@cloudfw said in Squid as transparent HTTP/HTTPS whitelist only proxy: @marcelloc But why is it working with HTTP then? same thing DNS lookup, then direct http to IP traffic. Have you had this HTTPS setup working? Because http traffic is not encrypted, squid can see the packet content. With ssl in splice all mode, squid does not intercept the connection, it just tries to check the server certificate. before establishing a tunnel between the client and the server.

i'll give it a try.. thanks

@valnurat said in How do I know if it is working?: Okay, but what metadata is cached? I'm not using Squid, but I tend to say : all classic http (non-https) web access. Forget about SSL caching (check Google, he will tell you why). Squid main goal isn't being a "cache", it's more a proxy thing.

That is not an official package for pfSense. If you want to ask about that, I suggest you start a new thread and put the name of the package in the title. Otherwise the chances are slim that anyone that touches that package will see this thread.

@billiam said in Socks5 Proxy: Thanks for the pointers, with a few tweaks I've got it running as needed. Some were just because the commands shown in your config displayed warnings as deprecated when run. I also added a user to the system for the service to run as "socks" instead of root You're welcome. I found that config somewhere when looking for examples, don't remember where I found it but might have been an old one. Didn't see any warnings though, although once it worked I didn't check the logs. Finally I've added the line: <shellcmd>/usr/local/etc/rc.d/sockd onerestart</shellcmd> to the pfSense config.xml just before the </system> line which auto starts the service when the box is rebooted. Thanks for the tip!

watchdog script e2g_watchdog.sh is not in the cron anymore but still runs whenever i click any tab other than the daemon tab.

well not sure if he did the part on the windows server to go to regedit and delete the WPAD string on the DNS parameters without doing that it wont work if your running your DNS and DHCP on windows Server

Sorry did not know

Why not use subdomains? app1.mydomain app2.mydomain and use haproxy to send those to the correct webserver? Sounds like a way simpler approach? As for rewriting the 'body' of a request or response, thats something that haproxy does not support (yet). Though with lua scripting there are some options to try and implement such a thing yourself, probably wont be easy though..