@jok: I'm trying to publish Outlook Anywhere and RDS gateway through proxy Squid reverse. @myselfo: Anyway, I fine-tuned the lines a little so only RPC is excluded from antivirus while still having it filtering all other Exchange related URLs: acl my_OWA_RPC url_regex -i ^https://my.domain.com/rpc.*$ adaptation_access service_avi_req deny my_OWA_RPC adaptation_access service_avi_resp deny my_OWA_RPC Hi guys, I understand that Outlook Anywhere works great with squid reverse after these changes (I got it working too, using a different solution). But any luck with RDS? Did any of you manage to get Remote Desktop Services (RDweb, RD gateway, RemoteApps, etc.) to work with Squid Reverse Proxy? Last time I tried it wasn't possible at all. The explanation I found it's quite reasonable: since the RDS traffic is not pure HTTP/HTTPS, it's also RDP encapsulated, it can't be easily managed by a proxy that is not aware of this. But maybe things have changed. Any idea on this? Thank you!

@aGeekHere: What I did is use a WPAD as default (all devices are set to auto configure proxy) then i used transparent proxy with mitm splice all to catch everything that cannot use the proxy (blocking port 80 and 443). I have no issues with windows updates with this setup and all my devices can connect to the proxy. Thanks Geek… I  know your conf (WPAD+transparent) works flawlessly (I tested it). Nevertheless it's quite disappointing have to use WPAD if i already use transparent. Moreover bbassotti stated He was able to get it work without WPAD

sure in squidguard if using shallalist blk_BL_anonvpn] deny

If you change pFSense / Services / Squid Proxy Server / GEneral tab Then check the SSL Man In The Middle Filtering area and change the SSL/MITM Mode from Splice WhiteList, Bumb OtherWise to the Splice ALL the problem can be solve with a this shape. OR With a default value of the SSL/MITM Mode with Splice WhiteList, Bumb OtherWise you can goto ACLs atb and add desıred web site url to the WhiteList area ie: online.kktcmaliye.com

@Curious: Argh still can't get this to work. I'm 100% sure traffic is hitting HAProxy it's just not being passed to the backend. Make sure you have firewall rules permitting incoming traffic and also check if haproxy see your webserver as online.

I know this. The point is that squidguard is buggy and have some know issues reporting erros from https sites like http://https:// redirect.

Your front-end is configured in TCP mode, but you asking for HTTP processing (ACLs based on HTTP Hostname). Switch front-end to HTTP mode.

http://wiki.squid-cache.org/SquidFaq/SquidLogs

hi my box stopped the services squid and squidguard i dont errase just …. i do the nest script into ssh commands My problems is gone after this steps: mv /var/squid/cache /var/squid/cache.old squid -z rm -rf /var/squid/cache.old thanks sir ver squid 0 4 37 and squidguard1 16 2 thanks a lot to all you for your effort.... i have running my fw aggan working

I posted a similar problem here: https://forum.pfsense.org/index.php?topic=132939.0 My problem had nothing to do with rules, but everything to do with certificates and Windows browsers detecting the Squid SSL filter!

@doktornotor: Great. Now, did you configure anything on the clients? Because, with the proxy NOT being transparent, I cannot figure out how on earth you imagine the clients to be forced to use it?!?!  (And, BTW, if going through Squid is required, you'll need to block all IPv6.) I know this is already an old post, but can I ask for your assistance, how do we block all IPv6? TIA! ast

I'm also new to pfsense, I believe you can do this via firewall rules and schedules.

The problem I Have is different. Most of the websites work just fine. But some don't. especially Google websites and subdomains. and another strange thing: when I search something in the browser without going to google.com (but using Google as default search engine) it never works with this setup.

That's not what I asked.