• 0 Votes
    20 Posts
    3k Views
    S
    The same thing hit me when upgrading to 25.07.1 this morning. I moved libc++.so.1 to /root and squid started normally. When I was experiencing the issue it looked like this in my system log: /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules. /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules. /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules. sshd[12272]: error: connect_to [interface_to_listen_on] port 3128: failed. Squid_Alarm[34120]: Squid has exited. Reconfiguring filter. Squid_Alarm[35230]: Attempting restart... The sshd error is from my ssh connection where I tunnel my websurfing to my home router. Since squid wasn't listening on the specified port sshd could not make the connection. All well now.
  • Unable to run squid proxy server after upgrading from 2.7.2 to 2.8.0

    5
    0 Votes
    5 Posts
    2k Views
    Y
    You can run via SSH or Diagnostics -> Command prompt squid -k parse and paste output here.
  • Squidguard problem after upgrading from version 2.7.2 to version 2.8.0

    Moved
    33
    0 Votes
    33 Posts
    1k Views
    JonathanLeeJ
    @firefox I don’t think so, to be honest with you I am on an older version also. Just make sure you do the patch package and install all the system patches.
  • HAProxy for User Control Panel (UCP) on freepbx

    haproxy freepbx
    5
    0 Votes
    5 Posts
    2k Views
    J
    @qupfer What did I bang my head over this strange 502 issue. Your solution did it! Thank you so much, even 2.5 years later!
  • Squid 6.12_1 Failed to decode EC parameters

    3
    1 Votes
    3 Posts
    394 Views
    JonathanLeeJ
    Request for Continued Support of Squid Package Dear Netgate Team, Could we please continue to support the Squid package? The upstream project has already resolved the known security issues, and it appears the main task remaining is updating the package to accommodate the recent PHP changes affecting the status page and address the decode issue. I’m unsure how to address this on my end and would greatly appreciate any guidance. Has anyone else looked into this, or is there a fix currently in progress? Thank you for your time and support. Jonathan Lee
  • haproxy 0.63_2 weird behavior, edits not working

    5
    0 Votes
    5 Posts
    820 Views
    I
    @andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.
  • HAProxy backend port changes are not applied

    17
    3 Votes
    17 Posts
    2k Views
    A
    @nick23369 You don't have to wait for the official fix. Adding the directive load-server-state-from-file none to each backend will override the default behavior and makes HAProxy backend changes take effect immediately. This is the easiest - do it one time and it's done. You can also stop HAProxy, delete run rm /tmp/haproxy_server_state from Diagnostic > Command Prompt, and then start HAProxy. There is no problem with HAProxy, it just takes some extra work to make negate the hardcoded config settings and make backend changes apply immediately without having to reboot pfSense.
  • HAProxy Seems to Forward to wrong Backend Port

    10
    0 Votes
    10 Posts
    3k Views
    P
    Hi Andrew, thanks for the tip. I forgot reply here. In our case, the problem was the hardware. Since 2013 I use the same hardware an Athlon LE-1620(1 Core) with 2GB. Some months ago, we created an app with many HAProxy rules and the access is growing. We bought one fanless with Intel J6426 and 8GB and now it´s work fine.
  • HaProxy wrong backend

    3
    0 Votes
    3 Posts
    359 Views
    A
    @andrew_cb Thank you for the answer In the end it was a problem that any new backend i added just did not register, i confirm it by taking an existing one and overriding it and it worked so i want the nuclear option and just installed the entire pfsense because installing the haproxy did not help.
  • HAProxy Port Redirect Internal

    28
    0 Votes
    28 Posts
    805 Views
    S
    @viragomann Thank you, I had that a bit flipped in my mind!
  • HA-Proxy, how to set correctly a shared fronted with Offloading and TCP

    4
    0 Votes
    4 Posts
    783 Views
    A
    @BelluX The Shared-Frontends message is because you have two different frontends configured that are listening on the same IP address and port. To resolve this error, you must choose the option Shared Frontend on the second frontend. However, if you do this, HAProxy will give an error that all shared frontends must be of the same type (you cannot mix http/https (offloading) with ssl/https (TCP mode). This is how I set up HAProxy to support mixed offloading and passthrough: Create a Backend called tcp_to_https which goes to server 127.0.0.1:4443 and Encrypt(SSL) is set to No. Create a Frontend called SSL_Termination that listens on port 4443. Enable SSL Offloading. Add all your ACLs and Actions like normal. Create a Frontend called SSL_Passthrough that listens on port 443 but do not enable SSL Offloading. Set it to ssl / https (TCP mode). Add ACLs using Server Name Indication TLS extension ends with for the hostnames that you want to pass through directly to the backends. Set the Default Backend to tcp_to_https. The way this works is HAProxy receives the request, it checks if the SNI matches the ACLs, and passes it through directly to the backends without performing SSL offloading. Otherwise, it passes the request to the default backend tcp_to_https, which connects to the frontend SSL_Termination, where the connections are processed a second time, this time performing SSL offloading.
  • not update new config port in server list backend haproxy pfsense

    2
    0 Votes
    2 Posts
    657 Views
    A
    @mojtaba-key For anyone reading this, the issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ The solution is to add load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend.
  • HAProxy fails a backend as DOWN even when check is disabled

    3
    0 Votes
    3 Posts
    573 Views
    A
    @NickyDoes The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend.
  • pfSense to support true dynamic server-template ?

    1
    0 Votes
    1 Posts
    55 Views
    No one has replied
  • 0 Votes
    3 Posts
    366 Views
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.
  • HaProxy ip alias dropdown ?

    1
    0 Votes
    1 Posts
    210 Views
    No one has replied
  • 1 Votes
    10 Posts
    2k Views
    JonathanLeeJ
    @JonathanLee said in UNOFFICIAL GUIDE: Have Package Logs Record to a secondary SSD drive Snort Syslog Squid and or Squid cache system: ln -s -F /nvme/LOGS_Optane/snort /var/log/snort Also you can do this with suricata. /var/log/suricata remove this mkdir /nvme/LOGS_Optane/suricata ln -s -F /nvme/LOGS_Optane/suricata /var/log/suricata
  • HAProxy Cookie Persistance SameSite

    1
    0 Votes
    1 Posts
    195 Views
    No one has replied
  • 0 Votes
    18 Posts
    2k Views
    JonathanLeeJ
    This is a better WPAD file server.modules = ( "mod_access", "mod_staticfile", "mod_expire", "mod_setenv" ) server.document-root = "/var/www/html" server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 server.bind = "192.168.1.6" server.tag = "" server.range-requests = "disable" server.max-connections = 10 connect-timeout = 2 server.max-keep-alive-idle = 2 server.max-keep-alive-requests = 1 server.max-read-idle = 2 server.max-write-idle = 2 dir-listing = "disable" $HTTP["request-method"] =~ "^(TRACE|TRACK)$" { url.access-deny = ( "" ) } # Cache WPAD and proxy PAC files for 1 day (good practice) expire.url = ( "/wpad.dat" => "access plus 1 day", "/proxy.pac" => "access plus 1 day" ) # Disable access logs to reduce SD card wear (optional) accesslog = "" $HTTP["url"] =~ "^/(wpad\.dat|proxy\.pac)$" { setenv.add-response-header = ( "X-Content-Type-Options" => "nosniff", "X-Frame-Options" => "DENY", "Content-Security-Policy" => "default-src 'none';", "Cache-Control" => "public, max-age=86400", "Referrer-Policy" => "no-referrer", "X-Download-Options" => "noopen", "X-Permitted-Cross-Domain-Policies" => "none" ) # Allow only GET and HEAD methods $HTTP["request-method"] !~ "^(GET|HEAD)$" { url.access-deny = ( "" ) } # Restrict access by IP subnets $HTTP["remoteip"] == "192.168.1.0/27" { } else $HTTP["remoteip"] == "2001:470:8052:a::/64" { } else { url.access-deny = ( "" ) } } # Deny all other URL requests $HTTP["url"] !~ "^/(wpad\.dat|proxy\.pac)$" { url.access-deny = ( "" ) } # Strict URL parsing for security and consistency server.http-parseopts = ( "header-strict" => "enable", "host-strict" => "enable", "host-normalize" => "enable", "url-normalize-unreserved"=> "enable", "url-normalize-required" => "enable", "url-ctrls-reject" => "enable", "url-path-2f-decode" => "disable", "url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "disable", "url-path-dotseg-reject" => "enable", ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) # Add WPAD MIME type for correct browser handling mimetype.assign = ( ".dat" => "application/x-ns-proxy-autoconfig", ".pac" => "application/x-ns-proxy-autoconfig" )
  • Squid has officially released 7.0.2 beta if anyone wants to test

    6
    0 Votes
    6 Posts
    565 Views
    JonathanLeeJ
    @brcuewayne DiagnosticsCommand Prompt Shell Output - ls -l /usr/local/sbin/dhcpleases6 ls: /usr/local/sbin/dhcpleases6: No such file or directory Execute Shell Command
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.