Cache&#x2F;Proxy

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Cache/Proxy

Z

Create config to deny all except sites on white list
• zsolt.tolnay

1

0
Votes

1
Posts

12
Views

No one has replied
Z

HAProxy noob (SONARR NZBGET RADARR etc…)
• zanesavage

35

1
Votes

35
Posts

2051
Views

R

What do you put in the Base URL on Ombi, Sonarr, etc. when using HAProxy? EDIT: I think I found the answer. You don't need it unless you want /ombi for example after your domain name. (yourdomain.com/ombi)
S

SSL error on gmail
• shyamhpd

1

0
Votes

1
Posts

30
Views

No one has replied
R

setup lets encrypy behind haproxy
• rajbps

1

0
Votes

1
Posts

13
Views

No one has replied
R

HAProxy logging issues
• rajbps

3

0
Votes

3
Posts

27
Views

R

Hi PiBa, As usual you saved the day. that did the job and its now back to logging on the local file or even in remote syslog
P

PfSense, HAProxy and Fail2ban
• ProxyMoron

8

0
Votes

8
Posts

3354
Views

L

@JeGr hi! I dont have trouble with ssh service because we are prohibited access to ssh on wan on all out system frontends... including webadmin(for example i cant connect from home to pfsense webadmin or terminal services, thats is part of our security policy) for example we are worried with imap, postfix and webmail there are the only services to internet space with authentication, maybe this is not a pfsense topic... thanks for u tips, i will go to read somes manual and man pages and look for somes examples and look on fail2ban mail-list to ask how i can make my own action ban and make it to block ip on somes pfsesen box using easyrule or pfssh.php script.. thanks! sorry my englis please. regards
Unofficial E2guardian package for pfSense
• marcelloc

1135

2
Votes

1135
Posts

153937
Views

P

@arch113 Follow these steps to enable unofficial repos and get E2Guardian to show up: Install "patch" package from package manager. System > Patches > click "Add New Patch" button. Description: e2guardian patch URL/Commit ID: Leave empty Patch Contents: Copy/Paste all codes from here Path Strip Count: 1 Base Directory: / Ignore Whitespace: Clicked Auto Apply: Clicked Save and then click "Apply" button. That's all for now. Now go to shell and add repo of e2guardian by following command. fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.conf Go to Package Manager and try to search e2guardian. If you don't see any package reboot system.
HaProxy and Client Certeficate To ACL
• Soloam

6

0
Votes

6
Posts

37
Views

P

@Soloam You can simply uninstall the old and then install the new and the config will remain in place. Also if for some reason you want to go back that is the way. Though some 'extra' settings would then be 'lost'. Anyway always good to have a config backup :).
I

How to block secure websites (like Social, sports ,music etc).
• itsupport_debut

6

0
Votes

6
Posts

74
Views

Its also possible since your post has only been 1 day. And is in the wrong section... Your asking about how to filter https with squidguard.. Not Firewall.. Blocking only specific https sites with a firewall that are hosted off CDNs yeah going to be very difficult.. But blocking via proxy is not that difficult, you don't need to do mitm if your using explicit proxy (ie client directed to the proxy). But if doing it via transparent - then yes it becomes more difficult I have moved your thread to correct area so you might get an answer on how to do it with squidguard... But then again they prob just going tell you to RTFM ;) For example check out the hangout by jimp - he goes over all the different way to filter https traffic From the hangout https://youtu.be/xm_wEezrWf4 Moving to proxy section.
P

Help setting up Haproxy with google domain
• pintu1228

3

0
Votes

3
Posts

29
Views

P

@InterLoper thanks for that, I found a guide online for HAProxy and it mentions that I need to create a ddns (so I created home.domain.com), then it suggests to create cname for each subdomain(so for plex, I have plex (for the name field), cname (for the type), 1H (for TTL), home.domain.com (for data field)). Will this way work too? or should I follow what you suggested, to create a DDNS entry for each subdomain (plex, nextcloud, sonarr, radarr, sabnzbd, etc)? Which method do you recommend? Thanks for your help
Transparent without NAT
• skilledinept

1

0
Votes

1
Posts

21
Views

No one has replied
M

Reverse Inbound Proxy Web Auth
• mcamino

1

0
Votes

1
Posts

18
Views

No one has replied
M

Onedrive cannot connect to server behind Pfsense Proxy
pfsense 2.4.4 pfsense forum pfsense setup • • Mr.Trieu

2

0
Votes

2
Posts

29
Views

M

Does anyone have a way to resole it? Please help.
K

HA Proxy with VIP IP?
• killmasta93

1

0
Votes

1
Posts

82
Views

No one has replied
K

issue on NAT forwarding?
• killmasta93

5

0
Votes

5
Posts

51
Views

K

Thanks for the reply i think i had something on the states i rebooted and started working just have on quick question it might not be about this topic it has to do with HA proxy but on the same setup (first had to test out the NAT before proceding to HA) I have VIP 181.xx.xx.236 and my wan is 181.xx.xx238 but cant seem to get HA proxy working on the VIP i got working with the WAN see pictures Thank you
https filter with https://http:/*
• bfu

11

0
Votes

11
Posts

147
Views

S

@bfu said in https filter with https://http:/*: Looking into that now actually. FWIW this is in a tightly controlled RDS environment so I'm able to specify proxy settings via Group Policy without having to worry about WPAD "fun" yet. I'll report back if I find anything. Thanks for the insight Have you tried using e2guardian? much more stable as intercept other option works fine when ssl mitm is set
M

Proxy, i can ping any sites hostname but can't browse
• m-c-ila

9

0
Votes

9
Posts

49
Views

M

@bmeeks Thank you for your reply. I did the inter-vlan on cisco switch L3 and created static routes on pfsense ... From pfsense LAN i can ping the switch and other hosts. I am using a computer from a vlan and i still can ping google.com and i can access Pfsense webgui and get internet without proxy. That means vlans config is correct right ? I am having errors with https, and http pages it tells me it's not allowed to access these pages. Is there a rule to force traffic to pass through Proxy ? Ps: when i connect my laptop directly to pfsense everything works even proxy .
HAproxy + Acme package = 503 Error servers not available locally
dns haproxy • • InterLoper

4

0
Votes

4
Posts

205
Views

P

@interloper Do you have a guide on how you setup your google domain settings for your subdomains? I am trying to figure it out but having a hard time. Here is my open topic on this forum (https://forum.netgate.com/post/830593). Thanks
W

Squidguard Filter: Allow only certain IPs without disabling "Do not allow IP-Addresses in URL"
• Warudo

4

0
Votes

4
Posts

184
Views

N

@johnpoz said in Squidguard Filter: Allow only certain IPs without disabling "Do not allow IP-Addresses in URL": x My exact problem is I want to block all web traffic without using domain names. But there's some chat apps in China use port 80 and ip address for communication. So, if I disallow "IP addresses in URL", that chat app fails to connect to servers.
B

WPAD doesn't work
• Big80

11

0
Votes

11
Posts

234
Views

B

@kom OK the problem comes from the DHCP. I didn't put the localdomain. Now it works. It was never mentioned in the guides I followed. Thanks for your help!!!
P

Sarg Could not find report index file
• Poenskop

9

0
Votes

9
Posts

2576
Views

A

@poenskop Para solucionar el error Could not find report index file. Check and save sarg settings and try to force sarg schedule. Lo que hice fue cambiar el directorio de salida del reporte de sarg en el archivo sarg.conf para que quedara de la siguiente manera: Output dir (-o) = /usr/local/www/html/ después de esto en la consola crear un enlace simbólico hacia ese directorio ln -s /usr/local/www/html /usr/local/sarg-reports con esto se soluciono el problema ya pude ver el reporte y desapareció el mensaje Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.
A

How to use tcp_outgoing_address on different network?
• akong77

1

0
Votes

1
Posts

54
Views

No one has replied
M

HAProxy devel Multithreading
• michaelschefczyk

2

0
Votes

2
Posts

53
Views

P

@michaelschefczyk Recently (26-1-2019) haproxy itself removed the warning from their docs, the package on pfSense should get a little update to remove that warning as well.. "It was mentioned when releasing 1.8 but early bugs have long been addressed" http://git.haproxy.org/?p=haproxy.git;a=commit;h=1f672a8162eda18c404c6784dd749b6e061e2e4d Afaik there are no issues anymore.. (Which in the early days used to included haproxy crashes and hangs spinning at 100% cpu usage of a core..)
W

ssl-min-ver directive in Haproxy shared frontends
• wickeren

1

0
Votes

1
Posts

56
Views

No one has replied
V

HAProxy, Letsencrypt and synology
haproxy letsencrypt • • vacquah

1

0
Votes

1
Posts

63
Views

No one has replied
F

Outgoing traffic: add URL parameter via squid reverse proxy?
• fips

1

0
Votes

1
Posts

53
Views

No one has replied
S

HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE)
• sokolum

4

0
Votes

4
Posts

1047
Views

I

Hello Sokolum, The pictures you posted are gone, care to reup? I really want to follow what you put here!
T

Squid HTTPS Interception not working?
• tomstephens89

6

0
Votes

6
Posts

206
Views

T

@gertjan said in Squid HTTPS Interception not working?: For https port 3129 could be used I guess - example : https://www.microlinux.fr/squid-https-centos-7/ (Squid version 3.5). True, the official doc is hard to read. Well, in order to get this working, I have the SSL interception running on port 3129 and the main proxy on 3128. Pointing clients at 3129 for HTTPS results in no connectivity. However upon just telling clients to use 3128 for HTTP and HTTPS, I can see HTTPS Man in the middle working and the certificates are being issued by my CA as expected. This suggests that PfSense+Squid is doing some sort of redirection internally to 3129 for HTTPS, or the seperate port setting for HTTPS does nothing, and it just listens on 3128 full stop.
J

HAProxy + Intel QAT
• justme2

4

0
Votes

4
Posts

183
Views

J

Excellent news! Anxious to see it in operation.
J

allow haproxy to listen to wan port 80 (and stop redirecting to pfsense admin page)
• jason0

4

0
Votes

4
Posts

86
Views

P

@jason0 The HSTS cache can be a bit extra tricky to get rid of also.. Instructions for most browsers can be found though.
S

[HOWTO] Squid/Lightsquid Logs with MAC addresses - pfSense 2.3.2
• Shelter

4

0
Votes

4
Posts

1789
Views

G

The idea is right but the syntax is wrong. On 2.4.4-RELEASE-p2: Proxy Server -> General settings -> "Enable Access Logging" disabled (this prevents the default syntax to be loaded) Advanced features ("Show Advanced Options") -> Custom Options (Before Auth) -> logfile_rotate 30 debug_options rotate=30 logformat squid %{%d/%m/%Y_%H:%M:%S}tl %>eui %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt access_log /var/squid/logs/access_custom.log Save and reload Squid. You'll find the log in /var/squid/logs as defined in the general options page. Obviously You can customize the options according to your needs (timestamp, logrotate days, etc...)
L

Windows 10 updates blocked by proxy (squid)?
• lindsay

7

0
Votes

7
Posts

285
Views

J

I think problem isn't with squid, rather with Windows 10 - system proxy settings doesn't enought, I don't know why. But with winhtt set proxy it works. Respect for your work, KOM and best regards.
P

Haproxy and HTTP basic auth via gui
• paulsnoop

9

0
Votes

9
Posts

2985
Views

P

@itbrain Added the screenshots back..
S

Squid + Transparent + Bridge = Broken or Fixed?
• swmspam

1

0
Votes

1
Posts

79
Views

No one has replied
Squid 4.x
• Bismarck

7

0
Votes

7
Posts

1431
Views

R

Ok, thanks for your statement!
W

Squid not caching web data
• WhiteboardMarker

3

0
Votes

3
Posts

130
Views

W

Thanks KOM. Verified cache is working by going to https://www.google-analytics.com/analytics.js. Seeing TCP_MEM_HIT/200 when I go the javascript file hosted by Google.
S

HAproxy: ACL with weaker SSL-ciphers for one IP possible?
• sgw

1

0
Votes

1
Posts

80
Views

No one has replied
K

Issue with slow authentication on squid?
• killmasta93

3

0
Votes

3
Posts

106
Views

K

thanks for the reply, i was checking the logs and your right something odd with the active directory but i ended up using the local authentication created all the users
Squid/Clamav: Wrong redirect URL
• Pippin

7

0
Votes

7
Posts

3486
Views

K

@rggolbraich said in Squid/Clamav: Wrong redirect URL: I know its an old post but here is my solution to the same problem. Solution: when I installed pfSense with all packages I use, I gave it a domain name. After some while, i changed the domain name to my DC, somehow SquidClamAV keeps the old data so I get pointed to unavailable address. To fix this issue I edited 2 files: (Diagnostics - Edit File) /usr/local/etc/c-icap/squidclamav.conf /usr/local/etc/c-icap/squidclamav.conf.pfsense Why them both? because every time I edited the .conf file my settings get back to what it was. after changing them both pfSense kept the configuration and problem were fixed. Thanks for this. Two years later and still a bug.
K

Proxy Issue wpad?
• killmasta93

11

0
Votes

11
Posts

311
Views

Glad its working for you now.

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

1 / 60

Create config to deny all except sites on white list • zsolt.tolnay

HAProxy noob (SONARR NZBGET RADARR etc…) • zanesavage

SSL error on gmail • shyamhpd

setup lets encrypy behind haproxy • rajbps

HAProxy logging issues • rajbps

PfSense, HAProxy and Fail2ban • ProxyMoron

Unofficial E2guardian package for pfSense • marcelloc

HaProxy and Client Certeficate To ACL • Soloam

How to block secure websites (like Social, sports ,music etc). • itsupport_debut

Help setting up Haproxy with google domain • pintu1228

Transparent without NAT • skilledinept

Reverse Inbound Proxy Web Auth • mcamino

Onedrive cannot connect to server behind Pfsense Proxy pfsense 2.4.4 pfsense forum pfsense setup • • Mr.Trieu

HA Proxy with VIP IP? • killmasta93

issue on NAT forwarding? • killmasta93

https filter with https://http:/* • bfu

Proxy, i can ping any sites hostname but can't browse • m-c-ila

HAproxy + Acme package = 503 Error servers not available locally dns haproxy • • InterLoper

Squidguard Filter: Allow only certain IPs without disabling "Do not allow IP-Addresses in URL" • Warudo

WPAD doesn't work • Big80

Sarg Could not find report index file • Poenskop

How to use tcp_outgoing_address on different network? • akong77

HAProxy devel Multithreading • michaelschefczyk

ssl-min-ver directive in Haproxy shared frontends • wickeren

HAProxy, Letsencrypt and synology haproxy letsencrypt • • vacquah

Outgoing traffic: add URL parameter via squid reverse proxy? • fips

HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE) • sokolum

Squid HTTPS Interception not working? • tomstephens89

HAProxy + Intel QAT • justme2

allow haproxy to listen to wan port 80 (and stop redirecting to pfsense admin page) • jason0

[HOWTO] Squid/Lightsquid Logs with MAC addresses - pfSense 2.3.2 • Shelter

Windows 10 updates blocked by proxy (squid)? • lindsay

Haproxy and HTTP basic auth via gui • paulsnoop

Squid + Transparent + Bridge = Broken or Fixed? • swmspam

Squid 4.x • Bismarck

Squid not caching web data • WhiteboardMarker

HAproxy: ACL with weaker SSL-ciphers for one IP possible? • sgw

Issue with slow authentication on squid? • killmasta93

Squid/Clamav: Wrong redirect URL • Pippin

Proxy Issue wpad? • killmasta93

Products

Applications

Support

Services

News

Resources

Company

Our Mission

Subscribe to our Newsletter

Create config to deny all except sites on white list
• zsolt.tolnay

HAProxy noob (SONARR NZBGET RADARR etc…)
• zanesavage

SSL error on gmail
• shyamhpd

setup lets encrypy behind haproxy
• rajbps

HAProxy logging issues
• rajbps

PfSense, HAProxy and Fail2ban
• ProxyMoron

Unofficial E2guardian package for pfSense
• marcelloc

HaProxy and Client Certeficate To ACL
• Soloam

How to block secure websites (like Social, sports ,music etc).
• itsupport_debut

Help setting up Haproxy with google domain
• pintu1228

Transparent without NAT
• skilledinept

Reverse Inbound Proxy Web Auth
• mcamino

Onedrive cannot connect to server behind Pfsense Proxy
pfsense 2.4.4 pfsense forum pfsense setup • • Mr.Trieu

HA Proxy with VIP IP?
• killmasta93

issue on NAT forwarding?
• killmasta93

https filter with https://http:/*
• bfu

Proxy, i can ping any sites hostname but can't browse
• m-c-ila

HAproxy + Acme package = 503 Error servers not available locally
dns haproxy • • InterLoper

Squidguard Filter: Allow only certain IPs without disabling "Do not allow IP-Addresses in URL"
• Warudo

WPAD doesn't work
• Big80

Sarg Could not find report index file
• Poenskop

How to use tcp_outgoing_address on different network?
• akong77

HAProxy devel Multithreading
• michaelschefczyk

ssl-min-ver directive in Haproxy shared frontends
• wickeren

HAProxy, Letsencrypt and synology
haproxy letsencrypt • • vacquah

Outgoing traffic: add URL parameter via squid reverse proxy?
• fips

HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE)
• sokolum

Squid HTTPS Interception not working?
• tomstephens89

HAProxy + Intel QAT
• justme2

allow haproxy to listen to wan port 80 (and stop redirecting to pfsense admin page)
• jason0

[HOWTO] Squid/Lightsquid Logs with MAC addresses - pfSense 2.3.2
• Shelter

Windows 10 updates blocked by proxy (squid)?
• lindsay

Haproxy and HTTP basic auth via gui
• paulsnoop

Squid + Transparent + Bridge = Broken or Fixed?
• swmspam

Squid 4.x
• Bismarck

Squid not caching web data
• WhiteboardMarker

HAproxy: ACL with weaker SSL-ciphers for one IP possible?
• sgw

Issue with slow authentication on squid?
• killmasta93

Squid/Clamav: Wrong redirect URL
• Pippin

Proxy Issue wpad?
• killmasta93