Force devices to squid
-
There is something I don't understand in your design :(
WPAD RFC states that "well known alias "mechanism will search for
"wpad.extension…/...your_domain.tld"
then
"wpad.your_domain.tld"
then
"wpad"
which means that both your host domain and search domain settings matter.On the other hand, service name (here wpad) is somewhat hard-coded, meaning your vhost should handle http://wpad.your_doman.tld.
Obviously, if you web server handles everything, it will work but understanding this level of detail may help you in case you deploy on another perhaps less flexible web server.Another potentially useful point:
if you configure pfSense to listen on HTTPS, then you can still have HTTP server handling wpad if you install "vhost" package ;) -
Last question I do not know if any one here can help me with I have a sony bravia smart tv and set it to use the proxy youtube app works fine but some apps and browser I get this error msg page could not be retrieved https://sony.tvstore.opera.com:84 this only happens threw proxy
-
also I think some programs have trouble threw proxy like I have filbot that looks for metadata for movies with port 80 blocked it does not seam to download unless I reopen port 80 on firewall
-
Hi I re installed squid 3 and everything is ok now accept for the tv it looks like it cant get to the domain it needs for some apps, last question in real time monitoring I do not get sites visited just the pfsense ip squid_monitor_data.php. does this mean I can not view the sites visited cos of dns rebinding?
-
the tv it looks like it cant get to the domain it needs for some apps,
So create a firewall rule above your port 80 block rule that allows specifically the TV to go out on port 80.
last question in real time monitoring I do not get sites visited just the pfsense ip
Not sure what you're looking at. That page shows you the IP address as well as the URL. Or are you saying the Address field is always blank? A screenshot would be helpful.
-
in squid real time but looks like when I disconnect the pc from proxy and go to realtime then site seam to show. and this is the last question HONESTLY I created a user in squid and selected local authentication when I try using the browser I get a box box asking for user and pass but when I enter the user and password I created in squid it does not accept it
-
That IP address is for your pfSense instance itself. Unless you have a DNS entry for it somewhere, it's only going to show the IP address because that's all it has to work with. Are you accessing the pfSense GUI via its IP address or a hostname?
No idea about your auth issues as I've never needed to password-protect the proxy. Perhaps try looking for clues in /var/squid/logs/cache.log or access.log.
-
@KOM:
That IP address is for your pfSense instance itself. Unless you have a DNS entry for it somewhere, it's only going to show the IP address because that's all it has to work with. Are you accessing the pfSense GUI via its IP address or a hostname?
No idea about your auth issues as I've never needed to password-protect the proxy. Perhaps try looking for clues in /var/squid/logs/cache.log or access.log.
I access pfsense gui by ip address, all I have in dns resolver is the wpad settings
host wpad
domain ourdomain
ip 192.168.1.1when I access real time rports from a pc that is not going threw the proxy sites name show up fine, I see that ip only from pcs that are going threw the proxy, so if I want to see the site names I just go the the pc that I accepted fort 80 for and bypassed the proxy
-
The problem of the auth I found what it was the password must be less then 8 characters long
