Cache/Proxy

• 

  Transparent without NAT
  • skilledinept  

  1
  0
  Votes
  1
  Posts
  8
  Views

  No one has replied

• M

  Reverse Inbound Proxy Web Auth
  • mcamino  

  1
  0
  Votes
  1
  Posts
  5
  Views

  No one has replied

• P

  Help setting up Haproxy with google domain
  • pintu1228  

  2
  0
  Votes
  2
  Posts
  18
  Views

  

  At domains.goole.com (which you have clearly found already) under the synthetic records section, change the drop down to "Dynamic DNS" then add a record for each sub-domain you want to google to send to your server. In the pfSense under the Services menu > Dynamic DNS, create a record for each sub domain you're using and enter the credentials provided by google. When you first enter them in pfSense, it will immediately test the domain ownership with google and show green if successful. On subsequent attempts, you can Save and Force Update for the same validation. Once validated, you can go back to the Dynamic DNS record in google and see your public IP address. Let me know if you have questions.
• P

  PfSense, HAProxy and Fail2ban
  • ProxyMoron  

  5
  0
  Votes
  5
  Posts
  3284
  Views

  

  Besides that a HAproxy request, it reads as if it's a fail2ban problem, isn't it? If you receive the X-Forwarded-For header and hand that to fail2ban it should ban the correct IP otherwise one should have to rewrite the ban-action or do a custom one? Another possibility would be to change your Owncloud Webserver to actually log the X-Forwarded-For IP instead of the client IP (haproxy itself). Then your fail2ban should actually read the correct IP from the log. Third possibility is something we do for a few customers: we set up fail2ban on their servers for a couple of different web apps and run it on the apps logfiles. If some conditions are met (e.g. trying for SQL injections or requestion known PHP shell URLs), the IP gets "blacklisted" by Fail2Ban, but the ban action is actually a HTTP POST to a central server that reports the source server, project, URL, IP and reason that IP is "reported". That is written into a small database and a web server on top of it serves that data as simple URL blacklist with various options (show only banned IPs from certain projects etc.). So via this URL you can setup pfSense and pfBlockerNG to refresh one or more various blocklists to your liking and use them in filter rules. So we can filter out IPs for different project either depending on IPs getting blocked from their services only or by the "collective" of all customers reporting "shady things" ;) Greets
• M

  Onedrive cannot connect to server behind Pfsense Proxy
  pfsense 2.4.4 pfsense forum pfsense setup • • Mr.Trieu  

  2
  0
  Votes
  2
  Posts
  22
  Views

  M

  Does anyone have a way to resole it? Please help.
• 

  HaProxy and Client Certeficate To ACL
  • Soloam  

  4
  0
  Votes
  4
  Posts
  25
  Views

  P

  @Soloam Do have the haproxy 1.8 package installed? The 1.7 one does not support different certificate options for different domains / sni's by using crt-list with different binding configurations. And though the package is called 'haproxy-devel' the 1.8 version of haproxy is actually a 'stable' version..
• K

  HA Proxy with VIP IP?
  • killmasta93  

  1
  0
  Votes
  1
  Posts
  81
  Views

  No one has replied

• K

  issue on NAT forwarding?
  • killmasta93  

  5
  0
  Votes
  5
  Posts
  49
  Views

  K

  Thanks for the reply i think i had something on the states i rebooted and started working just have on quick question it might not be about this topic it has to do with HA proxy but on the same setup (first had to test out the NAT before proceding to HA) I have VIP 181.xx.xx.236 and my wan is 181.xx.xx238 but cant seem to get HA proxy working on the VIP i got working with the WAN see pictures Thank you
• 

  https filter with https://http:/*
  • bfu  

  11
  0
  Votes
  11
  Posts
  138
  Views

  S

  @bfu said in https filter with https://http:/*: Looking into that now actually. FWIW this is in a tightly controlled RDS environment so I'm able to specify proxy settings via Group Policy without having to worry about WPAD "fun" yet. I'll report back if I find anything. Thanks for the insight Have you tried using e2guardian? much more stable as intercept other option works fine when ssl mitm is set
• M

  Proxy, i can ping any sites hostname but can't browse
  • m-c-ila  

  9
  0
  Votes
  9
  Posts
  46
  Views

  M

  @bmeeks Thank you for your reply. I did the inter-vlan on cisco switch L3 and created static routes on pfsense ... From pfsense LAN i can ping the switch and other hosts. I am using a computer from a vlan and i still can ping google.com and i can access Pfsense webgui and get internet without proxy. That means vlans config is correct right ? I am having errors with https, and http pages it tells me it's not allowed to access these pages. Is there a rule to force traffic to pass through Proxy ? Ps: when i connect my laptop directly to pfsense everything works even proxy .
• 

  HAproxy + Acme package = 503 Error servers not available locally
  dns haproxy • • InterLoper  

  4
  0
  Votes
  4
  Posts
  201
  Views

  P

  @interloper Do you have a guide on how you setup your google domain settings for your subdomains? I am trying to figure it out but having a hard time. Here is my open topic on this forum (https://forum.netgate.com/post/830593). Thanks
• 

  Unofficial E2guardian package for pfSense
  • marcelloc  

  1134
  1
  Votes
  1134
  Posts
  153820
  Views

  P

  @la6er said in Unofficial E2guardian package for pfSense: Hi all, anyone faicing issues with the realtime tab after update to 5.3.1_1? only 1 gruop is been displayed on the tab, while using e2g format, if I change to squid format everything shows up, all my groups and traffic reported normally on the real time tab I use Squid Format and had issues too. Had to switch to E2guardian format temporarily, uninstall E2 Guardian, install again and then switch back to Squid format and then it started to work. Give this a go the other way around for E2 Guardian format, it is a weird bug but those are the steps that fixed it for me.
• W

  Squidguard Filter: Allow only certain IPs without disabling "Do not allow IP-Addresses in URL"
  • Warudo  

  4
  0
  Votes
  4
  Posts
  161
  Views

  N

  @johnpoz said in Squidguard Filter: Allow only certain IPs without disabling "Do not allow IP-Addresses in URL": x My exact problem is I want to block all web traffic without using domain names. But there's some chat apps in China use port 80 and ip address for communication. So, if I disallow "IP addresses in URL", that chat app fails to connect to servers.
• B

  WPAD doesn't work
  • Big80  

  11
  0
  Votes
  11
  Posts
  218
  Views

  B

  @kom OK the problem comes from the DHCP. I didn't put the localdomain. Now it works. It was never mentioned in the guides I followed. Thanks for your help!!!
• P

  Sarg Could not find report index file
  • Poenskop  

  9
  0
  Votes
  9
  Posts
  2575
  Views

  A

  @poenskop Para solucionar el error Could not find report index file. Check and save sarg settings and try to force sarg schedule. Lo que hice fue cambiar el directorio de salida del reporte de sarg en el archivo sarg.conf para que quedara de la siguiente manera: Output dir (-o) = /usr/local/www/html/ después de esto en la consola crear un enlace simbólico hacia ese directorio ln -s /usr/local/www/html /usr/local/sarg-reports con esto se soluciono el problema ya pude ver el reporte y desapareció el mensaje Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.
• A

  How to use tcp_outgoing_address on different network?
  • akong77  

  1
  0
  Votes
  1
  Posts
  52
  Views

  No one has replied

• M

  HAProxy devel Multithreading
  • michaelschefczyk  

  2
  0
  Votes
  2
  Posts
  52
  Views

  P

  @michaelschefczyk Recently (26-1-2019) haproxy itself removed the warning from their docs, the package on pfSense should get a little update to remove that warning as well.. "It was mentioned when releasing 1.8 but early bugs have long been addressed" http://git.haproxy.org/?p=haproxy.git;a=commit;h=1f672a8162eda18c404c6784dd749b6e061e2e4d Afaik there are no issues anymore.. (Which in the early days used to included haproxy crashes and hangs spinning at 100% cpu usage of a core..)
• W

  ssl-min-ver directive in Haproxy shared frontends
  • wickeren  

  1
  0
  Votes
  1
  Posts
  56
  Views

  No one has replied

• V

  HAProxy, Letsencrypt and synology
  haproxy letsencrypt • • vacquah  

  1
  0
  Votes
  1
  Posts
  61
  Views

  No one has replied

• F

  Outgoing traffic: add URL parameter via squid reverse proxy?
  • fips  

  1
  0
  Votes
  1
  Posts
  53
  Views

  No one has replied

• S

  HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE)
  • sokolum  

  4
  0
  Votes
  4
  Posts
  1039
  Views

  I

  Hello Sokolum, The pictures you posted are gone, care to reup? I really want to follow what you put here!
• T

  Squid HTTPS Interception not working?
  • tomstephens89  

  6
  0
  Votes
  6
  Posts
  197
  Views

  T

  @gertjan said in Squid HTTPS Interception not working?: For https port 3129 could be used I guess - example : https://www.microlinux.fr/squid-https-centos-7/ (Squid version 3.5). True, the official doc is hard to read. Well, in order to get this working, I have the SSL interception running on port 3129 and the main proxy on 3128. Pointing clients at 3129 for HTTPS results in no connectivity. However upon just telling clients to use 3128 for HTTP and HTTPS, I can see HTTPS Man in the middle working and the certificates are being issued by my CA as expected. This suggests that PfSense+Squid is doing some sort of redirection internally to 3129 for HTTPS, or the seperate port setting for HTTPS does nothing, and it just listens on 3128 full stop.
• J

  HAProxy + Intel QAT
  • justme2  

  4
  0
  Votes
  4
  Posts
  180
  Views

  J

  Excellent news! Anxious to see it in operation.
• J

  allow haproxy to listen to wan port 80 (and stop redirecting to pfsense admin page)
  • jason0  

  4
  0
  Votes
  4
  Posts
  86
  Views

  P

  @jason0 The HSTS cache can be a bit extra tricky to get rid of also.. Instructions for most browsers can be found though.
• S

  [HOWTO] Squid/Lightsquid Logs with MAC addresses - pfSense 2.3.2
  • Shelter  

  4
  0
  Votes
  4
  Posts
  1770
  Views

  G

  The idea is right but the syntax is wrong. On 2.4.4-RELEASE-p2: Proxy Server -> General settings -> "Enable Access Logging" disabled (this prevents the default syntax to be loaded) Advanced features ("Show Advanced Options") -> Custom Options (Before Auth) -> logfile_rotate 30 debug_options rotate=30 logformat squid %{%d/%m/%Y_%H:%M:%S}tl %>eui %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt access_log /var/squid/logs/access_custom.log Save and reload Squid. You'll find the log in /var/squid/logs as defined in the general options page. Obviously You can customize the options according to your needs (timestamp, logrotate days, etc...)
• L

  Windows 10 updates blocked by proxy (squid)?
  • lindsay  

  7
  0
  Votes
  7
  Posts
  279
  Views

  J

  I think problem isn't with squid, rather with Windows 10 - system proxy settings doesn't enought, I don't know why. But with winhtt set proxy it works. Respect for your work, KOM and best regards.
• P

  Haproxy and HTTP basic auth via gui
  • paulsnoop  

  9
  0
  Votes
  9
  Posts
  2978
  Views

  P

  @itbrain Added the screenshots back..
• S

  Squid + Transparent + Bridge = Broken or Fixed?
  • swmspam  

  1
  0
  Votes
  1
  Posts
  77
  Views

  No one has replied

• 

  Squid 4.x
  • Bismarck  

  7
  0
  Votes
  7
  Posts
  1416
  Views

  R

  Ok, thanks for your statement!
• W

  Squid not caching web data
  • WhiteboardMarker  

  3
  0
  Votes
  3
  Posts
  126
  Views

  W

  Thanks KOM. Verified cache is working by going to https://www.google-analytics.com/analytics.js. Seeing TCP_MEM_HIT/200 when I go the javascript file hosted by Google.
• S

  HAproxy: ACL with weaker SSL-ciphers for one IP possible?
  • sgw  

  1
  0
  Votes
  1
  Posts
  79
  Views

  No one has replied

• K

  Issue with slow authentication on squid?
  • killmasta93  

  3
  0
  Votes
  3
  Posts
  105
  Views

  K

  thanks for the reply, i was checking the logs and your right something odd with the active directory but i ended up using the local authentication created all the users
• 

  Squid/Clamav: Wrong redirect URL
  • Pippin  

  7
  0
  Votes
  7
  Posts
  3466
  Views

  K

  @rggolbraich said in Squid/Clamav: Wrong redirect URL: I know its an old post but here is my solution to the same problem. Solution: when I installed pfSense with all packages I use, I gave it a domain name. After some while, i changed the domain name to my DC, somehow SquidClamAV keeps the old data so I get pointed to unavailable address. To fix this issue I edited 2 files: (Diagnostics - Edit File) /usr/local/etc/c-icap/squidclamav.conf /usr/local/etc/c-icap/squidclamav.conf.pfsense Why them both? because every time I edited the .conf file my settings get back to what it was. after changing them both pfSense kept the configuration and problem were fixed. Thanks for this. Two years later and still a bug.
• K

  Proxy Issue wpad?
  • killmasta93  

  11
  0
  Votes
  11
  Posts
  309
  Views

  

  Glad its working for you now.
• X

  2.3 - Squid reinstallation fails
  • xoxys  

  14
  0
  Votes
  14
  Posts
  5252
  Views

  M

  @powerrc This worked for me. Thank you very much.
• K

  Quick Question about LDAP proxy
  • killmasta93  

  1
  0
  Votes
  1
  Posts
  80
  Views

  No one has replied

• R

  pfsense squid not connecting through an upstream proxy
  • rllanes2004  

  1
  0
  Votes
  1
  Posts
  78
  Views

  No one has replied

• L

  help setting the Public Key Pinning in HAProxy
  • luisenrique  

  13
  0
  Votes
  13
  Posts
  269
  Views

  

  We both learned a bit ;) Thanks for the questions, it got me playing with HA proxy and ACME.. I had not had a reason to use them until you brought up the question(s) After that I had no excuse not to use them and fired up a shared port for my openvpn that listens on 443 and then hands off to ha proxy so I can use https with my ombi plex request system via https ;) Win Win all around I would say!
• M

  Proxy problem on the guest router
  • mikekoke  

  2
  0
  Votes
  2
  Posts
  208
  Views

  M

  If you still have a query related to proxies issues on guest router so in that case I'm recommending you to use VPN as With a VPN for Router, protect every device that connects to the internet. Get FastestVPN and open endless possibilities on all your devices.
• W

  Solved: How to cache musics from music site
  • waldopulanco  

  2
  0
  Votes
  2
  Posts
  224
  Views

  M

  Mp3Tomato is a website that supports free Mp3 download.