• HAProxy TCP mode has problem with option Transparent ClientIP enabled

    7
    0 Votes
    7 Posts
    4k Views
    S

    Hi
    Thank you PiBa, you were right, the problem was windows servers, that did not return the traffic, I talked to our windows and network administrator, and they corrected the routing.
    now everything is working.
    thanks

  • 0 Votes
    6 Posts
    1k Views
    ?

    What we are talking about is getting reports on the captive portal users with their user ID instead of their IP address using the Squid captive portal authentication method.

    Ahh ok now I understand it better!

  • SquidGuard only blocking facebook on some computers

    7
    0 Votes
    7 Posts
    2k Views
    BBcan177B

    dgall, if you continue to block using IPs, it's much more practical to use pfBlockerNG to download the list of IPs from "Hurricane Electric" and the package will download updates on a frequent basis.

    See the following thread (#6) -

    https://forum.pfsense.org/index.php?topic=86212.msg485046#msg485046

  • SquidGuard

    1
    0 Votes
    1 Posts
    807 Views
    No one has replied
  • Squid3+ squidGuard transparent https and facebook (unblock)

    6
    0 Votes
    6 Posts
    2k Views
    KOMK

    Yeah, you can't go around blocking CDNs or you will have problems with lots of popular sites.

  • Squid3 recently very slow

    13
    0 Votes
    13 Posts
    5k Views
    L

    So I am still not sure exactly what the heck is going on. In some cases, it does appear that SYNs are not being responded to. I am not sure why. Then shortly after, it works…???

    I added the following to my Squid config, on the General tab in the "Custom ACLS (Before_Auth)" section, and this is helping a lot...though still not good enough for "production":

    connect_timeout 2 forward_max_tries 2 connect_retries 2
  • Squid advised

    2
    0 Votes
    2 Posts
    864 Views
    C

    Time to upgrade.

  • Squid3 3.4.10_2 pkg 0.2.7 do not have proxy settings

    2
    0 Votes
    2 Posts
    903 Views
    U

    answering my question

    I used custom options - Custom ACLS (Before_Auth) and put

    cache_peer 138.203.144.56 parent 1080 7 no-query
    never_direct allow all

    it works now.

  • Squid ssl_error_bad_cert_domain for non html requests

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Warning: Invalid argument supplied for foreach()

    3
    0 Votes
    3 Posts
    1k Views
    J

    @BBcan177:

    pkg_edit.php is used in several places, you will need to provide more details to see what the issue is.

    When I try to use the group acl as pictured

    As you can see it displays the warning and error message and the drop down is empty.
    I looked at the file and it looks like this:

    576 - $size = ($pkga['size'] ? " size='{$pkga['size']}' " : "");
    577 - $onchange = (isset($pkga['onchange']) ? "onchange="{$pkga['onchange']}"" : '');
    578 - $input = "<select id="" . $pkga[" fieldname']="" .="" "'="" $multiple="" $size="" $onchange="" name="&quot;$fieldname&quot;">\n";579 - foreach ($pkga['options']['option'] as $opt) {580 - $selected = (in_array($opt['value'], $items) ? 'selected="selected"' : '');581 - $input .= "\t<option value="&quot;{$opt['value']}&quot;" {$selected}="">{$opt['name']}</option>\n";582 - }But of course I have no idea what the error is.ThanksJabo</select>

  • Reload service haproxy

    2
    0 Votes
    2 Posts
    1k Views
    P

    Its not possible to manually edit the config files and keep your changes when for example rebooting.. For haproxy you could configure most items manually by using the 'advanced' textbox on the settings tab if you really want to..

    Though haproxy 1.5 packages allow for configuring certificates from its gui..

  • About the version haproxy

    2
    0 Votes
    2 Posts
    919 Views
    P

    1.4 and 1.5 both support 'redirect scheme'
    http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#redirect
    http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#redirect

    For ssl-offloading at least 1.5 is required.
    http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-crt

    You can install it by using the haproxy-1_5 or haproxy-devel package.

  • Squid with c-icap Anti Virus

    3
    0 Votes
    3 Posts
    1k Views
    M

    i had to leave it off as well. the file mods suggested in the forum did not work for me. waiting for a package upgrade

  • NAT Port redirection not working.

    6
    0 Votes
    6 Posts
    2k Views
    J

    @marcelloc:

    @aaronouthier:

    So, I'm using DansGuardian and Squid together. I need to port forward ports 80 & 443 outgoing to port 8080 (DansGuardian) for a type of transparent Proxy Proxy use.

    SSL port will not work on dansguardian for transparent proxy.

    :(

    I am looking for help with Dansguardian SSL support with Squid3-dev on Non-transparent mode.  I am still on pfsense 2.1.5, using the DG and Squid3-dev packages as they come with the pfsense packages.

    The HTTPS sites are blocked succesfully and access succesfully when allowed.  The problem is that when blocked, it does not redirect to the access denied HTML template page, as done with the HTTP sites, but the browsers return a generic error connection page.

    Please tell me what information do you need from me, in order to be able to help me.

    I tried to start a thread for this, but I did not get any reply.

    https://forum.pfsense.org/index.php?topic=91012.msg505084#msg505084

    At least tell me if this can not be solved.

  • Squid3 HTTPS and SNI

    3
    0 Votes
    3 Posts
    1k Views
    D

    Well i guess it was just too late for me to play with Squid.
    SNI is working indeed, the right client certificate is selected even on servers with multiple SSL certificates per vhost.

    Sorry for the post here :)

  • Squid3 Not Wanting to Allow Traffic From Specific Interfaces

    5
    0 Votes
    5 Posts
    1k Views
    KOMK

    Anything in /var/squid/logs/cache.log?

  • Squid failed frequently, cache rotate issue? Disk consistency?

    3
    0 Votes
    3 Posts
    1k Views
    F

    Yes,

    I recreate the cache and deactivate the cron. Since that no more problem on squid except that the cache is not clearing each day ;-).

    I'll retry the command once I will have less traffic

  • SquidGuard-squid3 not in GUI

    3
    0 Votes
    3 Posts
    1k Views
    KOMK

    1.  Squidguard requires Squid.
    2.  You only need to install one instance of SquidGuard: the one that goes with your version of squid.

    You have three SquidGuards installed and no Squid.  No wonder it doesn't work.

    Here is what to do:

    1.  Install Squid3.
    2.  Install SquidGuard-squid3.

  • Any chance of getting a working transparent proxy again?

    4
    0 Votes
    4 Posts
    1k Views
    S

    I've just come back to the forum hoping to find that the transparent proxy issue has been fixed, but apparently not. Worked beautifully up until 2.2 and then a massive step backwards. The issue seems to be that redirection is not working (see HERE), not that squid isn't working. Does nobody test releases on i386? Part of the attraction of pfsense is (was) that it would run perfectly on older hardware.

    Please let's see this resolved.

    Steve

  • SARG Fatal error - CLOSED

    3
    0 Votes
    3 Posts
    1k Views
    L

    system seems ok now…

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.