Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

@JonathanLee said in UNOFFICIAL GUIDE: Have Package Logs Record to a secondary SSD drive Snort Syslog Squid and or Squid cache system: ln -s -F /nvme/LOGS_Optane/snort /var/log/snort Also you can do this with suricata. /var/log/suricata remove this mkdir /nvme/LOGS_Optane/suricata ln -s -F /nvme/LOGS_Optane/suricata /var/log/suricata

This is a better WPAD file server.modules = ( "mod_access", "mod_staticfile", "mod_expire", "mod_setenv" ) server.document-root = "/var/www/html" server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 server.bind = "192.168.1.6" server.tag = "" server.range-requests = "disable" server.max-connections = 10 connect-timeout = 2 server.max-keep-alive-idle = 2 server.max-keep-alive-requests = 1 server.max-read-idle = 2 server.max-write-idle = 2 dir-listing = "disable" $HTTP["request-method"] =~ "^(TRACE|TRACK)$" { url.access-deny = ( "" ) } # Cache WPAD and proxy PAC files for 1 day (good practice) expire.url = ( "/wpad.dat" => "access plus 1 day", "/proxy.pac" => "access plus 1 day" ) # Disable access logs to reduce SD card wear (optional) accesslog = "" $HTTP["url"] =~ "^/(wpad\.dat|proxy\.pac)$" { setenv.add-response-header = ( "X-Content-Type-Options" => "nosniff", "X-Frame-Options" => "DENY", "Content-Security-Policy" => "default-src 'none';", "Cache-Control" => "public, max-age=86400", "Referrer-Policy" => "no-referrer", "X-Download-Options" => "noopen", "X-Permitted-Cross-Domain-Policies" => "none" ) # Allow only GET and HEAD methods $HTTP["request-method"] !~ "^(GET|HEAD)$" { url.access-deny = ( "" ) } # Restrict access by IP subnets $HTTP["remoteip"] == "192.168.1.0/27" { } else $HTTP["remoteip"] == "2001:470:8052:a::/64" { } else { url.access-deny = ( "" ) } } # Deny all other URL requests $HTTP["url"] !~ "^/(wpad\.dat|proxy\.pac)$" { url.access-deny = ( "" ) } # Strict URL parsing for security and consistency server.http-parseopts = ( "header-strict" => "enable", "host-strict" => "enable", "host-normalize" => "enable", "url-normalize-unreserved"=> "enable", "url-normalize-required" => "enable", "url-ctrls-reject" => "enable", "url-path-2f-decode" => "disable", "url-path-2f-reject" => "enable", "url-path-dotseg-remove" => "disable", "url-path-dotseg-reject" => "enable", ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) # Add WPAD MIME type for correct browser handling mimetype.assign = ( ".dat" => "application/x-ns-proxy-autoconfig", ".pac" => "application/x-ns-proxy-autoconfig" )

@brcuewayne DiagnosticsCommand Prompt Shell Output - ls -l /usr/local/sbin/dhcpleases6 ls: /usr/local/sbin/dhcpleases6: No such file or directory Execute Shell Command

@viragomann Damn i completely forgot that i could use the current LAN CARP i have..!! Yeah that works for me !! Thank you very much !!!

@pradeep-sl Check if the backend is shown up as online on the FS stats page.

@aGeekhere said in Unofficial Squid Custom Refresh Patterns: https://github.com/mmd123/squid-cache-dynamic_refresh-list I added them thanks.

@viragomann "Host Matches" in my Case works only when also setting to "use defaults"

I was able to solve the issue by shifting the redirect rules for phpmyadmin to the frontend instead of trying to path it out on the backend. This resolved the issue for me. Front End [image: 1749176745146-e80ffba8-07fd-4520-8b54-abf5e3bdff8e-image.png] [image: 1749177376791-dd4aa560-b111-4f7a-8489-ef46975a5039-image.png] Since the pathing now happens in the front end, I was able to clean up the backend and it's just a simple passthrough in the case of phpmyadmin. Hopefully, this helps someone else out too. There's probably a more elegant way to solve this, but it did the trick for me.

@jonny190 said in ACL with multi Action: in to one rule, i can get the first line in just not the seccond So add a second one. The original config has also two rule for what you want. BTW: the original rule looks a bit different than yours. It seems, to also replace the last octet of the IP.

@anemacuore 2.8.0 is work (update)

@aniodon Apologies for the necro posting. How would you apply such a patch ? https://github.com/pfsense/FreeBSD-ports/commit/476a7d0e3dca704b236839970f1d215912184f73 I've created a system patch via pfsense GUI with the commit mentioned in this thread, however, it does not apply to my squid config, It seems that it is not recognizing the file to update (?) Here's what I'm getting in the debug log (not having changed default patch settings): /usr/bin/patch --directory='/' -t --strip '2' -i '/var/patches/682f24bdbc39f.patch' --check --forward --ignore-whitespace Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |From 476a7d0e3dca704b236839970f1d215912184f73 Mon Sep 17 00:00:00 2001 |From: Marcos Mendoza <mmendoza@netgate.com> |Date: Tue, 26 Nov 2024 18:36:53 -0600 |Subject: [PATCH] www/pfSense-pkg-squid: remove duplicate option | |--- | www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc | 1 - | 1 file changed, 1 deletion(-) | |diff --git a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc |index 719cda2fb3cf..129b8b05335c 100644 |--- a/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc |+++ b/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc -------------------------- No file to patch. Skipping... Hunk #1 ignored at 1236. 1 out of 1 hunks ignored while patching pfSense-pkg-squid/files/usr/local/pkg/squid.inc done