@doktornotor, thank you so much, looks like issue resolved after changing to immediate mode.

You can use wpad or https ssl for the solution https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid https://forum.pfsense.org/index.php?topic=123874.0

@doktornotor: Try with 2.3.3 snapshots perhaps.. thank you for the recommendation. Unfortunately, i am still pulling my hair out on this. It seems like another issue is at work here, since i am experiencing delays, to a lesser degree, on a clear connect as well (no bumping). With no HTTPS, the browser shows "Waiting for proxy tunnel". This only seems to happen on my test pfsense (which is chained to my main PFSENSE/firewall). I will look at testing this in another way and report back if a solution is found

And how should I use it?  (within pfsense)

Yeah, so use LDAP -> problem solved. If you invent your own authentication methods non-existent in the pfSense package, you'll need to pick up the pieces yourself.

Ah that explains it indeed, i should probably check and prevent that combination. Or try and 'fix' the ipfw rule by resolving the backserver ips.. Still tricky if it changes though which haproxy itself could do with the dnsresolvers setting.

If you want the logs elsewhere, do it the other way round – like, SCP/SFTP the logs from pfSense to your NAS via cron.

yes what's ur opinion in this issue

In general, yes, you would be a whole lot better off dropping the nanobsd altogether.  And no, I don't think it's a mirror down. Can't write 1440 bytes to /var/db/clamav... suggests the ramdisk is full or whatever other fluke related to nanobsd is happening.

Yeah, obvious hint here would be getting rid of the redundant router behind pfSense that's producing double NAT, requires static routes configured on pfSense and generally is a royal PITA.

Thanks

I seen alot of the same thing and wondered even if my proxy was working.  so in pfsense 2.0 I think I started looking for something to tell me how many hits and misses.. I found something and made it work in pfsense 2.0 and up to the latest version as of today. I am trying to make a package for it. Here is what i did so far for it. https://forum.pfsense.org/index.php?topic=87982.0

As noted above, noone touched LDAP for ages in the pfSense package. If someone screwed things upstream, it needs to be fixed upstream. http://bugs.squid-cache.org/index.cgi Also, there shouldn't be any need to use a GC unless you cannot specify the search domain/OU.

What you can do is host the certificate somewhere within your network, either on the pfsense web server or any other internal web server you have. Then you can edit the captive portal page to have a download button for the certificate, and ask users to install it. However, I don't know how much I recommend using Squid for HTTPS filtering. I'm not having very good luck with it myself, it seems to give all sorts of random problems such as slow browsing, or causing HTTPS websites to not work, certificate errors and all sorts. It seems to really be bodged together, on top of that… It doesn't really have SSL inspection. You're kinda limited to categorical blocking via domains.

@ledj: How do I install latest changes https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-haproxy in pfsense 2.3.2 ? You don't. Use 2.3.3 snapshots. @ledj: And will haproxy (not dev) soon be based on upstream 1.7 stable branch ? Uhm, no? That'd be 1.8 when it's stable. And -dev would become whatever is the development branch upstream at that point.