@@ -1734,3 +1734,211 @@ In this attempt, I tried to visit google. In this case lan dns could not provide
17341734An HTML attachment was scrubbed...
17351735URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20260113/9378bbe7/attachment.htm>
17361736
1737+ From ben.goz87 at gmail.com Tue Jan 13 12:45:30 2026
1738+ From: ben.goz87 at gmail.com (Ben Goz)
1739+ Date: Tue, 13 Jan 2026 14:45:30 +0200
1740+ Subject: [squid-users] Squid integration with Netskope forward to proxy
1741+ In-Reply-To: <02fb7c5d-1f96-4e21-aee6-f19d8ba92227@treenet.co.nz>
1742+ References: <CADAqQfwgPPK-qEFjp8kJzn30GqyKTpefLmA8xm0S76eqQuab4A@mail.gmail.com>
1743+ <aWS0bVL4_t0a26gP@fantomas.sk>
1744+ <02fb7c5d-1f96-4e21-aee6-f19d8ba92227@treenet.co.nz>
1745+ Message-ID: <CADAqQfw=rF2NBtTNPvADZbLPh7wNL5i-xsLLnPJbLmJTDBCWzw@mail.gmail.com>
1746+
1747+ Hi Amos,
1748+ I'm using ssl-bump it's cooperate with https_port?
1749+
1750+ ??????? ??? ??, 12 ????? 2026 ?-19:12 ??? ?Amos Jeffries?? <?
1751+ squid3 at treenet.co.nz??>:?
1752+
1753+ > On 12/01/2026 21:44, Matus UHLAR - fantomas wrote:
1754+ > > On 11.01.26 16:58, Ben Goz wrote:
1755+ > >> My customer netskope cloud configures forward to proxy to my squid
1756+ > proxy.
1757+ > >> The forwarding works only if Netskope's ssl decryption disabled, If ssl
1758+ > >> decryption enabled
1759+ > >> I can't see in the access log the traffic forwards to squid from
1760+ > >> Netskope.
1761+ > >>
1762+ > >> I suspect that Netskope forwards encrypted data to squid but I'm not
1763+ > sure
1764+ > >> that is the case because the Connect request is never encrypted and I
1765+ > >> don't
1766+ > >> see it on the access log.
1767+ > >
1768+ > >
1769+ > >> Anyones know how Netskope and squid can work together without disabling
1770+ > >> Netskope decryption (MITM)?
1771+ > >
1772+ > > This is completely issue of netskope proxy.
1773+ > >
1774+ > > If netskope proxy decides to forward or not to forward request to squid,
1775+ > > squid can't do anything with it.
1776+ >
1777+ >
1778+ > Nod. If there is no CONNECT tunnel request reaching Squid then it is not
1779+ > being forwarded in the classical "over-HTTP" way.
1780+ >
1781+ > I would check to see what is happening on port 443 when the traffic is
1782+ > "forwarded". HTTPS may actually be routed rather than relayed/proxied.
1783+ > Or perhapse it is being sent to some other port number, though how to
1784+ > find that may require asking your customer or Netskope directly for more
1785+ > details on how it is setup there.
1786+ >
1787+ >
1788+ > FWIW, Squid can receive HTTPS/443 traffic fine. Just use "https_port"
1789+ > (note the 's') to receive it instead of the regular HTTP port, and will
1790+ > need a SSL server certificate (can be self-signed) for your Squid which
1791+ > the customer software trusts.
1792+ >
1793+ >
1794+ > HTH
1795+ > Amos
1796+ >
1797+ > _______________________________________________
1798+ > squid-users mailing list
1799+ > squid-users at lists.squid-cache.org
1800+ > https://lists.squid-cache.org/listinfo/squid-users
1801+ >
1802+ -------------- next part --------------
1803+ An HTML attachment was scrubbed...
1804+ URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20260113/86790dfa/attachment.htm>
1805+
1806+ From jonathanlee571 at gmail.com Mon Jan 12 23:04:26 2026
1807+ From: jonathanlee571 at gmail.com (Jonathan Lee)
1808+ Date: Mon, 12 Jan 2026 15:04:26 -0800
1809+ Subject: [squid-users] Cache pfSense fix
1810+ In-Reply-To: <F20BED64-EBE4-4559-B8C5-1C207283FED3@gmail.com>
1811+ References: <b5496a0e-7587-4618-9d90-76d302ce39cf@treenet.co.nz>
1812+ <F20BED64-EBE4-4559-B8C5-1C207283FED3@gmail.com>
1813+ Message-ID: <CD283EB6-3252-4A18-8D3E-E65F86F93D8C@gmail.com>
1814+
1815+ I think I did this correctly
1816+
1817+ https://github.com/squid-cache/squid-cache.github.io/pull/45?
1818+ Add pfSense NVMe cache overlay documentation by JonathanDLee24 ? Pull Request #45 ? squid-cache/squid-cache.github.io
1819+ github.com
1820+
1821+ > On Jan 12, 2026, at 14:02, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
1822+ >
1823+ > Sure thing I have a better version to add to it
1824+ > Sent from my iPhone
1825+ >
1826+ >> On Jan 12, 2026, at 08:51, Amos Jeffries <squid3 at treenet.co.nz> wrote:
1827+ >>
1828+ >> ?Nice. Thank you.
1829+ >>
1830+ >> Would you mind adding this to the Squid wiki?
1831+ >>
1832+ >> IMO it should go as a new file in this part of the wiki repository:
1833+ >> <https://github.com/squid-cache/squid-cache.github.io/tree/main/docs/ConfigExamples/Caching>
1834+ >>
1835+ >> (you can use the existing WindowsUpdates page there as an example/template layout to match the rest of the ConfigExamples section).
1836+ >>
1837+ >>
1838+ >>
1839+ >> Cheers
1840+ >> Amos
1841+ >>
1842+ >>> On 10/01/2026 09:07, Jonathan Lee wrote:
1843+ >>> Great find
1844+ >>> pfSense Squid Cache on NVMe (Persistent Across Reboots)
1845+ >>> ======================================================
1846+ >>> Goal:
1847+ >>> -----
1848+ >>> Use an existing directory on an already-mounted NVMe drive
1849+ >>> as Squid?s cache, while satisfying pfSense?s requirement
1850+ >>> that the cache live under /var/squid.
1851+ >>> This method:
1852+ >>> - Works across reboots
1853+ >>> - Survives pfSense & Squid upgrades
1854+ >>> - Does NOT use symlinks (which do not work)
1855+ >>> - Does NOT destroy existing data on the drive
1856+ >>> --------------------------------------------------------
1857+ >>> Prerequisites:
1858+ >>> --------------
1859+ >>> - NVMe drive already mounted (example: /nvme)
1860+ >>> - Existing cache directory on the drive:
1861+ >>> /nvme/LOGS_Optane/Squid_Cache
1862+ >>> - Squid package installed
1863+ >>> --------------------------------------------------------
1864+ >>> Step 1: Create the mount point under /var/squid
1865+ >>> ------------------------------------------------
1866+ >>> (Only creates an empty directory if it doesn?t exist)
1867+ >>> mkdir -p /var/squid/cache
1868+ >>> --------------------------------------------------------
1869+ >>> Step 2: Bind-mount (nullfs) the existing directory
1870+ >>> --------------------------------------------------
1871+ >>> (This makes the NVMe directory appear inside /var/squid)
1872+ >>> mount_nullfs /nvme/LOGS_Optane/Squid_Cache /var/squid/cache
1873+ >>> NOTE:
1874+ >>> - No data is moved or copied
1875+ >>> - Existing cache contents are used directly
1876+ >>> --------------------------------------------------------
1877+ >>> Step 3: Make the mount persistent (IMPORTANT)
1878+ >>> ------------------------------------------------
1879+ >>> pfSense GUI:
1880+ >>> 1. Go to:
1881+ >>> System ? Advanced ? fstab
1882+ >>> 2. Click "Add"
1883+ >>> 3. Set the following:
1884+ >>> - Type: nullfs
1885+ >>> - Device: /nvme/LOGS_Optane/Squid_Cache
1886+ >>> - Mount point: /var/squid/cache
1887+ >>> - Options: rw
1888+ >>> 4. Save
1889+ >>> 5. Apply Changes
1890+ >>> --------------------------------------------------------
1891+ >>> Step 4: Configure Squid to use the new path
1892+ >>> -------------------------------------------
1893+ >>> pfSense GUI:
1894+ >>> Services ? Squid Proxy Server ? Local Cache
1895+ >>> Set:
1896+ >>> Cache directory:
1897+ >>> /var/squid/cache
1898+ >>> Save and restart Squid.
1899+ >>> --------------------------------------------------------
1900+ >>> Step 5: Verify
1901+ >>> --------------
1902+ >>> Check that the mount is active:
1903+ >>> df -h | grep squid
1904+ >>> mount | grep nullfs
1905+ >>> You should see the NVMe filesystem mounted at:
1906+ >>> /var/squid/cache
1907+ >>> --------------------------------------------------------
1908+ >>> Behavior After Reboot:
1909+ >>> ----------------------
1910+ >>> - Mount persists across reboots
1911+ >>> - pfSense package manager no longer complains
1912+ >>> - Squid cache cleanup works normally
1913+ >>> - No manual remounting required
1914+ >>> --------------------------------------------------------
1915+ >>> Important Notes:
1916+ >>> ----------------
1917+ >>> - Symlinks do NOT work (pfSense resolves real paths)
1918+ >>> - nullfs is the correct and supported workaround
1919+ >>> - MSDOS/FAT filesystems work but are not ideal long-term
1920+ >>> - UFS or ZFS is recommended if you ever reformat
1921+ >>> --------------------------------------------------------
1922+ >>> End of file
1923+ >>> Sent from my iPhone
1924+ >>> _______________________________________________
1925+ >>> squid-users mailing list
1926+ >>> squid-users at lists.squid-cache.org
1927+ >>> https://lists.squid-cache.org/listinfo/squid-users
1928+ >>
1929+ >> _______________________________________________
1930+ >> squid-users mailing list
1931+ >> squid-users at lists.squid-cache.org
1932+ >> https://lists.squid-cache.org/listinfo/squid-users
1933+
1934+ -------------- next part --------------
1935+ An HTML attachment was scrubbed...
1936+ URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20260112/ff7dd0c6/attachment-0001.htm>
1937+ -------------- next part --------------
1938+ A non-text attachment was scrubbed...
1939+ Name: 45.png
1940+ Type: image/png
1941+ Size: 137279 bytes
1942+ Desc: not available
1943+ URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20260112/ff7dd0c6/attachment-0001.png>
1944+
0 commit comments