YEAH!!! The list is officially fixed! A massive thank you to Fabrice Prigent for generously donating his time and expertise to get this sorted for us. We really appreciate your hard work, Fabrice! Both work now

pfsense updated squid to Squid 7.4 for 26.03.1? when does CE 2.8.1 get it?

@JonathanLee Thanks a lot!

@tinfoilmatt like this acl doh_rfc8484 urlpath_regex -i ^/dns-query acl doh_rfc8484 urlpath_regex -i dns= acl doh_rfc8484 urlpath_regex -i ^/resolve urlpath_regex "urlpath_regex: URL-path regular expression pattern matching, leaves out the protocol and hostname"

@tinfoilmatt I cant move past 24.03 because of the mpcie issues right now

what was your solution to this issue ?

@lex.under.3182 some solution to this?

It sounds like Spotify is ignoring your system settings. Try entering your SOCKS5 details directly into the Spotify Desktop App settings (not just the browser/OS), as it often bypasses local proxy rules. Also, check if your Squid is trying to do SSL inspection, Spotify will block that. I've been reading a discussion on Reddit about Spotify proxy and I'm waiting for the author to add instructions that he said were useful to him. https://www.reddit.com/r/truespotify/comments/1s7t6xf/spotify_blocked_at_work_anyone_using_proxy_for/

Holy Friggin HECK, what a nightmare! Guess what? Reboot pfsense.... Not sure why, or what config changes require a reboot, so if anyone has an insight that would be excellent. Found the solution here: Solution

Hello, I was having the same issue, SSL was checked and everything was ok but when doing a pcap, haproxy>backend was still being sent on plain text. I can confirm that after a reboot, this traffic is now encrypted and I don't get the error anymore. Pfsense CE 2.8.1 haproxy 0.63_11

@cjbujold in pfplus 26.03 rc I see [image: 1773335992056-67cbaa2a-b150-4339-bf12-6016d47b17ad-image-resized.png] I suppose next community edition would have it.

[image: 1773104256410-screenshot-2026-03-09-at-17.57.29-resized.png]

@daro If you want to direct domain.tld to 192.168.180.48 and www.domain.tld to .50 that would be setup in haproxy, not any port forwards.