• HAProxy - exposed admin login

    6
    0 Votes
    6 Posts
    1k Views
    A

    To help anyone else who googles a similar issue - I set this all up and it was failing on HAProxy health check and wouldn't work. Digging around, googling, viewing the log etc, I finally noticed that the logs shows (for the health check after turning logging on for this).

    ….....is DOWN, reason: Layer7 wrong status, code: 405, info: "Not Allowed"

    Googled and then realised that the code 405 is a HTTP code, and HTTP 405 is "Method Not Allowed".

    I changed the health check HTTP check method from OPTIONS to a simple GET.

    This resolved it.

    Thanks again for to doktornotor for such a simple elegant solution.

  • Squid Browser Auth over https

    2
    0 Votes
    2 Posts
    694 Views
    vallumV

    @RootMd5:

    Hi ,

    Right now Squid Authentication is served over HTTP with browser.

    How to force it to HTTPS ,to secure authentication information ?

    Please Guide.

    Hi Everyone please help on this query , Thanks :)

  • 0 Votes
    7 Posts
    1k Views
    SipriusPTS

    Thanks for the help doktornotor, I will what I can do =/

  • HAProxy passthrough not working

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • AD-LDAP Authentication Assistance

    5
    0 Votes
    5 Posts
    2k Views
    M

    Sichent

    Thanks for your assistance. I finally figured it out. Here is what worked in my environment:

    LDAP Version: 3
    LDAP Server
    User DN: <service account="">@ <ad fqdn="">LDAP Password: <service account="" password="">LDAP Base Domain: DC=dsa,DC=<company>,DC=com
    LDAP Username DN Attribute: samAccountName
    LDAP Search Filter: (sAMAccountName=%s)

    I tried to use the User DN as CN=<service account="">,OU=<ou>, DC=dsa,DC=<company>,DC=com but it would not work.

    After getting this working, squid would identify the user so I was able to get Squidguard group ACLs working. The trick for that was to make sure that any OU that had a space in the name was converted with %20.

    ldap://<ad fqdn="">:3268/DC=dsa,DC=<company>,DC=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=<group>2%2cOU=<ou1>%2cOU=North**%20**America%2cOU=<ou3>%2cDC=dsa%2cDC=<company>%2cDC=com))

    Note in the above string the space between North America had to be converted.

    Hope this helps somoeone.</company></ou3></ou1></group></company></ad></company></ou></service></company></service></ad></service>

  • HAProxy Service causes System Log Spam

    2
    0 Votes
    2 Posts
    805 Views
    snitemS

    I got it, the problem was that I created a subdomain in HAProxy that lead to the pfsense WebGUI and HAProxy does a health check every 1000 ms by default. All I had to do was disabling the health checks for the backend.

  • SquidGuard: Common ACL vs. Groups ACL

    1
    0 Votes
    1 Posts
    793 Views
    No one has replied
  • Who's here using squid with multiwan?

    9
    0 Votes
    9 Posts
    3k Views
    S

    To reiterate: the simple solution is to use an additional Squid proxy instance on a seperate machine, and setup that instance as a parent proxy for the pfSense Squid instance. I've implemente it like that because I wanted the Squid on pfSense to act as a transparent proxy. For multi-WAN, just use policy based routing (gateway groups). This leaves DNS as the only potential issue when the default gateway goes down I think, and that can probably be solved by using an additional Unbound instance on a seperate machine. I didn't test that yet, though, because my default gateway is pretty stable.

  • SSL filtering

    5
    0 Votes
    5 Posts
    1k Views
    A

    I have resolved the issue. I set the DHCP Server to use the interface as the DNS Server. I then applied the same server addresses into squid "use alternate DNS servers"

    IP addresses vary depending on your network scope.

    ex: LAN=192.168.1.1 use this as the DNS server applied to DHCP clients. Configure in DHCP Server>Servers>DNS Servers.

    Then enter the same DNS server(s) IP in Squid Proxy Server>General>Use Alternate DNS Servers for the Proxy Server.

    HTTPS filtering should work flawlessly using Splice All. And block only the sites set in Squidguard rules.

  • SquidGuard Proxy Filter - safesearch

    1
    0 Votes
    1 Posts
    373 Views
    No one has replied
  • How to add header request in squid.conf

    2
    0 Votes
    2 Posts
    1k Views
    D

    Hello Ashima,
    Did you find the solution for this case?

    tks,
    Santoro

  • Pfsense + Squid HTTPS Transparent

    5
    0 Votes
    5 Posts
    4k Views
    D

    You CANNOT use ACME cert!!! You need your own cert. authority!!!

  • Squid tmg upstream

    4
    0 Votes
    4 Posts
    708 Views
    KOMK

    Services - Squid Proxy Server - Remote Cache?

  • SQSTAT with SQUID 3.x

    2
    0 Votes
    2 Posts
    718 Views
    L

    Anyone?

  • Howto filter https with squidguard regular expressions

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • HAProxy, IIS and Let's Encrypt

    2
    0 Votes
    2 Posts
    1k Views
    G

    For anybody who would have the same problems. I had the website already running for a while over NAT before it was changed to HAProxy. I let let's encrypt create new Certificates and changed the forwarding (http to https) to HAProxy, not the IIS anymore. Now it's working.

    Clear your cache before you try though!

  • Delay on HAproxy

    1
    0 Votes
    1 Posts
    740 Views
    No one has replied
  • SQUIDGUARD Times- date range bug?

    7
    0 Votes
    7 Posts
    1k Views
    D

    Nice, thanks. ;)

  • Logs Denied by SquidGuard in squid (log)

    3
    0 Votes
    3 Posts
    3k Views
    F

    @Digital_ADHD:

    I have searched, but has this been resolved? I don't know where to put this..

    $sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?"); $str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';

    I wanna know too!

  • 0 Votes
    1 Posts
    397 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.