Ill try and get it updated once 1.6.6 gets tagged. As for the problem you describe i have not seen that reported before, afaik 1.6.4 works properly regarding forwarding headers send by a client. If your still experiencing that issue, then can you share the haproxy config file? (it can be seen at the bottom of the config tab by clicking a 'show config' link) Can you reproduce the issue with a curl request?

Can you tell us how did you cleared up those old installation's files and possibly how do you find them out too? I resetted to factory default the whole PFSense countless times, it always fail to install once it reach 12/15…. Update:                 FIXED, Jimp made it work  :D  https://forum.pfsense.org/index.php?topic=113092.msg631132#msg631132

It's not just you, on v 2.3.1_1, the Squid package it's broken and doesn't even install. Reported to admin but they are just pretending that it's a user's problem rather than a problem with their software/package….. :( Update:               i just found a whole (locked) thread discussing all the problems of this version, even the admins seems to be having a hard time, i tried this but it didn't work, i even changed the PFSense version i am using from the stable one 2.3.1_1 to the development version 2.3.2 to see if it would make any difference,  but has exactly the same problems. Here is the link if you want to give it a try: https://forum.pfsense.org/index.php?topic=109967.0#msg624257 Update: My problem has been fixed here  https://forum.pfsense.org/index.php?topic=113092.msg631132#msg631132

I've fixed it. The solution was to install abandon pfsense and install ubuntu server 16.04 with the squid3 package. Then configure squid3.conf with some simple values.

I solved it by putting these two urls in the whitelist. How can I debug this to see what being blocked in order to find what causes this issue?

Ahh … still get issue ... i use external radius here meanwhile i disable transparent squid + squidguard since its still broke with cp i hope the dev have solid fix this issue soon

Of course it is. The chance is higher to find a virus, trojan and so on earlier the more security features and tools you are using. Just want to give you an additional argument to decide if it is worth to buy new hardware only for ClamAV or if there are other possibilities to secure your network.

Today I've setup a copy of the problematic instance and I have solved the cause of the issue… The clickable "Target Rules List" field disappears if more than 7 "Target categories" are defined. Looks like one for an bug report... By the way... how do I mark this thread as solved? Lars Created a ticket for this issue: -> https://redmine.pfsense.org/issues/6471

So far the only way I have been able to update is to backup the system. Edit the xml backup and restore… Guess will have to wait for the package to be upgraded.

An out of state packet is one that was part of an established session but that session has since been torn down.  All of those blocks are for a FIN ACK (or FIN PUSH ACK), you will note.  The pfSense side says "I'm going to tear this connection down and close it!"  The other side says "OK", but pfSense has already torn the connection down so it sees the OK reply as an unsolicited new connection attempt and blocks it. https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

Awesome.. thanks Nachtfalke! I wasn't aware of that "System Patches" package. I tried this with my SquidGuard changes today and Squid + SquidGuard were working perfect. Everything seemed great until I did a final reboot test. Something went wrong after that to a point where Unbound and DHCP wouldn't load. I was getting some weird certificate type errors on Unbound. I had to revert back to the other slice to recover. I'll have a bit more of a play though and see if I can get it going. Thanks again!

@gersonofstone: Hi reinstall the proxy reports Hi, I've already re-install. Uninstall and install. But still the same. No log after June 1. :(