@viragomann Thanks. I tried your suggestions, yet all traffic still goes to the was://blah.example.com/... When I enter https://blah.example.com:7000/api/v2/device in a browser the response come from the websocket (was://)

Okay I found the solution. In HAProxy backend for the server that is affected you set: send-proxy In the "Per server pass thru" box under Advanced Settings. Then in your Apache site config you have to include: RemoteIPProxyProtocol On As well as enabling the mod_remoteip module. Hopefully this is helpful to anyone else finding themselves with this type of configuration.

@ronmwhite said in Proxy or Squid Alternatives: Here is the NAT: Interface Protocol Source Address Source Ports Dest. Address Dest. Ports NAT IP NAT Ports Description LAN ANY 192.168.1.246 * WAN address * 192.168.1.1 * Redirect Router for any LAN Address WAN ANY * * 192.168.1.246 * 192.168.1.1 * Redirect Router for any WAN Address You might want to set the destination to any instead WAN address. I don't think that the AP uses your WAN address as destination. The rule on WAN might be superfluous. Traffic from the AP on the LAN will not enter pfSense on the WAN. Here is an example of the states I see now: LAN tcp 192.168.1.246:36352 -> 54.185.135.21:443 ESTABLISHED:ESTABLISHED 1.819K / 1.82K 93 KiB / 99 KiB WAN tcp 174.17.63.23:56928 (192.168.1.246:36352) -> 54.185.135.21:443 ESTABLISHED:ESTABLISHED 1.819K / 1.82K 93 KiB / 99 KiB Not sure, it the AP is happy with the redirection. It obviously connects to an SSL port, so it might expect to get an SSL certificate from the server. But try it out.

Let’s say you have a machine with memory restrictions, what DB would users use to still utilize some signatures ?? A smaller memory hungry database

@luisenrique check this out... It's updated here... https://forum.netgate.com/topic/184109/squid-6-5-nov-6th/

@philipp86720 Nobody?

[image: 1703305270723-screenshot-2023-12-22-at-8.20.54-pm-resized.png] This seems to work but the logs do not say ACCESSDENIED

it's a long time that there is this problem, the only solution i found was to remove the backend and reconfigure it, also changing destination port does not work

Problem solved. The files wasn't backed up so I hade to fetch them again. guide here https://dkict.com/pfsense-haproxy-authelia/

@mcury I also had to disable some ethernet rules that all the sudden showed a lot of activity [image: 1702745498391-screenshot-2023-12-16-at-8.38.44-am-resized.png]

Iam willing to pay someone for helping out with this....

@VioletDragon I hope it´s bigger and you can read it pfsense_2

@keeely miss 200 is ok. It means that that has not been cached yet and now is. It's a miss. It's working as expected. I love Squid I have used it for years. Not many users attempt to configure it as it's a bit more advanced. Great Job. Not everything will show hit. Try a news website a couple times eventually it will show some hits for images scripts etc. Because I like this package so much I will no longer update PfSense because they state squid will be removed soon. You have to also make access control lists for port 3128.

@planetinse Funny thing is even when they are "gone" - the ACL's using these - briefly show up when loading the frontend, so this must be a bug one way or the other.