It is not safe.

@look2:

I found this one, but i Don't have any "custom options"

Click on advanced button on squid general tab to see custom options fields.

I used this thread starting at reply #72:

https://forum.pfsense.org/index.php?topic=87982.60

It works now:

Went to IIS Manager -> Default web site -> Bindings -> Edit Https/443 -> Check Require Server Name Indication -> Hostname (enter the url hostname) and press OK.

Seems that this is required under special circumstances.

Thanks for the help!

Sometimes it takes a bit.

This is a clip from my realtime view on squid_monitor.php

Message
bytecode.cld is up to date (version: 301, sigs: 58, f-level: 63, builder: anvilleg)
safebrowsing.cld is up to date (version: 45957, sigs: 2889505, f-level: 63, builder: google)
daily.cld is up to date (version: 23401, sigs: 2075458, f-level: 63, builder: neo)
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
ClamAV update process started at Sat May 20 12:18:00 2017
–------------------------------------
Clamd successfully notified about the update.
Database updated (9183811 signatures) from db.us.clamav.net (IP: 200.236.31.1)
bytecode.cld is up to date (version: 301, sigs: 58, f-level: 63, builder: anvilleg)
safebrowsing.cld updated (version: 45957, sigs: 2889505, f-level: 63, builder: google)
Downloading safebrowsing-45957.cdiff [100%]
daily.cld updated (version: 23401, sigs: 2075458, f-level: 63, builder: neo)
Downloading daily-23401.cdiff [100%]
Trying host db.us.clamav.net (200.236.31.1)…
Can't connect to port 80 of host db.us.clamav.net (IP: 64.6.100.177)
nonblock_connect: connect timing out (30 secs)
Trying host db.us.clamav.net (64.6.100.177)...
Can't connect to port 80 of host db.us.clamav.net (IP: 168.143.19.95)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.us.clamav.net (IP: 208.72.56.53)

If you're running in transparent mode then there is no need to block anything on LAN.

I've been having issues with the certificate system as well. The process seems so simple in pfSense, but my windows systems don't seem to like the certificates (I haven't tried it on any of my other computers yet). In fact I had to download Firefox because Chrome wouldn't even allow me to add an exception to reach pfSense after changing the web GUI certificate.

As a test to see if your CA is working in windows you could create a cert for the web GUI. Then try to access the web GUI via HTTPS.

What I would really like to do is create a CA in active directory, then import that to pfSense as the CA to use, but for the life of me I can't figure it out.

Why do you need regex for this? Why not use host overrides?

Point mydomain1 to server 1
Mydomain2 to server 2

@JSONSec:

I have a similar issue. Splice All enabled, yet when I enable it all HTTPS fail. It's driving me nuts.

Same problem here.

If I Use explicit proxy in the config all is ok, but in transparent mode with Splice All enabled, HTTPS fails.

Sorry about the noob question in advance, but can someone please advise or point me in the right direction on how to update to the fix? I have tried a reinstall and it hasn't worked.

yes, this I mean with the information from me that I pushed everytime the apply buttom after each change.

Hi,

After a workaround I found that addin append domain in squid fixed the issue.

Why this has changed ? I have been using squid pf for a year and had no issues.

Thnx

Any way to debug this rules?

I am seeing 127.0.0.1:8021 connection to destination ftp server on port 21.
Then another connection to my IP on random high pot ie. 35145 however no traffic seem to pass back me.
I would assume NAT isn't translating the traffic back to me.

I did traffic check on router and I got this connections:

WAN tcp WAN_IP:40578 (WAN_Virtual_IP:6304) -> ExternalFTPServer:21      ESTABLISHED:ESTABLISHED
LAN tcp ExternalFTPServer:61821 (ExternalFTPServer:53869) <- ClientIP:53088      FIN_WAIT_2:ESTABLISHED
WAN tcp WAN_Virtual_IP:38724 (ClientIP:53088) -> ExternalFTPServer:61821      ESTABLISHED:FIN_WAIT_2
LAN tcp 127.0.0.1:8021 (ExternalFTPServer:21) <- ClientIP:53087      ESTABLISHED:ESTABLISHED

So some traffic is going over proxy and extenral ftp server

Edit: Active mode works with this proxy, passive not. Tested with command line client on linux