hi @KOM
unfortunately i did not find any solution.

I think you answered your own question. It doesn't block until you clear their local cache... so maybe it's been working all along and blocking as it should, but the blocked content is being pulled from local cache and/or squid? I don't know how squid behaves if you ask for content that is technically blocked for that user, but is sitting in squid's cache. Squidguard is a helper program that gets called for each URL that squid needs to fetch. If the required content is still is cache and not stale, it will server from there first.

NFM! thanks.

Bump anyone???

Hi. The attached file contains the procedure to achieve this goal.
Someone in the past has done this. Use at your own risk. Autenticacao Transparente Squid + WMI + Squidguard.zip

What do you put in the Base URL on Ombi, Sonarr, etc. when using HAProxy?

EDIT: I think I found the answer. You don't need it unless you want /ombi for example after your domain name. (yourdomain.com/ombi)

Hi PiBa,

As usual you saved the day. that did the job and its now back to logging on the local file or even in remote syslog

@Soloam
You can simply uninstall the old and then install the new and the config will remain in place. Also if for some reason you want to go back that is the way. Though some 'extra' settings would then be 'lost'. Anyway always good to have a config backup :).

Its also possible since your post has only been 1 day. And is in the wrong section... Your asking about how to filter https with squidguard.. Not Firewall..

Blocking only specific https sites with a firewall that are hosted off CDNs yeah going to be very difficult.. But blocking via proxy is not that difficult, you don't need to do mitm if your using explicit proxy (ie client directed to the proxy). But if doing it via transparent - then yes it becomes more difficult

I have moved your thread to correct area so you might get an answer on how to do it with squidguard... But then again they prob just going tell you to RTFM ;)

For example check out the hangout by jimp - he goes over all the different way to filter https traffic
From the hangout
https://youtu.be/xm_wEezrWf4
hangout.png

Moving to proxy section.

@InterLoper thanks for that, I found a guide online for HAProxy and it mentions that I need to create a ddns (so I created home.domain.com), then it suggests to create cname for each subdomain(so for plex, I have plex (for the name field), cname (for the type), 1H (for TTL), home.domain.com (for data field)).

Will this way work too? or should I follow what you suggested, to create a DDNS entry for each subdomain (plex, nextcloud, sonarr, radarr, sabnzbd, etc)?

Which method do you recommend?

Thanks for your help

Does anyone have a way to resole it?
Please help.

Thanks for the reply i think i had something on the states i rebooted and started working just have on quick question it might not be about this topic it has to do with HA proxy but on the same setup (first had to test out the NAT before proceding to HA) I have VIP 181.xx.xx.236 and my wan is 181.xx.xx238 but cant seem to get HA proxy working on the VIP i got working with the WAN see pictures

Thank you1_1552780800447_Screenshot at 2019-03-16 18-58-04.png 0_1552780800447_Screenshot at 2019-03-16 18-57-35.png

@bmeeks Thank you for your reply. I did the inter-vlan on cisco switch L3 and created static routes on pfsense ... From pfsense LAN i can ping the switch and other hosts. I am using a computer from a vlan and i still can ping google.com and i can access Pfsense webgui and get internet without proxy. That means vlans config is correct right ?

I am having errors with https, and http pages it tells me it's not allowed to access these pages.

Is there a rule to force traffic to pass through Proxy ?

Ps: when i connect my laptop directly to pfsense everything works even proxy .