I followed your instructions but it still didn't work. Can anyone tell me what to do?

@periko This was my favorite how to website https://forum.it-monkey.net/index.php?topic=23.0

http://www.squid-cache.org/Doc/config/host_verify_strict/ This could be the solution to fixing this... host_verify_strict on host_verify_strict off

@Berick That's not really much. Maybe you can find more details, when running the browser debugging mode. I got a similar problem solved by adding this response header: http-response header set > name: content-security-policy, fmt: upgrade-insecure-requests You can try, but not sure if this helps.

@CaliPilot Hi Chris, I seem to be having issue even after configuring the firewall alias. I have created a post and would very much appreciate some input from you. https://forum.netgate.com/topic/182891/squid-proxy-bypass-proxy-for-these-destination-ips-not-working-transparent-http-proxy-mode-https-ssl-interception Thank you.

@mcury I'll give it a try and let you know, thanks

@jaredp select all sections from "Remote Certs Checks" and "Certificate Adapt" and tested. Now, what problems u have? a specific domain...? tell us...

@maturola said in HAProxy: Use UNLESS condition instead of default IF: Well, Honestly I'm not sure where the "Green/Red" would be but the back end status looks the same as all other services that are working. (screenshot of onlyoffice and "password" which is bitwarden You"ve disabled health check. So there is no information on the backend status.

@ntranx I test whitelist in squid, squidguard and squidclamav.conf but the problem is the same

@juananpc said in HAProxy doesn't resolve on LAN interface: instead of selecting "any" (IPv4) in the frontend, What exactly are you trying to proxy? Why would you pick the lan address?? I have to things I run through ha proxy. One frontent directly listens on my wan IP. Other listens on my loopback since I share this port with openvpn 443, and when its not openvpn traffic, openvpn using share port option sends this to the loopback on a port 9443 and haproxy sends that on to the backend. If I want to access either of these from my lan, I access my wan IP on the ports being used 443 or 44301 and the proxy sends me to the backend.

@stefan-bendler If you go to the settings page in HAproxy you can find a button at the bottom to display the whole configuration and would also give information about your backend settings. From the given information it's not clear to me, what you intend to achieve and what's not working. I'm wondering, if you're using a public IP inside your network. If this is your public external IP you may want to hide it. From your screenshots, I assume the http is working as expected, but for the https obviously gives you the pfSense web GUI. Is the web configurator listening on the same port as the HAproxy frontend? If so you can change it in System > Advanced > Administration.

@planetinse issue went away after upgrading to TEC (23.05) version (probably the reboot was the fix)

If you want the old blacklist from shalla use the wayback machine and download the last shalla file and place it on the firewall and tell the system to use the path to it. Or use http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz Also you can manually enter items here is a nice DoH list to block combineddohlist.txt