Cache/Proxy

• S

  HAproxy: ACL with weaker SSL-ciphers for one IP possible?
  • sgw

  1
  0
  Votes
  1
  Posts
  26
  Views

  No one has replied

• K

  Issue with slow authentication on squid?
  • killmasta93

  3
  0
  Votes
  3
  Posts
  49
  Views

  K

  thanks for the reply, i was checking the logs and your right something odd with the active directory but i ended up using the local authentication created all the users
• 

  Unofficial E2guardian package for pfSense
  • marcelloc

  1119
  1
  Votes
  1119
  Posts
  142400
  Views

  P

  @user43617 said in Unofficial E2guardian package for pfSense: @pfsensation So, does grey and exception listing work in transparent mode? Yes, no problem at all. I'm running pretty much everything through transparent proxy. This also allows me to completely bypass the proxy for certain things like Windows updates, or WhatsApp to save resources and keep things efficient.
• 

  Squid/Clamav: Wrong redirect URL
  • Pippin

  7
  0
  Votes
  7
  Posts
  3257
  Views

  K

  @rggolbraich said in Squid/Clamav: Wrong redirect URL: I know its an old post but here is my solution to the same problem. Solution: when I installed pfSense with all packages I use, I gave it a domain name. After some while, i changed the domain name to my DC, somehow SquidClamAV keeps the old data so I get pointed to unavailable address. To fix this issue I edited 2 files: (Diagnostics - Edit File) /usr/local/etc/c-icap/squidclamav.conf /usr/local/etc/c-icap/squidclamav.conf.pfsense Why them both? because every time I edited the .conf file my settings get back to what it was. after changing them both pfSense kept the configuration and problem were fixed. Thanks for this. Two years later and still a bug.
• J

  HAProxy + Intel QAT
  • justme2

  1
  0
  Votes
  1
  Posts
  53
  Views

  No one has replied

• K

  Proxy Issue wpad?
  • killmasta93

  11
  0
  Votes
  11
  Posts
  205
  Views

  

  Glad its working for you now.
• X

  2.3 - Squid reinstallation fails
  • xoxys

  14
  0
  Votes
  14
  Posts
  5129
  Views

  M

  @powerrc This worked for me. Thank you very much.
• K

  Quick Question about LDAP proxy
  • killmasta93

  1
  0
  Votes
  1
  Posts
  48
  Views

  No one has replied

• R

  pfsense squid not connecting through an upstream proxy
  • rllanes2004

  1
  0
  Votes
  1
  Posts
  42
  Views

  No one has replied

• 

  HAproxy + Acme package = 503 Error servers not available locally
  dns haproxy • • InterLoper

  2
  0
  Votes
  2
  Posts
  79
  Views

  S

  I found this very useful. https://blog.devita.co/pfsense-to-proxy-traffic-for-websites-using-pfsense/
• L

  help setting the Public Key Pinning in HAProxy
  • luisenrique

  13
  0
  Votes
  13
  Posts
  167
  Views

  

  We both learned a bit ;) Thanks for the questions, it got me playing with HA proxy and ACME.. I had not had a reason to use them until you brought up the question(s) After that I had no excuse not to use them and fired up a shared port for my openvpn that listens on 443 and then hands off to ha proxy so I can use https with my ombi plex request system via https ;) Win Win all around I would say!
• M

  Proxy problem on the guest router
  • mikekoke

  2
  0
  Votes
  2
  Posts
  183
  Views

  M

  If you still have a query related to proxies issues on guest router so in that case I'm recommending you to use VPN as With a VPN for Router, protect every device that connects to the internet. Get FastestVPN and open endless possibilities on all your devices.
• W

  Solved: How to cache musics from music site
  • waldopulanco

  2
  0
  Votes
  2
  Posts
  185
  Views

  M

  Mp3Tomato is a website that supports free Mp3 download.
• 

  HA proxy Backend Frontend up down Notification via email
  • ejaj

  12
  0
  Votes
  12
  Posts
  363
  Views

  

  Thanks @vallum i get back to with an update that it's working for us or not..Thanks again.
• H

  Is there any way to bypass specific ip Address range on pfsense.
  • hamidjutt97

  2
  0
  Votes
  2
  Posts
  56
  Views

  

  That is a proxy question - moved to the correct section. Are you wanting to have specific clients not use the proxy, or not use the proxy for specific dest IPs? Validation of what version your using both for squid and pfsense would be helpful - and are you using transparent mode or explicit for your clients to use the proxy. What are you doing with https, etc.
• K

  Ns URL domain?
  • killmasta93

  1
  0
  Votes
  1
  Posts
  54
  Views

  No one has replied

• T

  Squid unable to load single website.
  • TheNetStriker

  4
  0
  Votes
  4
  Posts
  96
  Views

  

  Glad you got it sorted out.
• N

  Squid3 + transparent mode - somtehing is wrong here.
  • notaduck

  8
  0
  Votes
  8
  Posts
  2356
  Views

  M

  I got the same error with /var being in RAM not on disk
• M

  Haproxy missing options
  • mindaugezas

  2
  0
  Votes
  2
  Posts
  77
  Views

  P

  @mindaugezas Go with the option 'none'. And put a sticktable definition and matching rule in the advanced pass tru textbox. Almost any custom option that isn't in the webgui can be added in some textbox somewhere..
• G

  WARNING " All 5/5 check_cp processes are busy."
  • guilherme_182

  4
  0
  Votes
  4
  Posts
  121
  Views

  

  @guilherme_182 said in WARNING " All 5/5 check_cp processes are busy.": WARNING: Consider increasing the number of check_cp processes in your config file. WARNING: 5 pending requests queued WARNING: All 5/5 check_cp processes are busy. Not a "pfSense" process. So probably something from SQUID + Splice ALL + SSL + Squidguard The captive portal doesn't have a (software) proces. At most a couple of instances of the web interface that hosts the login page - several nginx processes. These processes are called "nginx'. As you can image, they do not much work, and they don't 'block' anything. "check_cp" is unknown to me (but I'm not using squid etc as it seems useless these days (to me)).
• K

  Exchange 2016 Autodiscover
  • KennyMacCormik

  2
  0
  Votes
  2
  Posts
  118
  Views

  K

  Little update with more info I'm using Exchange 2016 DAG with two servers. Recently I've installed pfSense with HAproxy module to ensure web reverse proxy. My issue is following: MacOS outlook clients are constantly requesting password to connect and RPC over HTTP is not working in my configuration. If I will just forward 443 port to the exchange DAG RPC over HTTP is working fine. If I replace HAproxy with IIS + ARR MacOS clients stops requesting passwords. Does anyone ever faced this issue or something similar? P.S. Windows Outlook clients working fine in any configuration The haproxy.cfg file is like following # Automaticaly generated, dont edit manually. # Generated on: 2019-01-31 16:22 global maxconn 10000 log syslog1.<my domain> local0 debug stats socket /tmp/haproxy.socket level admin uid 80 gid 80 nbproc 1 hard-stop-after 15m chroot /tmp/haproxy_chroot daemon tune.ssl.default-dh-param 4096 log-send-hostname pfsense server-state-file /tmp/haproxy_server_state listen HAProxyLocalStats bind 127.0.0.1:2200 name localstats mode http stats enable stats refresh 10 stats admin if TRUE stats show-legends stats uri /haproxy/haproxy_stats.php?haproxystats=1 timeout client 5000 timeout connect 5000 timeout server 5000 frontend http-https-frontend bind <public ip>:443 name <public ip>:443 ssl crt-list /var/etc/haproxy/http-https-frontend.crt_list bind <public ip>:80 name <public ip>:80 mode http log global option socket-stats option log-separate-errors option httplog option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https maxconn 10000 timeout client 30000 capture request header Host len 32 capture request header User-Agent len 64 capture response header Content-Length len 10 #option httplog log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%sslv/%sslc/%[ssl_fc_sni]/%[ssl_fc_session_id]}\ "%[capture.req.method]\ %[capture.req.hdr(0)]%[capture.req.uri]\ HTTP/1.1" option contstats # Enable continuous traffic statistics updates timeout http-keep-alive 30s # 15 second max for the client to post next request timeout http-request 30s # 15 seconds max for the client to send a request acl is_ecp var(txn.txnpath) -m sub -i /ecp/ acl not_https ssl_fc,not acl is_portal var(txn.txnhost) -m str -i portal.<public domain> acl is_healthcheck var(txn.txnpath) -m reg -i healthcheck.htm$ acl is_autodiscover var(txn.txnhost) -m str -i autodiscover.<public domain> acl is_rpc var(txn.txnpath) -m sub -i /rpc/ acl is_owa var(txn.txnpath) -m sub -i /OWA/ acl is_ews var(txn.txnpath) -m sub -i /EWS/ acl is_oab var(txn.txnpath) -m sub -i /OAB/ acl is_eas var(txn.txnpath) -m sub -i /EAS/ acl is_mapi var(txn.txnpath) -m sub -i /mapi/ http-request set-var(txn.txnpath) path http-request set-var(txn.txnhost) hdr(host) http-response deny if is_ecp http-response deny if is_healthcheck http-request redirect scheme https code 301 if not_https use_backend portal-backend_ipvANY if is_portal use_backend ex-Autodiscover-backend_ipvANY if is_autodiscover use_backend ex-RPC-backend_ipvANY if is_rpc use_backend ex-OWA-backend_ipvANY if is_owa use_backend ex-EWS-backend_ipvANY if is_ews use_backend ex-OAB-backend_ipvANY if is_oab use_backend ex-EAS-backend_ipvANY if is_eas use_backend ex-MAPI-backend_ipvANY if is_mapi default_backend ex-OWA-backend_ipvANY frontend smtp-frontend bind <public ip>:25 name <public ip>:25 mode tcp log global option socket-stats option dontlognull option dontlog-normal maxconn 10000 timeout client 300000 option tcplog option contstats default_backend ex-smtp-backend_ipvANY frontend smtptls-frontend bind <public ip>:587 name <public ip>:587 mode tcp log global option dontlognull option dontlog-normal maxconn 10000 timeout client 300000 option tcplog option contstats default_backend ex-smtptls-backend_ipvANY frontend smtpssl-frontend bind <public ip>:465 name <public ip>:465 mode tcp log global option dontlognull option dontlog-normal maxconn 10000 timeout client 300000 option tcplog option contstats default_backend ex-smtpssl-backend_ipvANY frontend imap-frontend bind <public ip>:143 name <public ip>:143 mode tcp log global option dontlognull option dontlog-normal maxconn 10000 timeout client 300000 option tcplog option contstats default_backend ex-imap-backend_ipvANY frontend imaps-frontend bind <public ip>:993 name <public ip>:993 mode tcp log global option dontlognull option dontlog-normal timeout client 300000 option contstats default_backend ex-imaps-backend_ipvANY frontend pop-frontend bind <public ip>:110 name <public ip>:110 mode tcp log global option dontlognull option dontlog-normal maxconn 10000 timeout client 300000 option tcplog option contstats default_backend ex-pop-backend_ipvANY frontend pops-frontend bind <public ip>:995 name <public ip>:995 mode tcp log global option dontlognull option dontlog-normal maxconn 10000 timeout client 300000 option tcplog option contstats default_backend ex-pops-backend_ipvANY backend portal-backend_ipvANY mode http id 103 log global stats enable stats uri /haproxy?stats stats realm . timeout connect 30000 timeout server 30000 retries 3 server portal.<my domain> <my local subnet>.11:443 id 104 ssl check inter 1000 verify none backend ex-Autodiscover-backend_ipvANY mode http id 105 log global stats enable stats uri /haproxy?stats stats realm . balance leastconn timeout connect 30000 timeout server 30000 retries 3 option httpchk GET /autodiscover/healthcheck.htm http-check expect status 200 option redispatch # Try another server in case of connection failure server ex1 <my local subnet>.3:443 id 101 ssl check inter 3000 verify none server ex2 <my local subnet>.4:443 id 102 ssl check inter 3000 verify none backend ex-RPC-backend_ipvANY mode http id 106 log global stats enable stats uri /haproxy?stats stats realm . balance leastconn timeout connect 30000 timeout server 30000 retries 3 option httpchk GET /RPC/HealthCheck.htm http-check expect status 200 option redispatch # Try another server in case of connection failure #timeout queue 30s # 30 seconds max queued on load balancer server ex1.<my domain> <my local subnet>.3:443 id 101 ssl check inter 1000 verify none server ex2.<my domain> <my local subnet>.4:443 id 102 ssl check inter 1000 verify none backend ex-OWA-backend_ipvANY mode http id 100 log global stats enable stats uri /haproxy?stats stats realm . balance leastconn timeout connect 30000 timeout server 30000 retries 3 option httpchk GET /OWA/HealthCheck.htm http-check expect status 200 option redispatch # Try another server in case of connection failure server ex1.<my domain> <my local subnet>.3:443 id 101 ssl check inter 1000 verify none server ex2.<my domain> <my local subnet>.4:443 id 102 ssl check inter 1000 verify none backend ex-EWS-backend_ipvANY mode http id 107 log global stats enable stats uri /haproxy?stats stats realm . balance leastconn timeout connect 30000 timeout server 30000 retries 3 option httpchk GET /EWS/HealthCheck.htm http-check expect status 200 option redispatch # Try another server in case of connection failure #timeout queue 30s # 30 seconds max queued on load balancer server ex1.<my domain> <my local subnet>.3:443 id 101 ssl check inter 1000 verify none server ex2.<my domain> <my local subnet>.4:443 id 102 ssl check inter 1000 verify none backend ex-OAB-backend_ipvANY mode http id 108 log global stats enable stats uri /haproxy?stats stats realm . balance leastconn timeout connect 30000 timeout server 30000 retries 3 option httpchk GET /OAB/HealthCheck.htm http-check expect status 200 option redispatch # Try another server in case of connection failure #timeout queue 30s # 30 seconds max queued on load balancer server ex1.<my domain> <my local subnet>.3:443 id 101 ssl check inter 1000 verify none server ex2.<my domain> <my local subnet>.4:443 id 102 ssl check inter 1000 verify none backend ex-EAS-backend_ipvANY mode http id 109 log global stats enable stats uri /haproxy?stats stats realm . balance leastconn timeout connect 30000 timeout server 30000 retries 3 option httpchk GET /Microsoft-Server-ActiveSync/HealthCheck.htm http-check expect status 200 option redispatch # Try another server in case of connection failure #timeout queue 30s # 30 seconds max queued on load balancer server ex1.<my domain> <my local subnet>.3:443 id 101 ssl check inter 1000 verify none server ex2.<my domain> <my local subnet>.4:443 id 102 ssl check inter 1000 verify none backend ex-MAPI-backend_ipvANY mode http id 116 log global stats enable stats uri /haproxy?stats stats realm . balance leastconn timeout connect 30000 timeout server 30000 retries 3 option httpchk GET /mapi/HealthCheck.htm http-check expect status 200 option redispatch # Try another server in case of connection failure #timeout queue 30s # 30 seconds max queued on load balancer server ex1.<my domain> <my local subnet>.3:443 id 101 ssl check inter 1000 verify none server ex2.<my domain> <my local subnet>.4:443 id 102 ssl check inter 1000 verify none backend ex-smtp-backend_ipvANY mode tcp id 110 log global balance leastconn timeout connect 5000 timeout server 30000 retries 3 option redispatch option tcp-check tcp-check expect string 220 default-server rise 2 fall 3 server ex1.<my domain> <my local subnet>.3:25 id 111 check inter 3000 server ex2.<my domain> <my local subnet>.4:25 id 112 check inter 3000 backend ex-smtptls-backend_ipvANY mode tcp id 115 log global balance leastconn timeout connect 5000 timeout server 30000 retries 3 default-server rise 2 fall 3 option redispatch option tcp-check tcp-check expect string 220 server ex1.<my domain> <my local subnet>.3:587 id 111 check inter 3000 server ex2.<my domain> <my local subnet>.4:587 id 112 check inter 3000 backend ex-smtpssl-backend_ipvANY mode tcp id 121 log global balance leastconn timeout connect 5000 timeout server 30000 retries 3 option redispatch option tcp-check tcp-check expect string 220 ssl default-server rise 2 fall 3 server ex1.<my domain> <my local subnet>.3:465 id 111 check inter 3000 verify none server ex2.<my domain> <my local subnet>.4:465 id 112 check inter 3000 verify none backend ex-imap-backend_ipvANY mode tcp id 114 log global option log-health-checks balance leastconn timeout connect 30000 timeout server 30000 retries 3 option tcp-check tcp-check connect tcp-check expect string * OK server ex1.<my domain> <my local subnet>.3:143 id 111 check inter 1000 server ex2.<my domain> <my local subnet>.4:143 id 112 check inter 1000 backend ex-imaps-backend_ipvANY mode tcp id 117 log global balance leastconn timeout connect 5000 timeout server 30000 retries 3 option redispatch option tcp-check tcp-check connect port 993 ssl tcp-check expect string * OK server ex1.<my domain> <my local subnet>.3:993 id 118 check inter 3000 verify none server ex2.<my domain> <my local subnet>.4:993 id 119 check inter 3000 verify none backend ex-pop-backend_ipvANY mode tcp id 120 log global option log-health-checks balance leastconn timeout connect 5000 timeout server 30000 retries 3 option tcp-check tcp-check connect port 110 tcp-check expect string +OK default-server rise 2 fall 3 server ex1.<my domain> <my local subnet>.3:110 id 111 check inter 5000 server ex2.<my domain> <my local subnet>.4:110 id 112 check inter 5000 backend ex-pops-backend_ipvANY mode tcp id 113 log global option log-health-checks balance leastconn timeout connect 5000 timeout server 30000 retries 3 option tcp-check tcp-check connect port 995 ssl tcp-check expect string +OK default-server rise 2 fall 3 server ex1.<my domain> <my local subnet>.3:995 id 111 check inter 5000 verify none server ex2.<my domain> <my local subnet>.4:995 id 112 check inter 5000 verify none When I run "Outlook Connectivity" test from the Microsoft Test Connectivity site I get the following Here is some more details on the RPC over HTTP error Here is an exempt from the haproxy logs 0_1549287376634_logs.txt
• H

  Haproxy to DMZ not working
  • hhbarnes

  5
  0
  Votes
  5
  Posts
  110
  Views

  H

  @piba I owe you one, that was exactly the problem. I had it configured on the LAN first and then copied the configuration and I thought I changed everything to point to the DMZ. Once I changed the interface on the transparent IP it worked. Thanks again!
• S

  Squidguard with differrent rules for multiple Vlans
  • Su30MKI

  8
  0
  Votes
  8
  Posts
  185
  Views

  

  Make sure the clients and Squid are both using the same DNS servers that is biggest cause of issues with Squid. So usually that would be both using Unbound in pfSense. Check the Squid logs and system logs for errors. Also: https://www.netgate.com/docs/pfsense/cache-proxy/squid-troubleshooting.html Steve
• V

  [Noob] How to configure HaProxy for multiple servers behind Pfsense with 1 IP with ACME
  • VincentEmmanuel

  2
  0
  Votes
  2
  Posts
  78
  Views

  

  You could : Ask for a wild card cert for *.example.com & example.com" and place the obtained certificate on the two servers 172.65.1.11 and 172.65.1.10. Or you can ask for two certs : a cert for the server test.example.com, to be put on server 172.65.1.10 and a cert for test2.example.com, to be put on 172.65.1.11. Btw : certs are totally not aware of IP's and stuff like that. If your server test2.example.com uses IP 192.168.1.10 as of now , the cert will still works just fine.
• M

  Squid only for caching
  • marcelocaetano

  4
  0
  Votes
  4
  Posts
  194
  Views

  R

  Prioritizing traffic could help make better use of the bandwidth available. I never looked at the traffic shaper, but I imagine someone on here has. https://www.netgate.com/docs/pfsense/book/trafficshaper/what-the-traffic-shaper-can-do-for-a-network.html
• J

  Wpad only works if suffix domain exist in clients
  • jperezme

  4
  0
  Votes
  4
  Posts
  95
  Views

  

  Then you must set a local domain manually as well. The way WPAD works is that the client will do a DNS lookup for wpad.yourdomain.blah. The client then asks the server at the IP address for wpad.yourdomain.blah for its wpad.dat, wpad.da or proxy.pac file. The client then parses the requested WPAD config file to know where the proxy is and when to use it.
• 

  Squid proxy usefulness ?
  • chudak

  5
  0
  Votes
  5
  Posts
  235
  Views

  R

  Same experience as you guys. Used it for caching and ClamAV. It was a false sense of security at best since it could only scan ~ 1% of traffic. So even if it was a 100% effective AV, it was still mostly useless. No point in adding complexity so I no longer use squid.
• K

  HAproxy issue with 2 domains?
  • killmasta93

  5
  0
  Votes
  5
  Posts
  133
  Views

  K

  Thanks for the reply, so after many hours it was the HAproxy redirect rule i had to add 2 more rules on the ACL added web2 and web3 host matches www.mydomain.com and www.mydomain2.com on the bottom on actions add http-request redirect with the rule rule: prefix https://mydomain.com and the same thing for the mydomain2.com for anyone else that has this issue do the following. Hope this helps
• P

  Squid + Captive Portal Auth
  • pfsensation

  9
  0
  Votes
  9
  Posts
  2092
  Views

  D

  Bonjour, j'ai beau navigué sur les forum en long en large et en travers, je ne trouve aucune information sur le fonctionnement de squid avec une authentification via portail captif couplé au ldap. C'est une solution proposée par pfsense mais je n'arrive pas à le faire fonctionner. Merci.
• M

  Want squid, but also want pfblocker, working firewall rules for 80,443
  • marian78

  1
  0
  Votes
  1
  Posts
  80
  Views

  No one has replied

• P

  Squid SNMP
  • pellle87

  1
  0
  Votes
  1
  Posts
  60
  Views

  No one has replied

• 

  Throttle Other Extensions doesn't work
  • reza3sw

  1
  0
  Votes
  1
  Posts
  61
  Views

  No one has replied

• T

  Squid vs HTTPS Everywhere to protect HTTP (port 80) connections
  • talaverde

  6
  0
  Votes
  6
  Posts
  372
  Views

  T

  I have no interest in MITM proxy which essentially breaks SSL, making all but pointless. (Sorry to be blunt). I've decided to uninstall Squid. A comment hit home to me. Installing another application, putting my firewall packets through ANOTHER application, simply for a (secondary) virus scan. Not worth it. (As far as I know), (knocking on my wood shelf), I haven't had an issue with a virus since I can remember. I'm not saying it's a risk. I'm very aware of the need for a good virus scanner, but to add another layer to my firewall? Nah. Squid is officially retired in my book.
• A

  Improve Custom refresh pattern
  • aGeekhere

  74
  0
  Votes
  74
  Posts
  16733
  Views

  A

  @grapeape22 refresh patterns are not really my area of expertise, what would be ideal is a github page is added to the squid package and can be loaded from Dynamic and Update Content Custom refresh_patterns. That way it can be maintain more by the community (by users who know more about refresh patterns). Maybe this could be added when they update squid to 4.5. refresh patterns are also a bit of a hit and miss with dynamic content being harder to cache.
• I

  Sqid AV Widget
  • Impatient

  1
  0
  Votes
  1
  Posts
  83
  Views

  No one has replied

• T

  Netflix issues with Squid transparent proxy
  • tapout72

  9
  0
  Votes
  9
  Posts
  406
  Views

  

  I don't believe that Android, or at least older Android versions, supports WPAD. For the wifi connection, you would have to configure the proxy details manually. Make sure you block tcp80,443 on LAN to prevent people from going around the proxy (if that matters to you).
• V

  Problem displaying sgerror
  • Valceir

  1
  0
  Votes
  1
  Posts
  46
  Views

  No one has replied

• S

  Docker behind pfsense: haproxy, traefik, or ... ?
  • sgw

  3
  0
  Votes
  3
  Posts
  626
  Views

  P

  I ended up getting stuck in the same situation. Ended up just getting rid of HAProxy and letting Traefik handle all proxying requirements. If I tried to use both, HAProxy would not recognise anything in Traefik and report with a 503. IMO Traefik is easier to config and use.
• 

  Why E2guardian package is not Officially avaliable in Pfsense?
  • vallum

  4
  0
  Votes
  4
  Posts
  324
  Views

  

  @fabricioguzzy said in Why E2guardian package is not Officially avaliable in Pfsense?: Hello Vallum, I´ve been testing the e2guardian package since December/18 and it's working fine. It's way better then squidguard, no doubts or comparisons. The package still has some small/cosmetic issues, most of them related to the LDAP search group/users and REstarting service mechanisms, but it's fully functional. I also made some security scans over the firewall after install it and it got nothing, so it looks safe at all. it worth to go ahead and try it. If you are still confused, consider create a Non-Production environment to test it until you get used to the GUI and processes. Not sure why pfsense team didn't consider the package so far. Maybe because is it still under-construction, but I do agree with you. That is a "must have" package for sure. hope that helps you. Fabricio. Thanks Fabricio . I will test this.
• G

  [SOLVED]Help needed: bypass squid and squidGuard for iTunes, AppleStore, Android
  • GL

  14
  0
  Votes
  14
  Posts
  2599
  Views

  T

  @gl said in [SOLVED]Help needed: bypass squid and squidGuard for iTunes, AppleStore, Android: acl ssl_exclude_domains ssl::server_name "/usr/local/etc/squid/exclude_domains.conf" ssl_bump peek step1 all ssl_bump splice ssl_exclude_domains ssl_bump stare step2 all ssl_bump bump all GL, I know this is an old thread but I tried your solution to try and bypass netflix. However, I get a Privacy error NET::ERR_CERT_AUTHORITY_INVALID on every site I try to access after applying the Custom Options (Before Auth). Any ideas on where I went wrong?