Have the same issue from the first time i'd tried to configure an SSL interseption (about half a year ago). I've made all possible with no result. Therefore was forced to use ipcad for logging and pass users just through firewall rules. The only idea I have is that this might have something connected with ISP. e.g. what if your ISP use SSL interception too? Then, I guess, "double interception" wouldn't work smoothly.

Are you sure it said NTLM there and not NT Domain? NTLM has been gone for so long I can't even find a record in git of when it was removed. NT Domain auth has been gone since 2016, it apparently never worked on 2.3 and later. So you must have been coming from an extremely outdated version.

Damn .. I didn't spot they were milliseconds .. though I was OK on frontend !! Thanks for the help .. dropped to default, and bingo!

@kennymaccormik Add it to the advanced text box..

@emammadov https://forum.netgate.com/topic/24436/custom-squidguard-error-pages-how-to/9 https://forum.netgate.com/topic/69306/custom-squidguard-error-how-to

Hi, It seems that issue was that we use only 1 NIC (as WAN) Since we've installed a second NIC and defined 1 NIC as WAN and the second as LAN, everything works well! Seb

Added a custom ACL and used this https://stackoverflow.com/questions/23342036/haproxy-restrict-single-backend-by-ip-range

I moved the galaxy backend to the ssl offload fronted.

@lorelore75 You can install it while running, though it might cause a interruption regarding the handling of requests, and do check the new version is running after installing. Haproxy-devel replaces haproxy, and uses the same configuration settings so 'upgrade' should be pretty much seamless. Going back to 'haproxy' package should also be possible but sometimes 'upgraded' settings don't take effect in the older version.. So careful a quick comparison of the expected haproxy.cfg is wise to do :), but i guess thats also true when performing upgrades :)

@jimp Thank you very much for your reply! This solved my problem. I suppose I could have worded my previous comment a little differently. I've found lots of others online who are having a similar troubles. As such, I wasn't so much surprised that nobody else was having the same issue, rather, I was surprised that I hadn't yet found an answer similar to what you've provided, above. Thanks again for your help with this!

How to configure

You should now see squid pkg version 0.4.44_7 which includes the recompiled clamav package.

Nope, I have never seen that error message before but it seems to be related to the backend. Can you post a picture of how your backend is configured