@bluboy Thank you I used the ACL for a XBOX to splice only so I could still SSL check other devices with certificates

Screen Shot 2022-08-17 at 9.49.10 AM.png

This way I can cache and check for viruses on my laptop and my son can watch xbox and play games.

This workaround works, have to use it before this bugs gets fixed I guess.

https://dannyda.com/2022/08/17/how-to-fix-squidguard-on-pfsense-only-the-first-rewrite-rule-work-bug-workaround/

@blindmotphil Am seeing the same problem on my unit. Did you manage to fix this since you last posted?

@omarvip huh - you wouldn't change your wan IP on the proxy configuration..

Your going to have to provide some context.. Why are you in the proxy/cache section which has zero to do with what an interfaces IP address is..

@wontbeherelong bump. Exact same , love offense and haproxy but would like to auth with google workspace

@michmoor Figured it out, from Reddit of all places.
You can define multiple ACLs within the action field. This isnt documented for the GUI sadly BUT this works as a AND function.

FYI - if anyone else has this issue, the package is not supported by Netgate and there doesn't seem to be any obvious answer as to why this happens. I've given up now and gone with a DNS filtering solution instead of using Squid Guard.

@ads76
Thanks for coming back with the solution.

@lex-under-3182 said in HAproxy SSL offloading complicated setup:

It ignores the first one for multilevel subdomains and automatically applies the second one core.demo99.stage.domain1.icu

Yeah, multiple subdomains at the level of the star, which is the third: *.domain1.icu

So you can use it for any domain, which you can replace the star with any proper string in.
So it may work with stage.domain1.icu, but not with core.devph.stage.domain1.icu. This domain has five levels.

Nobody to help with HAProxy?
Thanks

Someone can help me please ?

I tried the most basic configuration with 1 frontend + offloading and the certificate is not presented.

There are some specifics parameters for the certificate ?

b9fd3338-354a-488b-8799-46e96f8a0f76-image.png

Thanks

@dant-will Rules work based on IP addresses only. That would make it even harder than blocking urls.