• 1 Votes
    10 Posts
    2k Views
    JonathanLeeJ

    @JonathanLee said in UNOFFICIAL GUIDE: Have Package Logs Record to a secondary SSD drive Snort Syslog Squid and or Squid cache system:

    ln -s -F /nvme/LOGS_Optane/snort /var/log/snort

    Also you can do this with suricata.

    /var/log/suricata remove this mkdir /nvme/LOGS_Optane/suricata ln -s -F /nvme/LOGS_Optane/suricata /var/log/suricata
  • Squid 6.12_1 Failed to decode EC parameters

    1
    0 Votes
    1 Posts
    50 Views
    No one has replied
  • HAProxy Cookie Persistance SameSite

    1
    0 Votes
    1 Posts
    39 Views
    No one has replied
  • 0 Votes
    18 Posts
    2k Views
    JonathanLeeJ

    This is a better WPAD file

    server.modules = ( "mod_access", "mod_staticfile", "mod_expire", "mod_setenv" ) server.document-root = "/var/www/html" server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 server.bind = "192.168.1.6" server.tag = "" server.range-requests = "disable" server.max-connections = 10 connect-timeout = 2 server.max-keep-alive-idle = 2 server.max-keep-alive-requests = 1 server.max-read-idle = 2 server.max-write-idle = 2 dir-listing = "disable" $HTTP["request-method"] =~ "^(TRACE|TRACK)$" { url.access-deny = ( "" ) } # Cache WPAD and proxy PAC files for 1 day (good practice) expire.url = ( "/wpad.dat" => "access plus 1 day", "/proxy.pac" => "access plus 1 day" ) # Disable access logs to reduce SD card wear (optional) accesslog = "" $HTTP["url"] =~ "^/(wpad\.dat|proxy\.pac)$" { setenv.add-response-header = ( "X-Content-Type-Options" => "nosniff", "X-Frame-Options" => "DENY", "Content-Security-Policy" => "default-src 'none';", "Cache-Control" => "public, max-age=86400", "Referrer-Policy" => "no-referrer", "X-Download-Options" => "noopen", "X-Permitted-Cross-Domain-Policies" => "none" ) # Allow only GET and HEAD methods $HTTP["request-method"] !~ "^(GET|HEAD)$" { url.access-deny = ( "" ) } # Restrict access by IP subnets $HTTP["remoteip"] == "192.168.1.0/27" { } else $HTTP["remoteip"] == "2001:470:8052:a::/64" { } else { url.access-deny = ( "" ) } } # Deny all other URL requests $HTTP["url"] !~ "^/(wpad\.dat|proxy\.pac)$" { url.access-deny = ( "" ) } # Strict URL parsing for security and consistency server.http-parseopts = ( "header-strict" => "enable", "host-strict" => "enable", "host-normalize" => "enable", "url-normalize-unreserved"=> "enable", "url-normalize-required" => "enable", "url-ctrls-reject" => "enable", "url-path-2f-decode" => "disable", "url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "disable", "url-path-dotseg-reject" => "enable", ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) # Add WPAD MIME type for correct browser handling mimetype.assign = ( ".dat" => "application/x-ns-proxy-autoconfig", ".pac" => "application/x-ns-proxy-autoconfig" )
  • Squid has officially released 7.0.2 beta if anyone wants to test

    6
    0 Votes
    6 Posts
    216 Views
    JonathanLeeJ

    @brcuewayne DiagnosticsCommand Prompt
    Shell Output - ls -l /usr/local/sbin/dhcpleases6
    ls: /usr/local/sbin/dhcpleases6: No such file or directory
    Execute Shell Command

  • Unable to run squid proxy server after upgrading from 2.7.2 to 2.8.0

    4
    0 Votes
    4 Posts
    212 Views
    patient0P

    @brcuewayne can you provide more details about error(s) you get when you try to start squid?

  • HAProxy with IP Alias

    5
    0 Votes
    5 Posts
    275 Views
    P

    @viragomann

    Damn i completely forgot that i could use the current LAN CARP i have..!! Yeah that works for me !! Thank you very much !!!

  • HAProxy Custom ACL with Firewall Alias now working

    1
    0 Votes
    1 Posts
    87 Views
    No one has replied
  • HAProxy backend port changes are not applied

    7
    3 Votes
    7 Posts
    2k Views
    N

    Hi, just in case someone has the same issue still in 2025. I'm using pfsense 2.8 and haproxy 0.63_10 and I got the same problem: changing the backend port, is not taking effect unless you delete the haproxy_server_state ans reload haproxy (at least this worked for me). It would be good if this process could be automated anytime your reload/restart haproxy. Or itmight be thatI'm missing something.

  • 0 Votes
    17 Posts
    2k Views
    A

    @aGeekhere

    Update, will not be fixed as squid is deprecated from pfSense

  • HA-Proxy on pfSense 2.8 disable proxy buffering for one backend

    1
    0 Votes
    1 Posts
    117 Views
    No one has replied
  • HA-Proxy| 503 Service Unavailable

    2
    0 Votes
    2 Posts
    151 Views
    V

    @pradeep-sl
    Check if the backend is shown up as online on the FS stats page.

  • Unofficial Squid Custom Refresh Patterns

    4
    0 Votes
    4 Posts
    308 Views
    JonathanLeeJ

    @aGeekhere said in Unofficial Squid Custom Refresh Patterns:

    https://github.com/mmd123/squid-cache-dynamic_refresh-list

    I added them thanks.

  • Jitsi Meet behind HAProxy

    1
    0 Votes
    1 Posts
    127 Views
    No one has replied
  • Force traffic through a proxy

    1
    0 Votes
    1 Posts
    121 Views
    No one has replied
  • haproxy not responding

    10
    0 Votes
    10 Posts
    1k Views
    T

    @viragomann

    "Host Matches" in my Case works only when also setting to "use defaults"

  • phpMyAdmin behind HAProxy

    2
    0 Votes
    2 Posts
    334 Views
    C

    I was able to solve the issue by shifting the redirect rules for phpmyadmin to the frontend instead of trying to path it out on the backend. This resolved the issue for me.

    Front End
    e80ffba8-07fd-4520-8b54-abf5e3bdff8e-image.png

    dd4aa560-b111-4f7a-8489-ef46975a5039-image.png

    Since the pathing now happens in the front end, I was able to clean up the backend and it's just a simple passthrough in the case of phpmyadmin.

    Hopefully, this helps someone else out too. There's probably a more elegant way to solve this, but it did the trick for me.

  • ACL with multi Action

    2
    0 Votes
    2 Posts
    257 Views
    V

    @jonny190 said in ACL with multi Action:

    in to one rule, i can get the first line in just not the seccond

    So add a second one.
    The original config has also two rule for what you want.

    BTW: the original rule looks a bit different than yours. It seems, to also replace the last octet of the IP.

  • Sqstat Issue

    Moved
    17
    0 Votes
    17 Posts
    4k Views
    N

    @anemacuore 2.8.0 is work (update)

  • HAProxy Seems to Forward to wrong Backend Port

    8
    0 Votes
    8 Posts
    2k Views
    P

    Hi, a few weeks ago the same problem, HAProxy was working fine about 3 years ago.

    I try pfsense version 2.6, 2.7, 2.8beta and now 2.8. Haproxy and haproxy-devel. no success.

    Its like a cache, when request the first acl rule, the next use the same rule.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.