Squid on pfSense 2.3

After upgrading to pfSense 2.3 it was evident that squid just wasn’t working.

It’s now working fine after….

Stopping the service. Clearing the squid folder under /var/squid.

And then…

Setting authentication to local – which didn’t work when the correct username and passwords were entered.
And then setting auth back to none – Bingo, we can get through squid.

Using vHosts on pfSense

My way of using vHhosts on pfSense involves Squid reverse proxy, DNS and vHosts.

Make sure you’ve got the Squid3 and vHosts packages installed.

adminaccess
Admin Access

First, the pfSense web gui should be on a port other than 80 or 443. This should be done as a matter of course anyway (use https on port 8443 maybe).

Squid

We need to play around with the Squid Reverse Proxy settings.

Make sure Enable HTTP Reverse Proxy is ticked, and the Reverse HTTP Port is set to 80. Do the same for HTTPS on port 443 if you need to.

reverseproxyserver
Squid Peers

Peer server

Now move over to the Web Servers tab, and add a new web server (A Peer). We are going to add a reference to the pfSense box – where the vHosts server is running. We are telling squid that there is a peer server names pfSense running on localhost (127.0.0.1) and listening at port 10081.

Mapping

mapping
Mapping

Choose the Mappings tab and add a new mapping. We are telling squid, that when it receives a request for a particular URI, to forward that request on to another server. Choose whatever you want for the Group Name and Group Description. From the Peers list, chose the peer server we defined above. In the lower URI’s section, enter the address of the web pages you want to host (eg. test.yourdomain.com), this will correspond with each vHost we define later.

vHosts

So now we create a vHost for each site we will be hosting. Add a new vHosts with the Host name being a URI we entered earlier. The IP Address will be 127.0.0.1. Port will be 10081 as we defined earlier in the Squid Peers section. Set Enabled to true and enter a description if you want.

DNS

Whichever DNS system you are using, you will need to add an entry for the URI’s for each vHost to hit your pfSense host box.

Finally

To make sure everything is updated, restart your Squid and vHost services. Point your browser to on of the sites you’ve defined and things should work…. they did for me.

Checking and securing is down to you..