4 beta, and the HAVP, and I was surprised that both squid and HAVP still had the settings I had.  I might wait a few hours to check and see if the problem went away.

      I figured out what it was.  It wasn't a problem, just forgot about the SquidGuard was being used for testing, but used the IP address 10.0.0.1 instead of the client's IP address (ex. 10.0.0.2)  Didn't realize that SquidGuard was blocking sites that were blocked by category.  Never mind…  I get used to IPCop's, and Smoothwall's URLFilter since it uses the Access Denied while pfSense uses the ye olde 403 Forbidden for blocking web sites...

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.