Cache&#x2F;Proxy

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Cache/Proxy

V

HAProxy causing issues with port 443
• veldthui

5

0
Votes

5
Posts

22
Views

P

@veldthui Deleting the backend would prevent the rule from being applied when rules get loaded again.. Maybe reloading rules is not triggered when applying settings for a disabled haproxy.. You could 'force' a reload of the rules from the status/filterreload page (if i remember the name of that menu correctly).. That would load the new ruleset without haproxy adding its rules at that time if the backend was deleted.. As for 'needing' transparent client ip.. to get traffic going its not needed. if you want make rules based on the client-ip on the server, then it might be required if proxy-protocol and http-headers are out of the question.. It does come with these disadvantages though that it needs to be in the reply path, and will 'block' other direct requests... It might be possible to open a second port or adding a second private IP on the webserver for the purpose of haproxy connecting to it with client-ip's thus 'avoiding' blocking the regular direct traffic and your nat-portforward..
2

HAProxy client certificate validation per app
• 2fst4u

4

0
Votes

4
Posts

33
Views

P

@2fst4u said in HAProxy client certificate validation per app: What extra settings does the development package provide? The development package allows specifying client certificate options per shared-frontend by using the crt-list option of haproxy 1.8 with a specific sslbindconf for each sni where 1.7 does not support that and thus hides those options in the webgui. b.t.w. that the package is called -devel does not mean the software isn't stable.. The current development version of haproxy is '2.0-dev' and 1.9 is also marked stable.. though still as some rough edges... 1.8 is really stable for everything it supports.
M

HA Proxy POP3/s port to POP TCP 110 (SSL Offloading)
• Miguel López

1

0
Votes

1
Posts

8
Views

No one has replied
L

HAProxy Path ends with: does not redirect to the path /well-known/acme-challenge
• luciano_frc

3

0
Votes

3
Posts

43
Views

L

thank you ! very good the video, the more I believe that my error is in the frontends, I created a standard frontend, and then I was creating new frontends sharing the first one. I've done different now, I'm creating the ACLs and ACTIONS directly on the default frontend like the image below This has worked well for me.
S

Squid3-dev parando o serviço.
pfsense • • samfer

9

0
Votes

9
Posts

59
Views

S

@KOM I will wait for the purchase of the new Hardware and perform the system update. Thanks a lot for the help.
P

Reverse Proxy for Multiple Domain Names and Multiple Servers Behind pfSense
• PITS_King

3

0
Votes

3
Posts

47
Views

P

@Derelict Thanks for the quick response. I had a feeling it was something to do with all the port forwarding rules. I vaguely remember reading something somewhere about just opening up 80 and 443, then choosing "This Firewall" as the Destination Address, if memory serves me correctly. I guess I'll give that a shot right now.
M

filtering web content (http and https) but some of the images in whitelist can't load.
• marksantos

8

0
Votes

8
Posts

152
Views

P

<a href="https://persianpool.ir/?p=3672">پرشين استخر</a> <a href="https://persianpool.ir/روش-ساخت-استخر-بتنی/">ساخت استخر</a> <a href="https://persianpool.ir/?p=3456">لوازم و تجهيزات استخر</a> <a href="https://persianpool.ir/pipe-لوله-upvc-اتصالات-upvc/">لوله و اتصالات UPVC</a> <a href="https://persianpool.ir">سازنده استخر</a> <a href="https://persianpool.ir/آیین‌نامه-شرایط-تأسیس-استخر-شنا-عمومی/">ساخت استخر عمومي</a> <a href="https://persianpool.ir/پلان-استخر-swimming-pool-plan/">طراحي استخر</a> <a href="https://persianpool.ir">PERSIAN POOL</a> <a href="https://persianpool.ir/?p=3456">لوازم و تجهيزات استخر</a> <a href="https://persianpool.ir/?p=12">ساخت استخر</a> <a href="https://persianpool.ir/?p=4107">روش ساخت استخر</a>
D

Squid reverse proxy not working
• DonZalmrol

5

0
Votes

5
Posts

78
Views

D

Thanks for the information. Seems about the same settings as it's on my PFsense. I'll give it a try with an additional webserver, might be that my OWA is messing up the mappings.
V

Let Letsencrypt through HAProxy to Synology
• veldthui

11

0
Votes

11
Posts

84
Views

V

Okay, After changing the order of the matches in the frontend the Synology is now getting its certificates. I knew I must have been doing something wrong. Thanks PiBa
T

HAProxy stooped after upgrade
• treybeatty

2

0
Votes

2
Posts

21
Views

P

@treybeatty Can you define what 'stooped' means exactly? Error while starting haproxy? Haproxy starts and stats page works, but client traffic does not reach the (web)servers ? Any error message shown in the browser? Can you 'curl' to haproxy locally on the pfSense box itself? Does the stats page show the (web)servers as 'up' ?
L

HAProxy - Redirect URLs
• luciano_frc

1

0
Votes

1
Posts

19
Views

No one has replied
A

Why does not it block the squidguard?
• ab96

9

0
Votes

9
Posts

36
Views

A

@KOM Thanks your comments have been very useful !!! n.n/
B

[SOLVED] pfSense + HAProxy – Reverse Proxy with multiple Services on one internal IP
• Bioneye

3

0
Votes

3
Posts

1193
Views

L

Hello, how are you ! I'm having the problem that you, more in my case is the zimbra the console console uses port 7071 and webmail uses port 443 you can put the screens of your HA-proxy. Thank you so much
H

SSL intercept with Windows certificate: No valid signing SSL certificate configured for HTTP_port
• helviojr

1

0
Votes

1
Posts

15
Views

No one has replied
R

Pfsense blocks websites on Firefox but not on Chrome
pfsense chrome pfsense firefox • • Renobr

9

0
Votes

9
Posts

154
Views

R

@stephenw10 I'm sorry for answering just now, had some family issues, but I solved the problem by cleaning the cache and restarting the desktop. I have no problem with any browser. Thanks for the thelp and attention!
L

Is it possible to capture traffic ?
• linhhn508

2

0
Votes

2
Posts

49
Views

L

Connnect to console via ssh and Shell (F8) Then just type: tcpdump -i <interface> -s 65535 -w <some-file> (where interface must by eth1 or vmx1 depending on your ethernet driver).
L

Proxy does not work with non Standart ports
• labasus

1

0
Votes

1
Posts

22
Views

No one has replied
Unofficial E2guardian package for pfSense
• marcelloc

1151

2
Votes

1151
Posts

155184
Views

P

@arch113 said in Unofficial E2guardian package for pfSense: @User43617 I did that too Its like the config the GUI is 'changing' is not the same config E2guardian is using, although I can turn the daemon off, that part works. Try a reinstall, see if that corrects the issue. I've been using it for a long time now and it seems to be working perfectly.
C

Can't access exchange services. TCP-DENIED/403 for OWA
• cyrcocq

6

0
Votes

6
Posts

223
Views

C

Ouch... Really sorry! I think I've made a mistake... I don't have Pfsense server anymore but i think that It was not External FQDN but reverse https default site witch cares... And I'm wondering if you don't have to use an host name and not a domains one, something like host.mydomain.com and not only a domain.com... But My certificate wasn't a wildcard. So it could be wrong. To be complete there's some points I have to add here: to get through this issue, I used the console to look at the squids configurations files. it's not so difficult and there can be found the ssl adresses usable to connect I ve never been able to have everything working as it should with PFsense with squid on it. One colleague of mine tried again with a fresh install of Pfsense to be sure theyre's no artefact of what I did. But for me, as I read it so many times, pfsense does not work fine with squid (we forgot Squid and changed to a commercial solution)
V

I can not access a specific site - TCP_Denied / 403 [RESOLVIDO]
• vinicusrosado

6

0
Votes

6
Posts

60
Views

Thanks for posting your solution, whatever it is.
B

Reverse Proxy with pre authentication
• bigfoot

1

0
Votes

1
Posts

27
Views

No one has replied
C

Problems with Google/GMail
• CSEShop

2

0
Votes

2
Posts

46
Views

Commonly that's caused by Squid and clients resolving URLs to different IPs because they are using different DNS servers. https://docs.netgate.com/pfsense/en/latest/cache-proxy/squid-troubleshooting.html?highlight=squid#sites-not-loading-with-splice-error-409-in-access-log Steve
Redirect to HTTPS as backend
• skilledinept

2

0
Votes

2
Posts

49
Views

...turns out ACLs are processed in order, just like firewall rules. My bad! Just have to keep a wildcard ACL matching a redir action just like before but at the very end of the ACL list, no default backend needed. I'm so stupid!--no wonder why I kept noticing the little blue anchors next to each entry. ...is it anchor or anvil? 🤨 IDK anymore.
D

Blacklist issue
• deepakaagrwal

17

0
Votes

17
Posts

3135
Views

F

I have also an issue of blacklist with my website goto.com.pk
Transparent Proxy and Bind Resolve Issue
• periko

2

0
Votes

2
Posts

58
Views

@periko I will answer my own post. Looks like I found the issuem, once we enable and setup bind, for some reason the file /etc/resolv.conf lost the line: nameserver 127.0.0.1 Them squid read this file and for some reason the queries fall. Now, I have 2 paths: Add manually the localhost in the resolv.conf file in the first line. Or add as alternative dns in squid localhost 127.0.0.1 Using any of this 2 options everything start working. Them bind have some daemon, because I select LAN+Localhost for listen. Hope some could check this which affect proxy transparent MITM. Thanks.
R

HA Proxy balanced by server loads...
• Ralz

4

0
Votes

4
Posts

38
Views

Hmm, not sure I've seen that specific use case but I would set it up and try the different algorithms to see what works best for you. Steve
B

SSLBUMP without MITM
• bbassotti

58

0
Votes

58
Posts

12476
Views

K

@Bismarck ,thanks for the help. I saw the ssl_bumps just underneath "custom options before auth" but there's a 2 line space between this section and the config so not sure if it's part of it. Custom options before auth acl sglog url_regex -i sgr=ACCESSDENIED http_access deny sglog ssl_bump peek step1 ssl_bump splice all
A

Haproxy 504 error
• admtpu

3

0
Votes

3
Posts

52
Views

A

@PiBa Ok, I increased the time and it works well
A

Steam Caching
• aGeekhere

6

0
Votes

6
Posts

78
Views

X

No, it will not.
M

Squid Guard basic setup
• mzaknoen

1

0
Votes

1
Posts

82
Views

No one has replied
T

The requested URL could not be retrieved
• tomazini

1

0
Votes

1
Posts

24
Views

No one has replied
D

Skype + SSL Interception + Squid in Non Transparent mode
• do1984

1

0
Votes

1
Posts

45
Views

No one has replied
G

ssl_error_rx_record_too_long
• gtrovato

1

0
Votes

1
Posts

21
Views

No one has replied
S

LightSquid report per User
• soheil.amiri

5

0
Votes

5
Posts

62
Views

S

hi @KOM unfortunately i did not find any solution.
A

SQUID not intercepting everything
• Alexandru Luca

2

0
Votes

2
Posts

57
Views

I think you answered your own question. It doesn't block until you clear their local cache... so maybe it's been working all along and blocking as it should, but the blocked content is being pulled from local cache and/or squid? I don't know how squid behaves if you ask for content that is technically blocked for that user, but is sitting in squid's cache. Squidguard is a helper program that gets called for each URL that squid needs to fetch. If the required content is still is cache and not stale, it will server from there first.
A

Squid PHP error after upgrade to pfsense 2.5
• Alexandru Luca

6

0
Votes

6
Posts

83
Views

A

Thank you for your time. I have reinstalled pfsense 2.4.4p2 and all works.
S

HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE)
• sokolum

7

0
Votes

7
Posts

1122
Views

B

NFM! thanks.
K

HA Proxy with VIP IP?
• killmasta93

2

0
Votes

2
Posts

101
Views

K

Bump anyone???
M

Squid + Active Directory + SSO
• MR-NT

3

0
Votes

3
Posts

615
Views

A

Hi. The attached file contains the procedure to achieve this goal. Someone in the past has done this. Use at your own risk. Autenticacao Transparente Squid + WMI + Squidguard.zip
Z

Create config to deny all except sites on white list
• zsolt.tolnay

1

0
Votes

1
Posts

35
Views

No one has replied

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

1 / 61

HAProxy causing issues with port 443 • veldthui

HAProxy client certificate validation per app • 2fst4u

HA Proxy POP3/s port to POP TCP 110 (SSL Offloading) • Miguel López

HAProxy Path ends with: does not redirect to the path /well-known/acme-challenge • luciano_frc

Squid3-dev parando o serviço. pfsense • • samfer

Reverse Proxy for Multiple Domain Names and Multiple Servers Behind pfSense • PITS_King

filtering web content (http and https) but some of the images in whitelist can't load. • marksantos

Squid reverse proxy not working • DonZalmrol

Let Letsencrypt through HAProxy to Synology • veldthui

HAProxy stooped after upgrade • treybeatty

HAProxy - Redirect URLs • luciano_frc

Why does not it block the squidguard? • ab96

[SOLVED] pfSense + HAProxy – Reverse Proxy with multiple Services on one internal IP • Bioneye

SSL intercept with Windows certificate: No valid signing SSL certificate configured for HTTP_port • helviojr

Pfsense blocks websites on Firefox but not on Chrome pfsense chrome pfsense firefox • • Renobr

Is it possible to capture traffic ? • linhhn508

Proxy does not work with non Standart ports • labasus

Unofficial E2guardian package for pfSense • marcelloc

Can't access exchange services. TCP-DENIED/403 for OWA • cyrcocq

I can not access a specific site - TCP_Denied / 403 [RESOLVIDO] • vinicusrosado

Reverse Proxy with pre authentication • bigfoot

Problems with Google/GMail • CSEShop

Redirect to HTTPS as backend • skilledinept

Blacklist issue • deepakaagrwal

Transparent Proxy and Bind Resolve Issue • periko

HA Proxy balanced by server loads... • Ralz

SSLBUMP without MITM • bbassotti

Haproxy 504 error • admtpu

Steam Caching • aGeekhere

Squid Guard basic setup • mzaknoen

The requested URL could not be retrieved • tomazini

Skype + SSL Interception + Squid in Non Transparent mode • do1984

ssl_error_rx_record_too_long • gtrovato

LightSquid report per User • soheil.amiri

SQUID not intercepting everything • Alexandru Luca

Squid PHP error after upgrade to pfsense 2.5 • Alexandru Luca

HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE) • sokolum

HA Proxy with VIP IP? • killmasta93

Squid + Active Directory + SSO • MR-NT

Create config to deny all except sites on white list • zsolt.tolnay

Products

Applications

Support

Services

News

Resources

Company

Our Mission

Subscribe to our Newsletter

HAProxy causing issues with port 443
• veldthui

HAProxy client certificate validation per app
• 2fst4u

HA Proxy POP3/s port to POP TCP 110 (SSL Offloading)
• Miguel López

HAProxy Path ends with: does not redirect to the path /well-known/acme-challenge
• luciano_frc

Squid3-dev parando o serviço.
pfsense • • samfer

Reverse Proxy for Multiple Domain Names and Multiple Servers Behind pfSense
• PITS_King

filtering web content (http and https) but some of the images in whitelist can't load.
• marksantos

Squid reverse proxy not working
• DonZalmrol

Let Letsencrypt through HAProxy to Synology
• veldthui

HAProxy stooped after upgrade
• treybeatty

HAProxy - Redirect URLs
• luciano_frc

Why does not it block the squidguard?
• ab96

[SOLVED] pfSense + HAProxy – Reverse Proxy with multiple Services on one internal IP
• Bioneye

SSL intercept with Windows certificate: No valid signing SSL certificate configured for HTTP_port
• helviojr

Pfsense blocks websites on Firefox but not on Chrome
pfsense chrome pfsense firefox • • Renobr

Is it possible to capture traffic ?
• linhhn508

Proxy does not work with non Standart ports
• labasus

Unofficial E2guardian package for pfSense
• marcelloc

Can't access exchange services. TCP-DENIED/403 for OWA
• cyrcocq

I can not access a specific site - TCP_Denied / 403 [RESOLVIDO]
• vinicusrosado

Reverse Proxy with pre authentication
• bigfoot

Problems with Google/GMail
• CSEShop

Redirect to HTTPS as backend
• skilledinept

Blacklist issue
• deepakaagrwal

Transparent Proxy and Bind Resolve Issue
• periko

HA Proxy balanced by server loads...
• Ralz

SSLBUMP without MITM
• bbassotti

Haproxy 504 error
• admtpu

Steam Caching
• aGeekhere

Squid Guard basic setup
• mzaknoen

The requested URL could not be retrieved
• tomazini

Skype + SSL Interception + Squid in Non Transparent mode
• do1984

ssl_error_rx_record_too_long
• gtrovato

LightSquid report per User
• soheil.amiri

SQUID not intercepting everything
• Alexandru Luca

Squid PHP error after upgrade to pfsense 2.5
• Alexandru Luca

HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE)
• sokolum

HA Proxy with VIP IP?
• killmasta93

Squid + Active Directory + SSO
• MR-NT

Create config to deny all except sites on white list
• zsolt.tolnay