@gilbe92 said in problem with update behind proxy: @viragomann I don't use proxy service inside pfsense like squid. The proxy I use is ccproxy.exe un other host Yes, I was talking about this kind of proxy of course.

@kn4thx So I assume, you have a single public IP and multiple domain names, which you want to redirect to different backends. This requires that HAproxy can distinguish the requested domain name. There are two options to do this. Either read out the host header or via SNI. HAproxy supports to modes: http and tcp. The host header is only included in http requests. SNI is only included in TLS/SSL protocol and has to be supported by the client. So if your protocol is not http, SNI is the only one option, hence TLS is required and you have also ensure, that your client support it.

@uplink So as you can see, there are some subfolders in the path. So need to insert "/photo" just at the beginning of the path. You can do this by appending the path variable. Just replace the value with "/photo/%[path]".

@jimp do you have any suggestion for antivirus ?

@jc1976 for your question ... It works exactly like the proxy in a Palo Alto Firewall, same way certificates and all that is all I can say. Nothing out of the ordinary. Standard stuff.

That’s amazing I wish my 2100 had 8GB that’s all it needs for clamav

@digitalmg The problem solved, I was defined an Outgoing NAT Rule for This Firewall(Self) with AON I limited this rule to my specific usage and Squid now switch between outgoing interface like a charm !

@viragomann Thanks. I tried your suggestions, yet all traffic still goes to the was://blah.example.com/... When I enter https://blah.example.com:7000/api/v2/device in a browser the response come from the websocket (was://)

Okay I found the solution. In HAProxy backend for the server that is affected you set: send-proxy In the "Per server pass thru" box under Advanced Settings. Then in your Apache site config you have to include: RemoteIPProxyProtocol On As well as enabling the mod_remoteip module. Hopefully this is helpful to anyone else finding themselves with this type of configuration.

@ronmwhite said in Proxy or Squid Alternatives: Here is the NAT: Interface Protocol Source Address Source Ports Dest. Address Dest. Ports NAT IP NAT Ports Description LAN ANY 192.168.1.246 * WAN address * 192.168.1.1 * Redirect Router for any LAN Address WAN ANY * * 192.168.1.246 * 192.168.1.1 * Redirect Router for any WAN Address You might want to set the destination to any instead WAN address. I don't think that the AP uses your WAN address as destination. The rule on WAN might be superfluous. Traffic from the AP on the LAN will not enter pfSense on the WAN. Here is an example of the states I see now: LAN tcp 192.168.1.246:36352 -> 54.185.135.21:443 ESTABLISHED:ESTABLISHED 1.819K / 1.82K 93 KiB / 99 KiB WAN tcp 174.17.63.23:56928 (192.168.1.246:36352) -> 54.185.135.21:443 ESTABLISHED:ESTABLISHED 1.819K / 1.82K 93 KiB / 99 KiB Not sure, it the AP is happy with the redirection. It obviously connects to an SSL port, so it might expect to get an SSL certificate from the server. But try it out.

Let’s say you have a machine with memory restrictions, what DB would users use to still utilize some signatures ?? A smaller memory hungry database

@luisenrique check this out... It's updated here... https://forum.netgate.com/topic/184109/squid-6-5-nov-6th/

@philipp86720 Nobody?

[image: 1703305270723-screenshot-2023-12-22-at-8.20.54-pm-resized.png] This seems to work but the logs do not say ACCESSDENIED

it's a long time that there is this problem, the only solution i found was to remove the backend and reconfigure it, also changing destination port does not work

Problem solved. The files wasn't backed up so I hade to fetch them again. guide here https://dkict.com/pfsense-haproxy-authelia/