Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense Packages
    3. Cache/Proxy
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • B

      Squid in transparent mode with splice_all generates lot of error:transaction-end-before-headers
      • bole5

      1
      0
      Votes
      1
      Posts
      181
      Views

      No one has replied

    • R

      Setup X-Forwarded-Proto in GUI?
      • randybarth

      1
      0
      Votes
      1
      Posts
      13
      Views

      No one has replied

    • S

      Increase HAProxy Backend Server Session Limit
      haproxy • • stjohnp89

      3
      0
      Votes
      3
      Posts
      339
      Views

      U

      hey there, were you able to do this?

    • R

      Squidguard stops working with an invalid Client(source) IP address
      • radster

      1
      0
      Votes
      1
      Posts
      9
      Views

      No one has replied

    • V

      Client FTP Proxy on ipsec interface
      • vMario

      1
      0
      Votes
      1
      Posts
      4
      Views

      No one has replied

    • M

      Target Categories, get the word block on the error page
      • manu13

      1
      0
      Votes
      1
      Posts
      10
      Views

      No one has replied

    • S

      Squid HTTPS Transparent proxy with Splice All + SquidGuard Blacklist (No client certificate): Cannot send snapchat messages. No block messages seen in SquidGuard log.
      • sultanofswing

      1
      0
      Votes
      1
      Posts
      17
      Views

      No one has replied

    • H

      Filtering traffic using web proxy on opnsense
      • Hiram35

      1
      0
      Votes
      1
      Posts
      35
      Views

      No one has replied

    • S

      Squid HTTPS Transparent proxy with Splice All + SquidGuard Blacklist (No client certificate): Safesearch option does not seem to work
      • sultanofswing

      1
      0
      Votes
      1
      Posts
      14
      Views

      No one has replied

    • L

      How to reject requested path without getting to webserver with HaProxy
      • LakeWorthB

      4
      0
      Votes
      4
      Posts
      17
      Views

      Derelict

      So match the URL and use http-request deny in the frontend.

      https://www.haproxy.com/blog/introduction-to-haproxy-acls/

    • sahan

      How to configure Squid proxy with https filtering
      • sahan

      2
      1
      Votes
      2
      Posts
      27
      Views

      Gertjan

      Hi,

      Caching https pages is close to impossible these days.
      People want secure connections, the ones that can not be intercepted by no body.
      Don't you ?
      "No body" includes you.

      Before you start thinking about proxying https pages, go have a Youtube tour, and see what https really is. Also look up what HSTS is, while you're at it.

      Btw : http pages, very popular in the past, can be cached easily.
      When all your network clients trust your proxy, then some https can be cached, but sites using HSTS will still be a no-go. And of course, HSTS was unknown some years ago, pretty standard these days.

      No joke : if you manage to make it work, you be the most richest man that ever lived (or the first on the "Most wanted" list ...).

    • S

      Squid HTTPS Transparent proxy with Splice All + SquidGuard Blacklist (No client certificate): Same as DNS block?
      • sultanofswing

      1
      0
      Votes
      1
      Posts
      26
      Views

      No one has replied

    • M

      Adding Certificate Authority for SquidGuard MITM
      • mare

      2
      0
      Votes
      2
      Posts
      9
      Views

      DaddyGo

      @mare said in Adding Certificate Authority for SquidGuard MITM:

      I get the error message that the certificate is self-signed.

      That might help, because Chrome is always smart ...hmmmm.... from version 58, the self-signed certificate must have the right domain name in the SAN...

      https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate

    • W

      Squid Guard Target Categories
      • whitson67

      2
      0
      Votes
      2
      Posts
      19
      Views

      A

      Hi, I'm not expert about Pfsense, but the Target Categories are filled by you. Or, are you talking about the black lists? In that case, you can decompress and open with a notepad every list.

    • E

      Two certificate in the reverse proxy squid
      • engreinaldo

      1
      0
      Votes
      1
      Posts
      10
      Views

      No one has replied

    • A

      Best way to reverse proxy ssl traffic (as distinct from https traffic)
      • Andrew453

      3
      0
      Votes
      3
      Posts
      22
      Views

      johnpoz

      Yeah haproxy would be better choice for sure. And with 2.5 and the update to openssl 1.1.1 you should be able to update to tls 1.3 even.

    • N

      HAproxy local log size
      • nandoiin

      2
      0
      Votes
      2
      Posts
      18
      Views

      P

      @nandoiin
      The log log-unixsocket and logfiles are managed by the syslog service. As such how big the logfiles are made is controlled in the generic pfSense logging settings. Though if your really interested in the logs for longer periods you should probably log them to a remote syslog server.

    • A

      2 Nginx Virtual Servers on one physical server behind HAPROXY
      • ahmza

      1
      0
      Votes
      1
      Posts
      5
      Views

      No one has replied

    • V

      Haproxy works outside the network but not on LAN/LAGG
      • VioletDragon

      7
      0
      Votes
      7
      Posts
      42
      Views

      V

      Update,

      Fixed the problem had to do some tweaking on the NextCloud Server also on the other Servers.

      Tweak on Nextcloud Server
      'overwriteprotocol' => 'https',

      also had to change upload File Size.

    • J

      Squid Guard are installed, but no showing in Services
      • jafoma63

      1
      0
      Votes
      1
      Posts
      7
      Views

      No one has replied

    • V

      Is possible give additional rights for access users to site?
      • viberua

      1
      0
      Votes
      1
      Posts
      5
      Views

      No one has replied

    • beria-pl

      HAProxy multiple sites on one fronted www and non-www redirection
      • beria-pl

      1
      0
      Votes
      1
      Posts
      15
      Views

      No one has replied

    • B

      HAproxy with Vmware Remote Console (VMRC) forwarding multiple ports
      • blarg3891

      1
      0
      Votes
      1
      Posts
      80
      Views

      No one has replied

    • N

      Cannot operate with transparent option
      • nikpony

      10
      0
      Votes
      10
      Posts
      58
      Views

      DaddyGo

      @nikpony said in Cannot operate with transparent option:

      DNS Forwarding or Resolve?

      I definitely recommend the Unbound resolver

    • P

      Help with edit squid.conf
      • pepeguapo

      1
      0
      Votes
      1
      Posts
      14
      Views

      No one has replied

    • A

      Squid's new SslBump Peek and Splice for https caching?
      • aGeekhere

      7
      0
      Votes
      7
      Posts
      167
      Views

      Gertjan

      @aGeekhere said in Squid's new SslBump Peek and Splice for https caching?:

      maybe QoS3

      If the server, some proxy device and the client (browser) all install the needed modules ....
      It would become one hack of a standard before such a thing gets implemented.
      Typically, this will be needing 3 admins implementing software on their side,as end users often don't know what a 'proxy' is.

      @High_Voltage said in Squid's new SslBump Peek and Splice for https caching?:

      to scan with clamav the data in the ssl transmission, NOT just to cache it.

      That would be my main reason to centralize (== cache ?) downstream data. As far as I know, only 'mails' are handled like this these days. That is, if you run your own mail server (like running some proxy). This takes down a huge security issue already.

      Btw : You're happy, you control all your devices.
      Those you don't : they go into the non trusted network. When these need access to local trusted resources like NAS : it will be a case by case consideration.

    • High_Voltage

      squid blocking things I want to access (access denied for inter-LAN devices)
      squid access-denied • • High_Voltage

      7
      0
      Votes
      7
      Posts
      37
      Views

      High_Voltage

      @aGeekhere said in squid blocking things I want to access (access denied for inter-LAN devices):

      you can get the refresh patten here https://github.com/mmd123/squid-cache-dynamic_refresh-list/pulls

      I know, I'm the one that made that repo xD

      No, the problem is I forgot it needs to be run in custom MITM mode to actually work with caching things properly, and by the time I realized that last night it was like 2am, so I went to sleep, I'll be back to work on it later today @aGeekhere

    • johnpoz

      HAproxy prevent sending back correct CN, when not sent.
      • johnpoz

      1
      0
      Votes
      1
      Posts
      23
      Views

      No one has replied

    • S

      Haproxy + letsenrypt. hostname directs to another port
      • sintei

      1
      0
      Votes
      1
      Posts
      7
      Views

      No one has replied

    • G

      HAProxy Certificate Question
      • guardian

      1
      0
      Votes
      1
      Posts
      7
      Views

      No one has replied

    • W

      HAproxy multi-wan
      • wesleylc1

      1
      0
      Votes
      1
      Posts
      10
      Views

      No one has replied

    • noplan

      hAproxy hands over client IP to apache2 logs [SOLVED]
      • noplan

      16
      0
      Votes
      16
      Posts
      97
      Views

      noplan

      @Derelict

      i think not tested yet but on the toDo list
      that the problem was that apache log format was not changed.

      so that either the gui option nor the advanced option
      was processed by apache
      so next step is to check if its workin without advanced setting.
      keep you posted NP

    • V

      Squid - upload logs how to view them?
      • vijay7

      5
      0
      Votes
      5
      Posts
      20
      Views

      V

      Anyone out there, tried to get the upload logs with actual file size?

      using any method?, please let me know

    • D

      transparent proxy vs non-transparent
      • dealornodeal

      2
      0
      Votes
      2
      Posts
      30
      Views

      A

      Some services or programs has connection issues when using a transparent proxy.
      So to solve this you use:
      WPAD to auto setup manual proxy
      Transparent proxy to catch the rest
      https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3/189

    • P

      Squid transparant mode SSL Man In the Middle Filtering windows update
      • pietsnot56

      2
      0
      Votes
      2
      Posts
      29
      Views

      A

      https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

    • R

      Ombi + Haproxy stuck on loading
      • rekd0514

      20
      0
      Votes
      20
      Posts
      158
      Views

      R

      Not sure if I did anything, but this randomly started working for me again. Only thing I can think of that changed is Transparent ClientIP is turned off now.

    • K

      HAProxy not working for root domain, but for subdomains only
      haproxy • • Kenneth_H

      2
      0
      Votes
      2
      Posts
      35
      Views

      P

      @Kenneth_H
      The "aclcrt_SharedOffload" seems to require a subdomain specified..
      Have you checked both boxes for the automatic SNI / and SNI-Alternative-name checks.? Or perhaps just remove both those check-boxes that l probably work..

    • C

      HaProxy SSL offloading with multiple certificates
      • cjbujold

      4
      0
      Votes
      4
      Posts
      140
      Views

      dragoangel

      @xuti on web, even on this forum and on YouTube is plenty of how to about this. Sorry but I can't help you to learn this, no have time.

    • U

      HAproxy multiple FQDN's?
      • unf0rg0tt3n

      17
      0
      Votes
      17
      Posts
      37
      Views

      U

      @johnpoz okay... I feel so stupid!

      I created a new frontend, selected shared frontend and it works now.
      Thanks for your help!

    • M

      Squid transparent mode for single source IP (all others bypass)
      • malina79

      1
      0
      Votes
      1
      Posts
      7
      Views

      No one has replied

    Products

    • Platform Overview
    • TNSR
    • pfSense
    • Appliances

    Services

    • Training
    • Professional Services

    Support

    • Subscription Plans
    • Contact Support
    • Product Lifecycle
    • Documentation

    News

    • Media Coverage
    • Press
    • Events

    Resources

    • Blog
    • FAQ
    • Find a Partner
    • Resource Library
    • Security Information

    Company

    • About Us
    • Careers
    • Partners
    • Contact Us
    • Legal
    Our Mission

    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

    Subscribe to our Newsletter

    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

    © 2020 Rubicon Communications, LLC | Privacy Policy