I got Siri to work by adding the following to my wpad files: if (shExpMatch(url, "guzzoni.apple.com")) || shExpMatch(url, ".guzzoni-apple.com.akadns.net")) return "DIRECT"; Basically, it's bypassing the proxy but that's all I could find. This is where I found it: https://apple.stackexchange.com/questions/253843/siri-on-macos-behind-a-corporate-proxy#253947 and https://blog.mansshardt.net/siri-ios-macos-hinter-squid-proxy-zum-laufen-bringen/ You will need to use google translate unless you know how to read German.

@piba You were correct, I had to change the SSL checkbox for the wanhttps Now everything is working and I am back to the SSL Labs A+ rating (if that is worth anything)

@ageekhere In this case, do I keep the Proxy settings transparent with Splice All enabled?

[Solved] I found the log rotate check button for SquidGuard in the GUI. Thanks

I think I have cracked this. What you do is to upgrade in the package manager: To: haproxy net 0.59_4 The Reliable, High Performance TCP/HTTP(S) Load Balancer. This package implements the TCP, HTTP and HTTPS balancing features from haproxy. Supports ACLs for smart backend switching. That seems to pull the HAProxy 1.7.11 as an dependency at least it now claims to be running 1.7.11 and the first tests looks reassuring.

I solved the problem myself. All my configuration was correct, there is a bug with the squid addon: you can not start the squid service from the web interface, when you click on "start the service" in the image below nothing happens, the service doesn't start and you don't have any error message: [image: 1533074649359-squid-screenshot-resized.png] I had to connect to the pfsense terminal and run a "ps aux |grep squid" to see that th service was not running (i didn't have any error message in /var/log/squid). A simple "squid start" solves the problem, does someont knows where can i report this bug ?

@maverick_slo using 2.4.4'beta' with php7 i guess? PR with version 0.59_6 that should fix that one is pending..

Same here, re-appearing in 2.4.3-RELEASE-p1 on a Netgate SG-3100. Looks to me too high i/o(???) PFSense installed on 'thrid party' pc hardware works normally. Restarting ClamAV works for some hours and then protocol errors appear again. Updating ClamAV once a day lowered to once a week -> no difference Bypassing will prevent this ICAP protocol error but is not really a solution. Thanks, Imp

@gertjan said in SSL Man In the Middle Filtering blocking any app: The MITM "problem" will probably never get solved. Thank you very much

Hi I had the same problem But I put the list IP of this site in Bypass and the problem was resolved Go to Firewall Aliases>ADD+ Name: trello Type : Network(s) 23.45.96.0/20 104.66.78.18/20 Save And Go to Services > Squid Proxy server in Bypass Proxy for These Destination IPs type : trello Save and restart squid service

@marcelloc said in pfSense keeps blocking google.com, I lost all hope: If you run a tcpdump on your LAN while trying to google something with chrome, you will see it going on UDP port 443 instead of default TCP port. That's the QUIC protocol right? You can block it with a firewall rule blocking udp80/443 https://wiki.squid-cache.org/KnowledgeBase/Block%20QUIC%20protocol or disable it using a Chrome flag: chrome://flags > QUIC protocol > Disable I'm sure there was a good thread about it here on this forum but now for the life of me I can't find it.

I just can not believe this bug even exists, let alone after so many many years after it has been created (8 years).

you must configure the authentication in both now so that it works, you need to create an acl of groups with AD in the squidguard by changing the parameters of the example: ldapusersearch ldap://192.168.0.100/DC=domain,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=domain%2cDC=com))