Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. pfSense Packages
    3. Cache/Proxy
    Log in to post
    • Newest to Oldest
    • Oldest to Newest
    • Most Posts
    • Most Votes
    • Most Views
    • F

      $10 BTC Bounty: Squid Proxy - Whitelist Per Source IP
      • FoolCoconut

      17
      0
      Votes
      17
      Posts
      486
      Views

      F

      @kom My use case was to restrict internet access to internal servers, allowing only permitted URL/IP combos, distro repos, etc. So no need for WPAD (+ I have no idea how it works)
      And yes good of you to mention it because I forgot, also blocked all internet access in pfsense rules.

    • JonathanLee

      Suggestion Squidguard Issue with URL blocking and invalid IP under target categories.
      • JonathanLee

      1
      0
      Votes
      1
      Posts
      144
      Views

      No one has replied

    • F

      Nginx > pfsense/haproxy > client
      • firewallwiki

      1
      0
      Votes
      1
      Posts
      168
      Views

      No one has replied

    • klaussemmler

      HAProxy 502 bad gateway with Cloudflare Proxy
      • klaussemmler

      34
      0
      Votes
      34
      Posts
      2014
      Views

      F

      @jycai with free cf choose flexible mode.
      Check your pfsense firewall.
      Sometimes problem at frontend and backend. I remove and recreate. It’s work

    • D

      Repeat in custom refresh pattern
      • dmalick

      6
      0
      Votes
      6
      Posts
      257
      Views

      D

      how to bypasss pfBlockerNG from squid.

    • cukal

      HAProxy using url table alias
      pfblockerng haproxy alias • • cukal

      1
      0
      Votes
      1
      Posts
      215
      Views

      No one has replied

    • A

      Improve Custom refresh pattern
      • aGeekhere

      111
      1
      Votes
      111
      Posts
      26450
      Views

      JonathanLee

      @dmalick Hit means its already stored, miss means its stored as of now because it was never stored yet, refresh means dynamic based refresh that is out of date or expired timer. Do a quick search on the specifics, you will never have 100 percent hits.

    • J

      HAProxy With Remote Desktop Gateway
      • Jonesc

      1
      0
      Votes
      1
      Posts
      281
      Views

      No one has replied

    • F

      Squid Proxy - Whitelist Per Source IP
      • FoolCoconut

      1
      0
      Votes
      1
      Posts
      229
      Views

      No one has replied

    • M

      Squid3-dev ICAP Protocol Error on 32-bit
      • MIT

      30
      0
      Votes
      30
      Posts
      49630
      Views

      D

      @mit the path is /usr/local/pkg/squid_antivirus.inc not squid.inc for latest pfsense 2.6 squid 0.4.45_9

    • A

      HAProxy and SSL Passthrough
      • AndroBourne

      7
      0
      Votes
      7
      Posts
      1377
      Views

      S

      @breezytm Thank for the reply. I finally was able to get it working after I found one site that provided some reference configurations. Here is my post on the netgate forum if you are still looking for a solution.

      https://forum.netgate.com/topic/174705/haproxy-ssl-offloading-openvpn-ssh

    • JonathanLee

      Could not parse headers from on disk object
      • JonathanLee

      4
      1
      Votes
      4
      Posts
      338
      Views

      JonathanLee

      @dmalick

      This seems to fix a lot of the issues for me. Stop using squid with the loopback of the firewall only the LAN side.

      I feel it speeds up the firewall traffic also. The loopback must access the squid cache for example, or the dns must access the loopback.

      Again I feel it is a bit less safe to do this.

      headers.PNG

    • S

      Youtube not caching
      • syfullah

      5
      0
      Votes
      5
      Posts
      384
      Views

      S

      @gertjan cheers mate thanks for the the clarification. I will try to get in deep on this will share here if get any outcome. Thanks again.

    • K

      HAProxy backend health check glitch
      • kevin.ruffus

      2
      0
      Votes
      2
      Posts
      269
      Views

      M

      @kevin-ruffus
      hello @kevin-ruffus
      i have same problem (https://forum.netgate.com/topic/174699/not-update-new-config-port-in-server-list-backend-haproxy-pfsense?_=1663094167349)

    • M

      not update new config port in server list backend haproxy pfsense
      • mojtaba-key

      1
      0
      Votes
      1
      Posts
      149
      Views

      No one has replied

    • JonathanLee

      Local Cache Issue and Time Cards
      • JonathanLee

      1
      0
      Votes
      1
      Posts
      191
      Views

      No one has replied

    • Z

      HAProxy intermittent 500 Errors
      • zeek852

      1
      0
      Votes
      1
      Posts
      224
      Views

      No one has replied

    • M

      squid+squidGuard - some apps not working properly
      • MrIT

      3
      0
      Votes
      3
      Posts
      319
      Views

      M

      @ageekhere Unfortunately that did not solve my problem :-(

      I tried both variants, but none seems to solve my problem. I ended up checking the "do not verify remote certificate" option anyway.

      5f5023a0-1620-49c9-95fd-875a35eddb8a-image.png

      But I am still surprised, that Squid receives a request for port 5222.

      Regards
      Marcel

    • B

      When using AnyDesk through a firewall proxy Pfsense the problem appears
      • basem

      9
      0
      Votes
      9
      Posts
      397
      Views

      johnpoz

      @basem already showed that error in your pic.. So since you clearly say auth works in browser, and your sure your putting in the correct username and password.. How is it pfsense issue?

      I would suggest you open a ticket with them.. With this exact info - you can auth via browser, but anydesk isn't working and giving you that error.

    • S

      PfSense blocking payment sites while purchasing
      • sborg

      7
      0
      Votes
      7
      Posts
      355
      Views

      stephenw10

      I'll move this topic to there.

      Check the logs to see what is being blocked and why.

      You probably need to enable the finance categories. Though you might need to whitelist some domains yourself if the list you're using isn't current or simply doesn't include whatever sites you're seeing blocked.

      Steve

    • P

      HAProxy issue with HTTPS Offloading: Some backends give error 503 and some do not.
      • PeterPorker3

      1
      0
      Votes
      1
      Posts
      159
      Views

      No one has replied

    • JonathanLee

      ClamAV questions Code 204 loop back to loop back
      • JonathanLee

      1
      0
      Votes
      1
      Posts
      148
      Views

      No one has replied

    • V

      Clamav without squid
      • Vito 0

      2
      0
      Votes
      2
      Posts
      255
      Views

      O

      I would also be interested if this is possible or not? I think its not possible...

    • A

      Squid Cache Table
      • ahbertan

      1
      0
      Votes
      1
      Posts
      183
      Views

      No one has replied

    • R

      Error Squid to access site
      • rafael.fixit

      1
      0
      Votes
      1
      Posts
      162
      Views

      No one has replied

    • D

      RDP blcoke by squid proxy
      • dhimanvimal

      1
      0
      Votes
      1
      Posts
      164
      Views

      No one has replied

    • JonathanLee

      Any Recommendations this Custom refresh_pattern?
      • JonathanLee

      9
      0
      Votes
      9
      Posts
      701
      Views

      JonathanLee

      @ageekhere

      Done

      Opened

      Screen Shot 2022-08-22 at 4.29.24 PM.png

    • JonathanLee

      Firefox Running On Android and SSL BUMP Root Certificate walk through
      • JonathanLee

      2
      1
      Votes
      2
      Posts
      161
      Views

      JonathanLee

      @jonathanlee

      096e4435-3b0c-4f3e-a6c5-80fbc347097a-image.png
      (IMAGE: After certificate is approved you can use your smartphone and it works again with Firefox as a browser)

    • ghostshell

      After Update to 22.05 Squid is no longer getting traffic
      • ghostshell

      7
      0
      Votes
      7
      Posts
      358
      Views

      JonathanLee

      @ghostshell Amazons Prime changed yesterday for me it was the same for 3 years now it has .am in the domain. I can see them resolve in logs under DNS resolver it will show them pull and resolve every 5 mins.

      resolver.PNG

    • JonathanLee

      Custom Options (SSL/MITM) best settings for local cache {RESOLVED ON END}
      • JonathanLee

      10
      0
      Votes
      10
      Posts
      494
      Views

      JonathanLee

      @ageekhere you would need a list of approved bypass urls. Apple, some android, Windows updates. . . Etc

      If(list.contains) something like that? You as an administrator must have granular control. As well as approve trusted sources. A GUI would work better with just a button that says Apple, Android, Windows, to help create lists for bypass traffic.

    • S

      HAProxy and X.509 certificates no longer working after reboot?
      • sloopbun

      3
      0
      Votes
      3
      Posts
      377
      Views

      S

      Ok, so after checking the CRL with openssl, and finding it was set to new in 1950 I found this thread: https://forum.netgate.com/topic/172870/crl-has-expired

      So I guess that patch would fix this?

      Anyway, I just created a new CRL with only 7000 days and it is working again.

    • JonathanLee

      TCP_REFRESH_UNMODIFIED ACCELERATOR RUNNING?
      • JonathanLee

      2
      0
      Votes
      2
      Posts
      200
      Views

      JonathanLee

      @jonathanlee I have few hits this morning that show HIT but not many

    • JonathanLee

      Hello what would cause this issue?
      • JonathanLee

      1
      0
      Votes
      1
      Posts
      151
      Views

      No one has replied

    • JonathanLee

      ClamAV finding HTTPS Viruses!!! This is finally working!!
      • JonathanLee

      2
      0
      Votes
      2
      Posts
      278
      Views

      JonathanLee

      @jonathanlee Hello again Netgate community,

      Why is items flagged as viruses coming from Google? I also checked some at Virus total and they have been flagged by other users of that site. Keylogger, and other items are marked found in links. It's amazing what the Netgate can find, and its also eye opening that they are coming from the cloud and not a random website.

    • B

      Splice and Bump based on source IPs and destination domains
      • BluBoy

      9
      0
      Votes
      9
      Posts
      3132
      Views

      JonathanLee

      @bluboy Thank you I used the ACL for a XBOX to splice only so I could still SSL check other devices with certificates

      Screen Shot 2022-08-17 at 9.49.10 AM.png

      This way I can cache and check for viruses on my laptop and my son can watch xbox and play games.

    • P

      SquidGuard rewrite rule bug?
      • PFbest

      3
      0
      Votes
      3
      Posts
      836
      Views

      P

      This workaround works, have to use it before this bugs gets fixed I guess.

      https://dannyda.com/2022/08/17/how-to-fix-squidguard-on-pfsense-only-the-first-rewrite-rule-work-bug-workaround/

    • JonathanLee

      Squid Proxy Version 5.6 is rolling on their website questions
      • JonathanLee

      1
      0
      Votes
      1
      Posts
      147
      Views

      No one has replied

    • B

      HAProxy backend acl not saving
      • blindmotphil

      2
      1
      Votes
      2
      Posts
      583
      Views

      M

      @blindmotphil Am seeing the same problem on my unit. Did you manage to fix this since you last posted?

    • JonathanLee

      Squid Config Help Certificate Needed Issued from Squid Proxy
      • JonathanLee

      1
      0
      Votes
      1
      Posts
      126
      Views

      No one has replied

    • PPCM

      HAProxy : Backend with cookie preserve indirect nocache
      haproxy • • PPCM

      1
      0
      Votes
      1
      Posts
      120
      Views

      No one has replied