The 'Use "forwardfor" option' in the frontend might help?

Otherwise use a 'action' to perform a "http-request header set" with name: X-Forwarded-Proto and fmt: https

Depends a little bit what kind of file you would like to use.. It is possible to use "Source IP matches IP or Alias" as a acl.. for which you then can create a alias in pfSense with IP's and subnets to match against.. But if you want to specify a domain>certificate or domain>backend 'list' or some other option that needs loading from file (besides a few things like lua and errorfiles..). Then the webgui is the thing that doesn't really 'support' it..

Haproxy binary itself is should have most if no all features described in the manual..

Also noticed opening HTTPS 443 still allows HTTP on 80

Hey!

Thanks for the help man!
For some reason when I switched the firewall to another network it started working, but thanks for the help!

Over a year later, I, too, am getting the same error but haven't found a solution yet.
Antivirus is disabled so I don't know what else to try.

I remember when I built my first pfsense.  I just started adding every feature that looked cool and later realized that most of it I didn't need at home.  Squid and clam av were among those that I found not very useful for my home scenarios.  My clients were either windows which had far superior AV or linux systems which need no AV.  So, I don't use those now.

There are scenarios where it is useful though.  For me, I used it to control what my kids could see on the net.

Later when they reached their teen years I turned it off…

http://www.eicar.org/85-0-Download.html

looks like this is gonna be a manual process by editing the squidguard.conf manually but still won't work because we cannot edit the squidGuard.conf because it is generated automatically with SquidGuard configurator.

I think the best way to force YouTube and google into safe mode is to use DNS overrides.  This is what I have on my network.  The rewrites rarely work anymore as everything is HTTPS.

See my post here:

https://forum.pfsense.org/index.php?topic=133689.msg738677#msg738677

hi all,

thanks for the solutions!

Tks for reply.

I did, but dont fix.

http proxy dont fail. only https..

if i disable ssl splice all interceptation i have no problems..

Would it be possible for someone to move this into the Packages > Cache/Proxy section of the forums - I should have looked around more before I posted it here. Sorry.

Yes, squidguard requires squid.  If you only want blocking, perhaps pfBlockerNG is a better fit.

Nevermind, answered my own question.

I set redirect mode to ext url move (enter URL)

And in the Redirect info field, I entered:

https://<fqdn of="" my="" firewall="">/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u

Works perfectly! Hopefully that's useful to someone else too.</fqdn>

Ended up not using port 80 and substituted that for a redirect rule. Not sure why adding that in breaks it