@viragomann Thanks! I‘ll set it up tomorrow and report

I am suppose to enable sysctl -w kern.sugid_coredump=1

here are the error messages [image: 1717510746994-3c581f13-1c11-493a-9c59-4b1c1e4838e1-image.png]

@jdb67 You might also try to email the Squid users support email to get Squid help they are very helpful sometimes the original code writers chime in and help users. squid-users@lists.squid-cache.org FYI: You will have to register your email and wait for approval before you can send out a email to everyone on this however.

@kabeda contact Squid's user support email address they can help you. I also have the ec decode errors with the latest version however it works for me. squid-users@lists.squid-cache.org

@johnpoz In the screenshot below, access is denied when updating. Or is it like this for everyone?[image: 1716993353332-8.jpg]

@Gamienator-0 Aliases can be used straight forward in ACLs. For instance to use an alias for some IPs, set the ACL expression to "Source IP matches IP or Alias" and enter the alias for the value.

@andyc23 said in HAProxy json-rpc healthcheck - need help with my example: @andyc23 I solved this by having this in the advanced pass through. Hope it helps someone else: option httpchk POST / HTTP/1.1\r\nHost:\ haproxyservices\r\nContent-Type:\ application/json\r\nContent-Length:\ 76\r\n\r\n"{\"jsonrpc\":\"2.0\",\"method\":\"eth_syncing\",\"params\":[],\"id\":1}" http-check expect string false I do get a warning though > [WARNING] 185/013305 (92736) : parsing [/var/etc/haproxy/haproxy.cfg:132]: 'option httpchk' : hiding headers or body at the end of the version string is deprecated. Please, consider to use 'http-check send' directive instead. not sure if important. Sorry for bumping this old thread. I had everything working as above, but now, since i've updated haproxy - i now get this issue: [ALERT] (50668) : config : parsing [/var/etc/haproxy_test/haproxy.cfg:181] : 'option httpchk' : hiding headers or body at the end of the version string is unsupported.Use 'http-check send' directive instead.. i've tried: http-check send meth POST uri / ver HTTP/1.1 hdr Host haproxyservices hdr Content-Type application/json hdr Content-Length 60 body "{"jsonrpc":"2.0","method":"eth_syncing","params":[],"id":1}" http-check expect string false anyone able to help me set the correct backend passthru?

@stephenw10 I am missing my photos :( Can you help with a couple of these posts the photos are vanishing ..

@Antibiotic Ref: http://www.squid-cache.org/Doc/config/memory_pools_limit/ Try to change this to a higher value if your firewall can handle it

@gurpal2000 We are talking about backends. There is a "Default Backend" setting in the frontend. This is used if no rule matches a traffic. Howerver, you can as well add an action for the primary backend and negate the existing ACL.

@nalle_j So you have to investigate, what's going wrong. I assume, that the packets reach the remote backend server, since the health check succeed, as you wrote. To get sure, sniff the traffic at the remote site. First on the server-facing interface. If you can see requests and responses either, sniff on the Wireguard interface, and if there are no responses, sniff on the WAN to see if the packets go out to the default gateway.

Any tips on how to get this working?

@johnpoz, you are correct. I should have added that in my head it seemed like a security issue but it obviously wasn't because of the default rules.