The issues I've had only relate to multiple WAN IPs.  Everything has worked without major issue on the reverse proxy.  If you are still having issues, please post your config and I'll see if anything jumps out as troublesome.

Just realized that the Service was not started. When I try to start it I got the following May 15 10:12:07 squid ERROR: Invalid ACL: acl password proxy_auth REQUIRED May 15 10:12:07 Squid_Alarm 56347 Attempting restart... May 15 10:12:07 Squid_Alarm 55879 Squid has exited. Reconfiguring filter. May 15 10:12:04 xinetd 21386 Reconfigured: new=0 old=1 dropped=0 (services) May 15 10:12:04 xinetd 21386 readjusting service 6969-udp May 15 10:12:04 xinetd 21386 Swapping defaults May 15 10:12:04 xinetd 21386 Starting reconfiguration May 15 10:12:03 check_reload_status Reloading filter May 15 10:12:02 php-fpm 55695 /pkg_edit.php: [squid] Starting a proxy monitor script May 15 10:11:52 php-fpm 55695 /pkg_edit.php: The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2016/05/15 10:11:52| Can't use proxy auth because no authentication schemes are fully configured. FATAL: ERROR: Invalid ACL: acl password proxy_auth REQUIRED Squid Cache (Version 3.5.16): Terminated abnormally. CPU Usage: 0.019 seconds = 0.013 user + 0.006 sys Maximum Resident Size: 48096 KB Page faults with physical i/o: 0' May 15 10:11:52 squid ERROR: Invalid ACL: acl password proxy_auth REQUIRED May 15 10:11:51 php-fpm 55695 /pkg_edit.php: [squid] Starting service... Edit: Seems to be a bug ? I did fix this by setting the Authentication to Local and then back to none One last question, is the default Gateway the only way to configure which Gateway the proxy uses ? No Gateway Groups or so ?

More clearance: it was the 'play´  button on the website (hardcore-radio.png) that was blocked by clamav and showed as blocked by squidguard!?

Hi Michael, Yes those are listening on my 'webserver' / testbox.. When writing the guide i was using only 2 machines (1 pfSense & 1 webserver), where i indeed had the webserver listening on multiple ports with a different index.html served on each one just to check if the haproxy side of things was working properly. When using different webservers you could use port 80 or 443 on all of them and make the difference by their ip's. Or you could actually host multiple webapplications on different ports from 1 machine, while serving all of them on the 'outside' on the standard 80 / 443 ports. But a webserver could likely also accomplish that with configuring some virtualhosts.. Anyway i hope this helps understand the screenshots a little better.. Sorry for the confusion. Latest 'doc' is currently available here (im still using those non standard ports there though ;) ): https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki Regards, PiBa-NL

My cache file system is null and any memory cache should have been flushed when I rebooted right? This is a nanobsd-installation (running from a CF card). I did however command a "flush" just to make sure.

I agree totally with you… But the issue only happens when the squid is enable... Probably it is misconfigurating... How can I start tracing the problem? [image: Screenshot_20160513-053306.png] [image: Screenshot_20160513-053306.png_thumb] [image: Screenshot_20160513-053630.png] [image: Screenshot_20160513-053630.png_thumb] [image: Screenshot_20160513-053333.png] [image: Screenshot_20160513-053333.png_thumb]

Ah, well neither of them start/run until you enable them, so if you get them set how you want and then turn them on, you're fine.

Do you have the "Use SafeSearch Engine" box check under Common ACL of Squidguard that has not worked for quite a while, before 2.3 I used DNS Resolver and created a Host Overrides Host      Domain        IP www     google.com 216.239.38.120 However this stoped working in 2.3

Hi i  have same problem? Do you have solution? tks!

It is not possible to rewrite the Cookie header in Squid guard. You need to have the content scanning/modification engine. Typically ICAP protocol is used for this purpose like in http://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html

As I understand it, yes. But again I am no expert. This is actually the next thing I am delving into myself…

@PiBa: On pfSense 2.2 it is NOT fixed, the pullrequest is still pending.. https://github.com/pfsense/pfsense-packages/pull/1236 On pfSense 2.3 it is fixed: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-haproxy-devel/files/usr/local/pkg/haproxy/haproxy.inc#L62 Perfect, I'm on 2.3 :) Thanks a bunch.

Thanks Guys for the help working fine now after update no errors. :) :)

Merged, thanks!

Hello Jimp, Sorry for the late reply. Actually I upgraded and its not a NanoBSD. I didn't set the RAM disk option. Any how I upgraded another 64 bit server and had the same issue. I add proxy authentication and it started to work. Now users have to enter proxy authentication in heire web browsers.  Is there a solution.